Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ständiger Systemabsturz Win 7 home premium, 32 Bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.06.2012, 20:28   #1
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Hallo!

Leider habe ich seit Tagen mit einem ungebetenen Gast zu tun...offensichtlich. Antispyware findet ne unerlaubte .exe Datei...will man sie löschen, Sysemabsturz! Avira wird gestoppt oder macht man eine Sysscan...Systemabsturz

Hier das benötigte:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.17.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sandra :: SANDRA-NOTEBOOK [Administrator]

17.06.2012 20:13:17
mbam-log-2012-06-17 (20-13-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213382
Laufzeit: 7 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


DANKE!!! Ich habe Angst, dass er aufeinmal gar nimmer angeht

LG, sandra

ich weiss...da seht alles ok, aber das stimmt definitiv nicht

HELO

Alt 19.06.2012, 12:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Zitat:
Antispyware findet ne unerlaubte .exe Datei..
Geht das auch etwas konkreter?!
Was soll eine unerlaubte EXE Datei sein?
Komplettere Dateiname?
__________________

__________________

Alt 26.06.2012, 23:22   #3
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Hallo und Verzeihung,

war im KH.

Hier das vollständige log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sandra :: SANDRA-NOTEBOOK [Administrator]

26.06.2012 21:51:53
mbam-log-2012-06-26 (21-51-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345146
Laufzeit: 1 Stunde(n), 18 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Es passiert immer wieder nun sogar mal öfters hintereinander!

Dank Euch
__________________

Alt 27.06.2012, 13:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Schön, dass du so detailiert auf meine Frage eingegangen bist

Zitat:
Es passiert immer wieder nun sogar mal öfters hintereinander!
Ja bei mir passiert so auch einiges aber was verrat ich nicht. Nun hilf mir bitte!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2012, 22:39   #5
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Hej cosinus,

Tut mir echt leid, aber hab den "Auftrag" bekommen das ganze log zu posten und dachte das mach ich mal schnell bevor nix mehr geht. Als ich erneut versuchte nach dieser Datei zu suchen, stürtzte er immer wieder ab :O

Leider steht da auch nix nützliches bei dem programm. Hab Dir ein Screenshot gemacht. Glaub aber nicht, dass das was bringt, denn da steht auch nur .exe

Miniaturansicht angehängter Grafiken
-antispyware-quarantine.jpg  

Alt 28.06.2012, 14:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Das meintest du mit "unerlaubte .exe Datei"
__________________
--> ständiger Systemabsturz Win 7 home premium, 32 Bit

Alt 28.06.2012, 15:48   #7
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Öhm...ja, da das Porgramm es als Malware titulierte :/

Vermutlich lieg ich sowieso falsch, aber ich weiß nicht warum es andauernd abstürzt.

Alt 29.06.2012, 11:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2012, 09:40   #9
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



HAllo!

Ok, es hat 3(!) Anläufe gebraucht, weil er 2x während dem scannen abgestürzt ist!

Hier das log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ad9878d324a78f4e8ba15028fc133dfd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 10:58:58
# local_time=2012-06-30 12:58:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 15791 77536622 15458 0
# compatibility_mode=5893 16776574 100 94 2256497 92630992 0 0
# compatibility_mode=8192 67108863 100 0 25481 25481 0 0
# scanned=132929
# found=7
# cleaned=0
# scan_time=10940
C:\Users\Sandra\AppData\Local\GamePlayLabs Plugin\gplplugin.xpi Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\t2xu63eu.default\extensions\plugin2@gameplaylabs.com\chrome\content\overlay.js Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I
D:\SANDRA-NOTEBOOK\Backup Set 2011-04-17 200103\Backup Files 2011-04-17 200103\Backup files 1.zip Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I
D:\SANDRA-NOTEBOOK\Backup Set 2011-12-11 190002\Backup Files 2011-12-11 190002\Backup files 1.zip Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I
D:\SANDRA-NOTEBOOK\Backup Set 2011-12-11 190002\Backup Files 2012-03-18 211500\Backup files 1.zip HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
D:\SANDRA-NOTEBOOK\Backup Set 2012-04-08 201038\Backup Files 2012-04-08 201038\Backup files 1.zip Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I
D:\SANDRA-NOTEBOOK\Backup Set 2012-06-17 190005\Backup Files 2012-06-17 190005\Backup files 1.zip Win32/Adware.GamePlayLabs application (unable to clean) 00000000000000000000000000000000 I

Ich hoffe es nüzt was :/

Danke!!!

Alt 01.07.2012, 16:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 12:28   #11
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



hoffe das ist nun so richtig (und nützlich) :

Code:
ATTFilter
OTL logfile created on: 7/2/2012 11:29:11 AM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Sandra\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.36 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 73.01% Memory free
6.73 Gb Paging File | 5.37 Gb Available in Paging File | 79.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 151.00 Gb Total Space | 75.39 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
Drive D: | 294.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: SANDRA-NOTEBOOK | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/02 10:31:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Downloads\OTL.exe
PRC - [2012/06/03 19:15:21 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~1\AD-AWA~1\AdAware.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/10 10:34:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/11 20:30:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/11 20:30:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/30 03:51:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/21 19:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2011/01/10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/16 18:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Sandra\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/01 21:37:35 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/01 21:37:35 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/11 22:00:31 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/11 22:00:31 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/17 19:26:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/10 10:34:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/11 20:30:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/30 03:51:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/23 21:50:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/21 19:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/16 18:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/12/19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/12/15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/10 10:34:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 10:34:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/15 03:03:09 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/12 12:14:58 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/12 12:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/05/12 12:14:56 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/12 12:14:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/12 12:14:54 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/02/27 02:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/11 04:17:24 | 009,936,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/12 22:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/10/21 17:16:08 | 000,198,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/14 01:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/12/08 17:21:18 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 17:21:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 17:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/12/08 17:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 17:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 17:21:18 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=1586&gct=hp
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{C0B6FD25-BB4E-4108-921C-0848B2E7E369}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=f1d5defc-1291-40c9-b34e-5aa4abd1dbdd&apn_sauid=533F215B-BFAA-4D44-8C83-9860CE93F962
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 19:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 19:36:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/13 19:15:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 19:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 19:36:21 | 000,000,000 | ---D | M]
 
[2011/03/08 22:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2011/03/08 22:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/29 14:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\t2xu63eu.default\extensions
[2011/04/04 22:25:55 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\t2xu63eu.default\extensions\plugin2@gameplaylabs.com
[2011/09/03 12:29:40 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\t2xu63eu.default\extensions\youtube2mp3@mondayx.de
[2012/06/01 17:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/06/29 14:50:52 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T2XU63EU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/17 19:26:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 20:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/17 19:26:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/17 19:26:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 19:26:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/17 19:26:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/17 19:26:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/17 19:26:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7D2EF4-E976-4A68-8C63-6E36A173B396}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26CFA158-2B9B-40ED-B46C-D8EB42B90917}: NameServer = 213.162.69.170 213.162.69.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{547D5E76-2509-49C9-A093-F2268C116CB8}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81E2AD3D-BB31-4066-9E11-C5D237E2E862}: DhcpNameServer = 212.91.97.3 212.91.97.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEF0FCF6-5A11-4CEC-86E6-56CA61880306}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: NortonOnlineBackup - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/29 14:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/17 20:12:27 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2012/06/17 20:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 20:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 20:11:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/17 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/17 19:45:40 | 000,000,000 | ---D | C] -- C:\windows\System32\AppLogs
[2012/06/17 00:39:07 | 000,000,000 | ---D | C] -- C:\88a3095b5aeba41de7
[2012/06/16 22:45:09 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/06/04 21:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\adaware
[2012/06/04 21:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/04 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/04 21:08:42 | 000,093,816 | ---- | C] (GFI Software) -- C:\windows\System32\drivers\sbhips.sys
[2012/06/04 21:08:32 | 000,223,864 | ---- | C] (GFI Software) -- C:\windows\System32\drivers\SbFw.sys
[2012/06/04 21:08:32 | 000,094,584 | ---- | C] (GFI Software) -- C:\windows\System32\drivers\SbFwIm.sys
[2012/06/04 21:08:31 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\VDD
[2012/06/04 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/04 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/06/04 20:53:49 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Ad-Aware Antivirus
[2012/06/03 14:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\435E
[2012/06/03 11:30:45 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Foxit Software
[2012/06/03 11:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/02 10:17:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 10:17:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 10:16:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/01 21:37:29 | 000,000,330 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2012/07/01 21:36:11 | 3611,873,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 11:08:39 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/06/30 11:08:39 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/30 11:08:39 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/06/30 11:08:39 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/29 16:44:46 | 000,279,392 | ---- | M] () -- C:\Users\Sandra\Desktop\lipplan_oberlaa.jpg
[2012/06/27 22:39:18 | 000,127,059 | ---- | M] () -- C:\Users\Sandra\Desktop\AntiSpyWare Quarantine.jpg
[2012/06/26 17:34:32 | 000,042,237 | ---- | M] () -- C:\Users\Sandra\Desktop\MAG ELF - Servicestelle.pdf
[2012/06/25 09:11:19 | 000,048,775 | ---- | M] () -- C:\Users\Sandra\Desktop\2012 06 25 Fehlermeldung Serververbindung.jpg
[2012/06/25 08:49:14 | 000,071,559 | ---- | M] () -- C:\Users\Sandra\Desktop\AR 041 LLC (2012-020,022,024).pdf
[2012/06/25 08:48:51 | 000,066,406 | ---- | M] () -- C:\Users\Sandra\Desktop\LS 029 LLC (2012-020,022,024).pdf
[2012/06/24 10:09:31 | 000,001,650 | ---- | M] () -- C:\Users\Sandra\Desktop\Docs (server001.ledworx.local) - Verknüpfung.lnk
[2012/06/18 21:25:59 | 000,018,391 | ---- | M] () -- C:\Users\Sandra\Desktop\Beach-quiz.odt
[2012/06/17 20:11:42 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/17 10:25:47 | 003,659,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/11 07:28:59 | 000,001,738 | ---- | M] () -- C:\windows\System32\EmailAVConfig.xml
[2012/06/07 23:00:51 | 000,001,188 | ---- | M] () -- C:\windows\System32\ServiceConfig.xml
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/29 16:44:42 | 000,279,392 | ---- | C] () -- C:\Users\Sandra\Desktop\lipplan_oberlaa.jpg
[2012/06/27 22:39:17 | 000,127,059 | ---- | C] () -- C:\Users\Sandra\Desktop\AntiSpyWare Quarantine.jpg
[2012/06/26 17:34:32 | 000,042,237 | ---- | C] () -- C:\Users\Sandra\Desktop\MAG ELF - Servicestelle.pdf
[2012/06/25 09:11:19 | 000,048,775 | ---- | C] () -- C:\Users\Sandra\Desktop\2012 06 25 Fehlermeldung Serververbindung.jpg
[2012/06/25 08:49:14 | 000,071,559 | ---- | C] () -- C:\Users\Sandra\Desktop\AR 041 LLC (2012-020,022,024).pdf
[2012/06/25 08:48:48 | 000,066,406 | ---- | C] () -- C:\Users\Sandra\Desktop\LS 029 LLC (2012-020,022,024).pdf
[2012/06/18 21:21:24 | 000,018,391 | ---- | C] () -- C:\Users\Sandra\Desktop\Beach-quiz.odt
[2012/06/17 20:11:42 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/11 07:28:59 | 000,001,738 | ---- | C] () -- C:\windows\System32\EmailAVConfig.xml
[2012/06/07 23:00:51 | 000,001,188 | ---- | C] () -- C:\windows\System32\ServiceConfig.xml
[2011/10/09 23:27:25 | 000,003,347 | ---- | C] () -- C:\Users\Sandra\.recently-used.xbel
[2011/08/27 12:54:48 | 000,044,544 | ---- | C] () -- C:\windows\System32\Gif89.dll
[2011/04/10 23:25:01 | 000,003,584 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 22:54:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\F3426455BD.sys
[2011/04/10 22:54:50 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 23:08:04 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011/03/20 23:08:04 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011/02/23 12:02:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/23 11:34:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/07/06 01:46:17 | 000,654,844 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/07/06 01:46:17 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/07/06 01:46:17 | 000,130,426 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/07/06 01:46:17 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/07/05 10:02:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/07/05 09:29:15 | 000,001,670 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/07/05 09:16:47 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2010/07/05 09:15:48 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
 
========== LOP Check ==========
 
[2012/06/17 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Ad-Aware Antivirus
[2012/04/12 10:36:17 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Synaptics
[2012/06/29 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ad-Aware Antivirus
[2011/09/21 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/08 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/06/12 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Foxit Software
[2011/10/09 23:27:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\gtk-2.0
[2011/10/16 12:09:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\mp3DirectCut
[2011/11/13 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\MusicNet
[2011/07/09 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenCandy
[2012/02/28 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org
[2011/03/20 23:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PDF Writer
[2011/03/20 23:07:56 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Samsung
[2012/06/25 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SoftGrid Client
[2011/09/11 22:05:45 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Synaptics
[2012/05/29 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\T-Mobile
[2012/05/29 07:49:30 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\T-Mobile Internet Manager
[2011/03/08 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Thunderbird
[2011/04/10 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TP
[2011/08/27 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TuneUp Software
[2011/07/09 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Uniblue
[2012/06/16 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\uTorrent
[2011/08/08 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Vodafone
[2012/07/01 21:37:29 | 000,000,330 | ---- | M] () -- C:\windows\Tasks\DriverScanner.job
[2012/05/13 17:59:06 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/06/29 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ad-Aware Antivirus
[2011/11/13 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Adobe
[2011/07/27 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Apple Computer
[2011/04/24 03:48:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Avira
[2011/09/21 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/04/10 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Corel
[2011/05/26 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\CyberLink
[2011/07/08 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/06/12 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Foxit Software
[2011/02/23 12:03:55 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Google
[2011/10/09 23:27:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\gtk-2.0
[2011/02/23 11:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Identities
[2011/02/23 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Macromedia
[2012/06/17 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2010/07/06 01:36:15 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Media Center Programs
[2012/02/08 15:20:01 | 000,000,000 | --SD | M] -- C:\Users\Sandra\AppData\Roaming\Microsoft
[2011/02/23 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Mozilla
[2011/10/16 12:09:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\mp3DirectCut
[2011/11/13 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\MusicNet
[2011/07/09 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenCandy
[2012/02/28 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org
[2011/03/20 23:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PDF Writer
[2011/03/20 23:07:56 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Samsung
[2012/05/24 19:32:08 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Skype
[2011/07/14 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\skypePM
[2012/06/25 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SoftGrid Client
[2011/10/11 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/11 22:05:45 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Synaptics
[2012/05/29 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\T-Mobile
[2012/05/29 07:49:30 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\T-Mobile Internet Manager
[2011/03/08 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Thunderbird
[2011/04/10 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TP
[2011/08/27 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TuneUp Software
[2011/07/09 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Uniblue
[2012/06/16 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\uTorrent
[2012/03/11 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\vlc
[2011/08/08 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Vodafone
[2012/03/11 20:26:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Winamp
[2012/01/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/09/21 20:03:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Sandra\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/06/07 20:58:20 | 005,845,432 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Sandra\AppData\Roaming\OpenCandy\OpenCandy_AAB76C1FF91040E0A0828965171E77B0\driverscanner (9).exe
[2011/07/09 10:56:05 | 000,416,160 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\OpenCandy\OpenCandy_AAB76C1FF91040E0A0828965171E77B0\LatestDLMgr.exe
[2010/01/07 14:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Sandra\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Sandra\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:47:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=EB3A2C773E202CED30595BBFAD24FEBF -- C:\Windows\System32\drivers\iaStor.sys
[2010/04/27 09:47:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=EB3A2C773E202CED30595BBFAD24FEBF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_f694c1cdcd94f044\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\Sandra\Documents\T-Mobile Vertragskündigung.docx.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Sandra\Documents\sig sandfa.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
Vielen herzlichen Dank für die Bemühungen!!!

Frage,

da ist ein zweites log betitelt mit "Extras.txt" auch aufgegangen. Soll ich das auch hierher kopieren?

Alt 02.07.2012, 15:13   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1586&gct=hp
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\SearchScopes\{C0B6FD25-BB4E-4108-921C-0848B2E7E369}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=f1d5defc-1291-40c9-b34e-5aa4abd1dbdd&apn_sauid=533F215B-BFAA-4D44-8C83-9860CE93F962
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1824515743-1129300623-418782207-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\Shell - "" = AutoRun
O33 - MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/06/17 00:39:07 | 000,000,000 | ---D | C] -- C:\88a3095b5aeba41de7
[2012/06/03 14:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\435E
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 19:26   #13
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



ok, hier nun das aktuelle log:

Code:
ATTFilter
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
HKU\S-1-5-21-1824515743-1129300623-418782207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0B6FD25-BB4E-4108-921C-0848B2E7E369}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0B6FD25-BB4E-4108-921C-0848B2E7E369}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1824515743-1129300623-418782207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d2da28b-a951-11e1-b494-001bb1166a05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d2da28b-a951-11e1-b494-001bb1166a05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d2da28b-a951-11e1-b494-001bb1166a05}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d2da29d-a951-11e1-b494-001bb1166a05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d2da29d-a951-11e1-b494-001bb1166a05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d2da29d-a951-11e1-b494-001bb1166a05}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f77daf-c1ab-11e0-9326-001bb1166a05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f77daf-c1ab-11e0-9326-001bb1166a05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f77daf-c1ab-11e0-9326-001bb1166a05}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder move failed. C:\88a3095b5aeba41de7\Graphics scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\3082 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\3076 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\2070 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\2052 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1055 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1053 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1049 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1046 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1045 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1044 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1043 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1042 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1041 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1040 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1038 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1037 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1036 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1035 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1033 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1032 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1031 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1030 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1029 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1028 scheduled to be moved on reboot.
Folder move failed. C:\88a3095b5aeba41de7\1025 scheduled to be moved on reboot.
C:\88a3095b5aeba41de7 folder moved successfully.
C:\ProgramData\435E folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 7138420 bytes
->Temporary Internet Files folder emptied: 37163814 bytes
->FireFox cache emptied: 1023170825 bytes
->Flash cache emptied: 60696 bytes
 
User: Public
 
User: Sandra
->Temp folder emptied: 8462794 bytes
->Temporary Internet Files folder emptied: 10729074 bytes
->Java cache emptied: 1663712 bytes
->FireFox cache emptied: 155077942 bytes
->Flash cache emptied: 60023 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38591358 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18139064 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 357112 bytes
 
Total Files Cleaned = 1,240.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sandra
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_185131

Files\Folders moved on Reboot...
File\Folder C:\88a3095b5aeba41de7\Graphics not found!
File\Folder C:\88a3095b5aeba41de7\3082 not found!
File\Folder C:\88a3095b5aeba41de7\3076 not found!
File\Folder C:\88a3095b5aeba41de7\2070 not found!
File\Folder C:\88a3095b5aeba41de7\2052 not found!
File\Folder C:\88a3095b5aeba41de7\1055 not found!
File\Folder C:\88a3095b5aeba41de7\1053 not found!
File\Folder C:\88a3095b5aeba41de7\1049 not found!
File\Folder C:\88a3095b5aeba41de7\1046 not found!
File\Folder C:\88a3095b5aeba41de7\1045 not found!
File\Folder C:\88a3095b5aeba41de7\1044 not found!
File\Folder C:\88a3095b5aeba41de7\1043 not found!
File\Folder C:\88a3095b5aeba41de7\1042 not found!
File\Folder C:\88a3095b5aeba41de7\1041 not found!
File\Folder C:\88a3095b5aeba41de7\1040 not found!
File\Folder C:\88a3095b5aeba41de7\1038 not found!
File\Folder C:\88a3095b5aeba41de7\1037 not found!
File\Folder C:\88a3095b5aeba41de7\1036 not found!
File\Folder C:\88a3095b5aeba41de7\1035 not found!
File\Folder C:\88a3095b5aeba41de7\1033 not found!
File\Folder C:\88a3095b5aeba41de7\1032 not found!
File\Folder C:\88a3095b5aeba41de7\1031 not found!
File\Folder C:\88a3095b5aeba41de7\1030 not found!
File\Folder C:\88a3095b5aeba41de7\1029 not found!
File\Folder C:\88a3095b5aeba41de7\1028 not found!
File\Folder C:\88a3095b5aeba41de7\1025 not found!

PendingFileRenameOperations files...
File C:\88a3095b5aeba41de7\Graphics not found!
File C:\88a3095b5aeba41de7\3082 not found!
File C:\88a3095b5aeba41de7\3076 not found!
File C:\88a3095b5aeba41de7\2070 not found!
File C:\88a3095b5aeba41de7\2052 not found!
File C:\88a3095b5aeba41de7\1055 not found!
File C:\88a3095b5aeba41de7\1053 not found!
File C:\88a3095b5aeba41de7\1049 not found!
File C:\88a3095b5aeba41de7\1046 not found!
File C:\88a3095b5aeba41de7\1045 not found!
File C:\88a3095b5aeba41de7\1044 not found!
File C:\88a3095b5aeba41de7\1043 not found!
File C:\88a3095b5aeba41de7\1042 not found!
File C:\88a3095b5aeba41de7\1041 not found!
File C:\88a3095b5aeba41de7\1040 not found!
File C:\88a3095b5aeba41de7\1038 not found!
File C:\88a3095b5aeba41de7\1037 not found!
File C:\88a3095b5aeba41de7\1036 not found!
File C:\88a3095b5aeba41de7\1035 not found!
File C:\88a3095b5aeba41de7\1033 not found!
File C:\88a3095b5aeba41de7\1032 not found!
File C:\88a3095b5aeba41de7\1031 not found!
File C:\88a3095b5aeba41de7\1030 not found!
File C:\88a3095b5aeba41de7\1029 not found!
File C:\88a3095b5aeba41de7\1028 not found!
File C:\88a3095b5aeba41de7\1025 not found!

Registry entries deleted on Reboot...
         
War´s das? Weiss man warum das passiert?

Alt 03.07.2012, 12:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 13:38   #15
vivacitas83
 
ständiger Systemabsturz Win 7 home premium, 32 Bit - Standard

ständiger Systemabsturz Win 7 home premium, 32 Bit



Puhh, das wird echt kompliziert. Hoffe dies ist das richtige:


Code:
ATTFilter
13:28:32.0663 6012	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
13:28:32.0942 6012	============================================================
13:28:32.0942 6012	Current date / time: 2012/07/03 13:28:32.0942
13:28:32.0942 6012	SystemInfo:
13:28:32.0942 6012	
13:28:32.0942 6012	OS Version: 6.1.7601 ServicePack: 1.0
13:28:32.0942 6012	Product type: Workstation
13:28:32.0942 6012	ComputerName: SANDRA-NOTEBOOK
13:28:32.0942 6012	UserName: Sandra
13:28:32.0942 6012	Windows directory: C:\windows
13:28:32.0942 6012	System windows directory: C:\windows
13:28:32.0942 6012	Processor architecture: Intel x86
13:28:32.0942 6012	Number of processors: 4
13:28:32.0942 6012	Page size: 0x1000
13:28:32.0942 6012	Boot type: Normal boot
13:28:32.0942 6012	============================================================
13:28:33.0610 6012	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:28:33.0613 6012	============================================================
13:28:33.0613 6012	\Device\Harddisk0\DR0:
13:28:33.0613 6012	MBR partitions:
13:28:33.0613 6012	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
13:28:33.0613 6012	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x12E00000
13:28:33.0629 6012	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15633000, BlocksNum 0x24D52800
13:28:33.0629 6012	============================================================
13:28:33.0660 6012	C: <-> \Device\Harddisk0\DR0\Partition1
13:28:33.0744 6012	D: <-> \Device\Harddisk0\DR0\Partition2
13:28:33.0744 6012	============================================================
13:28:33.0744 6012	Initialize success
13:28:33.0744 6012	============================================================
13:29:26.0587 0716	============================================================
13:29:26.0587 0716	Scan started
13:29:26.0587 0716	Mode: Manual; SigCheck; TDLFS; 
13:29:26.0587 0716	============================================================
13:29:27.0237 0716	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:29:27.0278 0716	!SASCORE - ok
13:29:27.0510 0716	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
13:29:27.0577 0716	1394ohci - ok
13:29:27.0646 0716	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
13:29:27.0662 0716	ACPI - ok
13:29:27.0703 0716	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
13:29:27.0791 0716	AcpiPmi - ok
13:29:27.0950 0716	Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
13:29:27.0980 0716	Ad-Aware Service - ok
13:29:28.0075 0716	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:29:28.0097 0716	adp94xx - ok
13:29:28.0118 0716	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:29:28.0136 0716	adpahci - ok
13:29:28.0147 0716	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:29:28.0162 0716	adpu320 - ok
13:29:28.0194 0716	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
13:29:28.0252 0716	AeLookupSvc - ok
13:29:28.0334 0716	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
13:29:28.0384 0716	AFD - ok
13:29:28.0438 0716	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
13:29:28.0450 0716	agp440 - ok
13:29:28.0504 0716	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:29:28.0517 0716	aic78xx - ok
13:29:28.0581 0716	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
13:29:28.0648 0716	ALG - ok
13:29:28.0688 0716	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
13:29:28.0700 0716	aliide - ok
13:29:28.0738 0716	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
13:29:28.0750 0716	amdagp - ok
13:29:28.0782 0716	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
13:29:28.0794 0716	amdide - ok
13:29:28.0830 0716	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:29:28.0885 0716	AmdK8 - ok
13:29:28.0909 0716	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:29:28.0948 0716	AmdPPM - ok
13:29:28.0994 0716	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
13:29:29.0007 0716	amdsata - ok
13:29:29.0035 0716	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:29:29.0050 0716	amdsbs - ok
13:29:29.0061 0716	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
13:29:29.0072 0716	amdxata - ok
13:29:29.0120 0716	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\windows\system32\Drivers\ssadadb.sys
13:29:29.0173 0716	androidusb - ok
13:29:29.0306 0716	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:29:29.0316 0716	AntiVirSchedulerService - ok
13:29:29.0356 0716	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:29:29.0367 0716	AntiVirService - ok
13:29:29.0420 0716	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
13:29:29.0534 0716	AppID - ok
13:29:29.0584 0716	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
13:29:29.0646 0716	AppIDSvc - ok
13:29:29.0698 0716	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
13:29:29.0747 0716	Appinfo - ok
13:29:29.0785 0716	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:29:29.0798 0716	arc - ok
13:29:29.0815 0716	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:29:29.0828 0716	arcsas - ok
13:29:29.0864 0716	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:29:29.0971 0716	AsyncMac - ok
13:29:30.0026 0716	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
13:29:30.0038 0716	atapi - ok
13:29:30.0119 0716	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
13:29:30.0168 0716	AudioEndpointBuilder - ok
13:29:30.0173 0716	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
13:29:30.0207 0716	Audiosrv - ok
13:29:30.0243 0716	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
13:29:30.0254 0716	avgntflt - ok
13:29:30.0300 0716	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
13:29:30.0313 0716	avipbb - ok
13:29:30.0360 0716	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
13:29:30.0434 0716	AxInstSV - ok
13:29:30.0527 0716	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:29:30.0586 0716	b06bdrv - ok
13:29:30.0641 0716	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
13:29:30.0680 0716	b57nd60x - ok
13:29:30.0931 0716	BCM43XX         (55bbdde1cbd3fa79ea88baaa051d9735) C:\windows\system32\DRIVERS\bcmwl6.sys
13:29:30.0986 0716	BCM43XX - ok
13:29:31.0152 0716	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
13:29:31.0218 0716	BDESVC - ok
13:29:31.0294 0716	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:29:31.0345 0716	Beep - ok
13:29:31.0416 0716	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
13:29:31.0469 0716	BFE - ok
13:29:31.0549 0716	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
13:29:31.0602 0716	BITS - ok
13:29:31.0652 0716	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:29:31.0683 0716	blbdrive - ok
13:29:31.0739 0716	BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\windows\system32\drivers\BMLoad.sys
13:29:31.0757 0716	BMLoad ( UnsignedFile.Multi.Generic ) - warning
13:29:31.0757 0716	BMLoad - detected UnsignedFile.Multi.Generic (1)
13:29:31.0800 0716	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
13:29:31.0844 0716	bowser - ok
13:29:31.0861 0716	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:29:31.0944 0716	BrFiltLo - ok
13:29:31.0966 0716	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:29:32.0006 0716	BrFiltUp - ok
13:29:32.0063 0716	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
13:29:32.0105 0716	Browser - ok
13:29:32.0142 0716	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:29:32.0202 0716	Brserid - ok
13:29:32.0219 0716	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:29:32.0251 0716	BrSerWdm - ok
13:29:32.0283 0716	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:29:32.0317 0716	BrUsbMdm - ok
13:29:32.0335 0716	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:29:32.0372 0716	BrUsbSer - ok
13:29:32.0426 0716	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
13:29:32.0485 0716	BthEnum - ok
13:29:32.0500 0716	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:29:32.0538 0716	BTHMODEM - ok
13:29:32.0572 0716	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
13:29:32.0608 0716	BthPan - ok
13:29:32.0663 0716	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
13:29:32.0711 0716	BTHPORT - ok
13:29:32.0770 0716	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
13:29:32.0824 0716	bthserv - ok
13:29:32.0864 0716	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
13:29:32.0890 0716	BTHUSB - ok
13:29:32.0945 0716	btwampfl        (ad1aa3b85f1b9125e31935df98266b37) C:\windows\system32\drivers\btwampfl.sys
13:29:32.0961 0716	btwampfl - ok
13:29:33.0001 0716	btwaudio        (d146b5897a47500444bfa1f2cb2e3173) C:\windows\system32\drivers\btwaudio.sys
13:29:33.0013 0716	btwaudio - ok
13:29:33.0082 0716	btwavdt         (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\DRIVERS\btwavdt.sys
13:29:33.0095 0716	btwavdt - ok
13:29:33.0254 0716	btwdins         (765c410d031b9d55bfe09fe3f233262a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:29:33.0272 0716	btwdins - ok
13:29:33.0307 0716	btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
13:29:33.0317 0716	btwl2cap - ok
13:29:33.0348 0716	btwrchid        (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
13:29:33.0358 0716	btwrchid - ok
13:29:33.0407 0716	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:29:33.0454 0716	cdfs - ok
13:29:33.0505 0716	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
13:29:33.0533 0716	cdrom - ok
13:29:33.0573 0716	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
13:29:33.0621 0716	CertPropSvc - ok
13:29:33.0660 0716	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:29:33.0695 0716	circlass - ok
13:29:33.0757 0716	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:29:33.0772 0716	CLFS - ok
13:29:33.0859 0716	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:33.0871 0716	clr_optimization_v2.0.50727_32 - ok
13:29:33.0964 0716	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:29:33.0989 0716	clr_optimization_v4.0.30319_32 - ok
13:29:34.0012 0716	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:29:34.0042 0716	CmBatt - ok
13:29:34.0071 0716	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
13:29:34.0083 0716	cmdide - ok
13:29:34.0168 0716	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
13:29:34.0190 0716	CNG - ok
13:29:34.0239 0716	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:29:34.0250 0716	Compbatt - ok
13:29:34.0318 0716	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
13:29:34.0347 0716	CompositeBus - ok
13:29:34.0360 0716	COMSysApp - ok
13:29:34.0378 0716	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:29:34.0390 0716	crcdisk - ok
13:29:34.0437 0716	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
13:29:34.0493 0716	CryptSvc - ok
13:29:34.0678 0716	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:29:34.0703 0716	cvhsvc - ok
13:29:34.0791 0716	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
13:29:34.0830 0716	DcomLaunch - ok
13:29:34.0883 0716	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
13:29:34.0934 0716	defragsvc - ok
13:29:35.0004 0716	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
13:29:35.0033 0716	DfsC - ok
13:29:35.0100 0716	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
13:29:35.0153 0716	Dhcp - ok
13:29:35.0185 0716	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:29:35.0228 0716	discache - ok
13:29:35.0261 0716	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:29:35.0273 0716	Disk - ok
13:29:35.0320 0716	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
13:29:35.0368 0716	Dnscache - ok
13:29:35.0422 0716	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
13:29:35.0468 0716	dot3svc - ok
13:29:35.0512 0716	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
13:29:35.0572 0716	DPS - ok
13:29:35.0612 0716	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:29:35.0650 0716	drmkaud - ok
13:29:35.0833 0716	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
13:29:35.0889 0716	DXGKrnl - ok
13:29:35.0920 0716	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
13:29:35.0970 0716	EapHost - ok
13:29:36.0229 0716	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:29:36.0311 0716	ebdrv - ok
13:29:36.0457 0716	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
13:29:36.0509 0716	EFS - ok
13:29:36.0609 0716	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
13:29:36.0665 0716	ehRecvr - ok
13:29:36.0702 0716	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
13:29:36.0727 0716	ehSched - ok
13:29:36.0853 0716	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:29:36.0875 0716	elxstor - ok
13:29:36.0914 0716	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
13:29:36.0946 0716	ErrDev - ok
13:29:37.0009 0716	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
13:29:37.0060 0716	EventSystem - ok
13:29:37.0131 0716	ewusbnet        (7c18a6c99f4119d361a5ca028e788648) C:\windows\system32\DRIVERS\ewusbnet.sys
13:29:37.0174 0716	ewusbnet - ok
13:29:37.0205 0716	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:29:37.0260 0716	exfat - ok
13:29:37.0288 0716	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:29:37.0320 0716	fastfat - ok
13:29:37.0414 0716	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
13:29:37.0470 0716	Fax - ok
13:29:37.0526 0716	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:29:37.0557 0716	fdc - ok
13:29:37.0591 0716	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
13:29:37.0636 0716	fdPHost - ok
13:29:37.0658 0716	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
13:29:37.0706 0716	FDResPub - ok
13:29:37.0739 0716	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:29:37.0751 0716	FileInfo - ok
13:29:37.0755 0716	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:29:37.0798 0716	Filetrace - ok
13:29:37.0834 0716	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:29:37.0865 0716	flpydisk - ok
13:29:37.0902 0716	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:29:37.0916 0716	FltMgr - ok
13:29:38.0019 0716	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
13:29:38.0077 0716	FontCache - ok
13:29:38.0149 0716	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:38.0159 0716	FontCache3.0.0.0 - ok
13:29:38.0205 0716	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:29:38.0218 0716	FsDepends - ok
13:29:38.0258 0716	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
13:29:38.0269 0716	fssfltr - ok
13:29:38.0450 0716	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:29:38.0474 0716	fsssvc - ok
13:29:38.0548 0716	FsUsbExDisk     (cbe5f69a5e5b918225f420ba748f3742) C:\windows\system32\FsUsbExDisk.SYS
13:29:38.0570 0716	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:29:38.0570 0716	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:29:38.0643 0716	FsUsbExService  (96633419f4a1e37acb89b45ebccfe001) C:\windows\system32\FsUsbExService.Exe
13:29:38.0655 0716	FsUsbExService - ok
13:29:38.0681 0716	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
13:29:38.0692 0716	Fs_Rec - ok
13:29:38.0751 0716	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
13:29:38.0768 0716	fvevol - ok
13:29:38.0806 0716	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:29:38.0819 0716	gagp30kx - ok
13:29:38.0892 0716	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
13:29:38.0945 0716	gpsvc - ok
13:29:38.0980 0716	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:29:39.0032 0716	hcw85cir - ok
13:29:39.0113 0716	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
13:29:39.0145 0716	HdAudAddService - ok
13:29:39.0188 0716	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
13:29:39.0219 0716	HDAudBus - ok
13:29:39.0252 0716	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:29:39.0287 0716	HidBatt - ok
13:29:39.0310 0716	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:29:39.0338 0716	HidBth - ok
13:29:39.0364 0716	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:29:39.0395 0716	HidIr - ok
13:29:39.0437 0716	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
13:29:39.0485 0716	hidserv - ok
13:29:39.0524 0716	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
13:29:39.0557 0716	HidUsb - ok
13:29:39.0587 0716	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
13:29:39.0616 0716	hkmsvc - ok
13:29:39.0669 0716	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
13:29:39.0714 0716	HomeGroupListener - ok
13:29:39.0767 0716	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
13:29:39.0813 0716	HomeGroupProvider - ok
13:29:39.0848 0716	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
13:29:39.0861 0716	HpSAMD - ok
13:29:39.0939 0716	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
13:29:39.0971 0716	HTTP - ok
13:29:40.0022 0716	hwdatacard      (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys
13:29:40.0074 0716	hwdatacard - ok
13:29:40.0114 0716	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
13:29:40.0125 0716	hwpolicy - ok
13:29:40.0169 0716	hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
13:29:40.0214 0716	hwusbdev - ok
13:29:40.0270 0716	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
13:29:40.0285 0716	i8042prt - ok
13:29:40.0344 0716	iaStor          (eb3a2c773e202ced30595bbfad24febf) C:\windows\system32\DRIVERS\iaStor.sys
13:29:40.0362 0716	iaStor - ok
13:29:40.0423 0716	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
13:29:40.0441 0716	iaStorV - ok
13:29:40.0582 0716	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:40.0610 0716	idsvc - ok
13:29:40.0981 0716	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
13:29:41.0070 0716	igfx - ok
13:29:41.0244 0716	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:29:41.0257 0716	iirsp - ok
13:29:41.0349 0716	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
13:29:41.0399 0716	IKEEXT - ok
13:29:41.0463 0716	Impcd           (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
13:29:41.0517 0716	Impcd - ok
13:29:41.0782 0716	IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
13:29:41.0856 0716	IntcAzAudAddService - ok
13:29:42.0039 0716	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
13:29:42.0050 0716	intelide - ok
13:29:42.0114 0716	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:29:42.0141 0716	intelppm - ok
13:29:42.0184 0716	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
13:29:42.0217 0716	IPBusEnum - ok
13:29:42.0236 0716	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:29:42.0280 0716	IpFilterDriver - ok
13:29:42.0361 0716	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
13:29:42.0408 0716	iphlpsvc - ok
13:29:42.0438 0716	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
13:29:42.0469 0716	IPMIDRV - ok
13:29:42.0504 0716	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:29:42.0537 0716	IPNAT - ok
13:29:42.0554 0716	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:29:42.0616 0716	IRENUM - ok
13:29:42.0665 0716	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
13:29:42.0678 0716	isapnp - ok
13:29:42.0730 0716	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
13:29:42.0746 0716	iScsiPrt - ok
13:29:42.0769 0716	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
13:29:42.0781 0716	kbdclass - ok
13:29:42.0819 0716	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
13:29:42.0852 0716	kbdhid - ok
13:29:42.0889 0716	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
13:29:42.0902 0716	KeyIso - ok
13:29:42.0927 0716	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
13:29:42.0939 0716	KSecDD - ok
13:29:42.0979 0716	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
13:29:42.0992 0716	KSecPkg - ok
13:29:43.0034 0716	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
13:29:43.0081 0716	KtmRm - ok
13:29:43.0140 0716	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
13:29:43.0183 0716	LanmanServer - ok
13:29:43.0221 0716	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
13:29:43.0264 0716	LanmanWorkstation - ok
13:29:43.0316 0716	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:29:43.0368 0716	lltdio - ok
13:29:43.0409 0716	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
13:29:43.0454 0716	lltdsvc - ok
13:29:43.0496 0716	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
13:29:43.0543 0716	lmhosts - ok
13:29:43.0571 0716	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:29:43.0584 0716	LSI_FC - ok
13:29:43.0600 0716	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:29:43.0612 0716	LSI_SAS - ok
13:29:43.0636 0716	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:29:43.0648 0716	LSI_SAS2 - ok
13:29:43.0657 0716	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:29:43.0670 0716	LSI_SCSI - ok
13:29:43.0695 0716	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:29:43.0743 0716	luafv - ok
13:29:43.0801 0716	massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\windows\system32\DRIVERS\massfilter.sys
13:29:43.0848 0716	massfilter - ok
13:29:43.0898 0716	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
13:29:43.0914 0716	Mcx2Svc - ok
13:29:43.0944 0716	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:29:43.0956 0716	megasas - ok
13:29:44.0010 0716	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:29:44.0026 0716	MegaSR - ok
13:29:44.0050 0716	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
13:29:44.0103 0716	MMCSS - ok
13:29:44.0127 0716	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:29:44.0177 0716	Modem - ok
13:29:44.0218 0716	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:29:44.0254 0716	monitor - ok
13:29:44.0292 0716	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
13:29:44.0304 0716	mouclass - ok
13:29:44.0341 0716	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:29:44.0355 0716	mouhid - ok
13:29:44.0402 0716	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
13:29:44.0414 0716	mountmgr - ok
13:29:44.0531 0716	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:29:44.0544 0716	MozillaMaintenance - ok
13:29:44.0588 0716	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
13:29:44.0602 0716	mpio - ok
13:29:44.0632 0716	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:29:44.0679 0716	mpsdrv - ok
13:29:44.0744 0716	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
13:29:44.0798 0716	MpsSvc - ok
13:29:44.0835 0716	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
13:29:44.0875 0716	MRxDAV - ok
13:29:44.0932 0716	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
13:29:44.0982 0716	mrxsmb - ok
13:29:45.0033 0716	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:29:45.0060 0716	mrxsmb10 - ok
13:29:45.0086 0716	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:29:45.0111 0716	mrxsmb20 - ok
13:29:45.0139 0716	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
13:29:45.0150 0716	msahci - ok
13:29:45.0196 0716	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
13:29:45.0210 0716	msdsm - ok
13:29:45.0241 0716	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
13:29:45.0271 0716	MSDTC - ok
13:29:45.0318 0716	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:29:45.0364 0716	Msfs - ok
13:29:45.0386 0716	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:29:45.0433 0716	mshidkmdf - ok
13:29:45.0465 0716	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
13:29:45.0476 0716	msisadrv - ok
13:29:45.0535 0716	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
13:29:45.0584 0716	MSiSCSI - ok
13:29:45.0587 0716	msiserver - ok
13:29:45.0634 0716	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:29:45.0676 0716	MSKSSRV - ok
13:29:45.0696 0716	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:29:45.0739 0716	MSPCLOCK - ok
13:29:45.0757 0716	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:29:45.0787 0716	MSPQM - ok
13:29:45.0818 0716	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:29:45.0832 0716	MsRPC - ok
13:29:45.0876 0716	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
13:29:45.0888 0716	mssmbios - ok
13:29:45.0910 0716	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:29:45.0940 0716	MSTEE - ok
13:29:45.0961 0716	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:29:45.0997 0716	MTConfig - ok
13:29:46.0022 0716	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:29:46.0034 0716	Mup - ok
13:29:46.0091 0716	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
13:29:46.0140 0716	napagent - ok
13:29:46.0214 0716	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:29:46.0234 0716	NativeWifiP - ok
13:29:46.0328 0716	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
13:29:46.0351 0716	NDIS - ok
13:29:46.0391 0716	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:29:46.0432 0716	NdisCap - ok
13:29:46.0461 0716	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:29:46.0506 0716	NdisTapi - ok
13:29:46.0551 0716	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
13:29:46.0601 0716	Ndisuio - ok
13:29:46.0638 0716	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
13:29:46.0688 0716	NdisWan - ok
13:29:46.0727 0716	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
13:29:46.0774 0716	NDProxy - ok
13:29:46.0823 0716	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:29:46.0870 0716	NetBIOS - ok
13:29:46.0921 0716	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
13:29:46.0967 0716	NetBT - ok
13:29:46.0999 0716	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
13:29:47.0013 0716	Netlogon - ok
13:29:47.0084 0716	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
13:29:47.0131 0716	Netman - ok
13:29:47.0157 0716	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
13:29:47.0204 0716	netprofm - ok
13:29:47.0291 0716	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:47.0302 0716	NetTcpPortSharing - ok
13:29:47.0348 0716	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:29:47.0361 0716	nfrd960 - ok
13:29:47.0409 0716	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
13:29:47.0456 0716	NlaSvc - ok
13:29:47.0562 0716	nlsX86cc        (40f7172bc27a2e4197962aa0758c62d4) C:\windows\system32\nlssrv32.exe
13:29:47.0584 0716	nlsX86cc ( UnsignedFile.Multi.Generic ) - warning
13:29:47.0584 0716	nlsX86cc - detected UnsignedFile.Multi.Generic (1)
13:29:47.0608 0716	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:29:47.0652 0716	Npfs - ok
13:29:47.0683 0716	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
13:29:47.0714 0716	nsi - ok
13:29:47.0742 0716	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:29:47.0791 0716	nsiproxy - ok
13:29:47.0908 0716	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
13:29:47.0939 0716	Ntfs - ok
13:29:47.0962 0716	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:29:47.0992 0716	Null - ok
13:29:48.0054 0716	NVHDA           (8571011b62ce0207fa1dc95d88308f1d) C:\windows\system32\drivers\nvhda32v.sys
13:29:48.0066 0716	NVHDA - ok
13:29:48.0797 0716	nvlddmkm        (f0280a7b9c6483ba7aaa42c0866f1c4a) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:29:49.0091 0716	nvlddmkm - ok
13:29:49.0290 0716	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
13:29:49.0303 0716	nvraid - ok
13:29:49.0346 0716	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
13:29:49.0360 0716	nvstor - ok
13:29:49.0423 0716	nvsvc           (805d826a6f2521a020f65f87103d8a32) C:\windows\system32\nvvsvc.exe
13:29:49.0438 0716	nvsvc - ok
13:29:49.0488 0716	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
13:29:49.0501 0716	nv_agp - ok
13:29:49.0552 0716	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
13:29:49.0588 0716	ohci1394 - ok
13:29:49.0723 0716	OpenVPNService  (ec322186d8fce3d632f3f597d67747dd) C:\Program Files\OpenVPN\bin\openvpnserv.exe
13:29:49.0742 0716	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
13:29:49.0742 0716	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
13:29:49.0821 0716	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:29:49.0832 0716	ose - ok
13:29:50.0219 0716	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:29:50.0310 0716	osppsvc - ok
13:29:50.0460 0716	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
13:29:50.0507 0716	p2pimsvc - ok
13:29:50.0563 0716	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
13:29:50.0580 0716	p2psvc - ok
13:29:50.0641 0716	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:29:50.0667 0716	Parport - ok
13:29:50.0702 0716	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
13:29:50.0713 0716	partmgr - ok
13:29:50.0723 0716	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:29:50.0737 0716	Parvdm - ok
13:29:50.0775 0716	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
13:29:50.0794 0716	PcaSvc - ok
13:29:50.0842 0716	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
13:29:50.0856 0716	pci - ok
13:29:50.0873 0716	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
13:29:50.0884 0716	pciide - ok
13:29:50.0921 0716	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:29:50.0936 0716	pcmcia - ok
13:29:50.0955 0716	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:29:50.0966 0716	pcw - ok
13:29:51.0027 0716	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:29:51.0093 0716	PEAUTH - ok
13:29:51.0239 0716	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
13:29:51.0292 0716	pla - ok
13:29:51.0454 0716	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
13:29:51.0514 0716	PlugPlay - ok
13:29:51.0537 0716	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
13:29:51.0570 0716	PNRPAutoReg - ok
13:29:51.0615 0716	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
13:29:51.0632 0716	PNRPsvc - ok
13:29:51.0694 0716	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
13:29:51.0728 0716	PolicyAgent - ok
13:29:51.0771 0716	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
13:29:51.0802 0716	Power - ok
13:29:51.0885 0716	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:29:51.0917 0716	PptpMiniport - ok
13:29:51.0930 0716	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:29:51.0943 0716	Processor - ok
13:29:51.0971 0716	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
13:29:52.0021 0716	ProfSvc - ok
13:29:52.0043 0716	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
13:29:52.0057 0716	ProtectedStorage - ok
13:29:52.0109 0716	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:29:52.0154 0716	Psched - ok
13:29:52.0287 0716	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:29:52.0327 0716	ql2300 - ok
13:29:52.0478 0716	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:29:52.0492 0716	ql40xx - ok
13:29:52.0531 0716	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
13:29:52.0564 0716	QWAVE - ok
13:29:52.0586 0716	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:29:52.0624 0716	QWAVEdrv - ok
13:29:52.0644 0716	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:29:52.0687 0716	RasAcd - ok
13:29:52.0717 0716	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:29:52.0760 0716	RasAgileVpn - ok
13:29:52.0802 0716	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
13:29:52.0835 0716	RasAuto - ok
13:29:52.0884 0716	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:29:52.0926 0716	Rasl2tp - ok
13:29:52.0976 0716	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
13:29:53.0008 0716	RasMan - ok
13:29:53.0049 0716	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:29:53.0101 0716	RasPppoe - ok
13:29:53.0133 0716	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:29:53.0177 0716	RasSstp - ok
13:29:53.0233 0716	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
13:29:53.0263 0716	rdbss - ok
13:29:53.0282 0716	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:29:53.0309 0716	rdpbus - ok
13:29:53.0350 0716	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
13:29:53.0392 0716	RDPCDD - ok
13:29:53.0431 0716	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:29:53.0479 0716	RDPENCDD - ok
13:29:53.0497 0716	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:29:53.0540 0716	RDPREFMP - ok
13:29:53.0593 0716	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
13:29:53.0641 0716	RDPWD - ok
13:29:53.0686 0716	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
13:29:53.0700 0716	rdyboost - ok
13:29:53.0742 0716	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
13:29:53.0785 0716	RemoteAccess - ok
13:29:53.0827 0716	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
13:29:53.0877 0716	RemoteRegistry - ok
13:29:53.0950 0716	Rezip           (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe
13:29:53.0980 0716	Rezip ( UnsignedFile.Multi.Generic ) - warning
13:29:53.0980 0716	Rezip - detected UnsignedFile.Multi.Generic (1)
13:29:54.0041 0716	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
13:29:54.0058 0716	RFCOMM - ok
13:29:54.0219 0716	RichVideo       (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:29:54.0231 0716	RichVideo - ok
13:29:54.0260 0716	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
13:29:54.0308 0716	RpcEptMapper - ok
13:29:54.0354 0716	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
13:29:54.0380 0716	RpcLocator - ok
13:29:54.0444 0716	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
13:29:54.0477 0716	RpcSs - ok
13:29:54.0518 0716	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:29:54.0563 0716	rspndr - ok
13:29:54.0605 0716	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
13:29:54.0635 0716	RTL8167 - ok
13:29:54.0698 0716	rtport          (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
13:29:54.0708 0716	rtport - ok
13:29:54.0733 0716	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
13:29:54.0777 0716	SABI - ok
13:29:54.0799 0716	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
13:29:54.0812 0716	SamSs - ok
13:29:54.0905 0716	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:29:54.0915 0716	SASDIFSV - ok
13:29:54.0937 0716	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:29:54.0948 0716	SASKUTIL - ok
13:29:55.0226 0716	SBAMSvc         (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
13:29:55.0296 0716	SBAMSvc - ok
13:29:55.0471 0716	sbapifs         (3fff8cda4d2f29ca06f1557e85163c30) C:\windows\system32\DRIVERS\sbapifs.sys
13:29:55.0482 0716	sbapifs - ok
13:29:55.0566 0716	SbFw            (bcf3ba30c1cfa2942cf26c31384b37c7) C:\windows\system32\drivers\SbFw.sys
13:29:55.0581 0716	SbFw - ok
13:29:55.0634 0716	SBFWIMCL        (1dcad90cc9c0ddc7d060fd97854f8518) C:\windows\system32\DRIVERS\sbfwim.sys
13:29:55.0645 0716	SBFWIMCL - ok
13:29:55.0648 0716	SBFWIMCLMP      (1dcad90cc9c0ddc7d060fd97854f8518) C:\windows\system32\DRIVERS\SBFWIM.sys
13:29:55.0660 0716	SBFWIMCLMP - ok
13:29:55.0699 0716	sbhips          (1afd7178ab9c4fce2d332da7aa474fa6) C:\windows\system32\drivers\sbhips.sys
13:29:55.0710 0716	sbhips - ok
13:29:55.0759 0716	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
13:29:55.0772 0716	sbp2port - ok
13:29:55.0807 0716	SBRE            (1fd538c4feb36b793d2121f20bbdc16f) C:\windows\system32\drivers\SBREdrv.sys
13:29:55.0819 0716	SBRE - ok
13:29:55.0876 0716	sbwtis          (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\windows\system32\DRIVERS\sbwtis.sys
13:29:55.0887 0716	sbwtis - ok
13:29:55.0918 0716	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
13:29:55.0966 0716	SCardSvr - ok
13:29:55.0994 0716	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
13:29:56.0022 0716	scfilter - ok
13:29:56.0119 0716	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
13:29:56.0178 0716	Schedule - ok
13:29:56.0213 0716	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
13:29:56.0240 0716	SCPolicySvc - ok
13:29:56.0462 0716	ScrybeUpdater   (b60e9769655ddee8368e3abb6668e076) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
13:29:56.0492 0716	ScrybeUpdater - ok
13:29:56.0631 0716	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
13:29:56.0671 0716	SDRSVC - ok
13:29:56.0745 0716	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:29:56.0791 0716	secdrv - ok
13:29:56.0822 0716	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
13:29:56.0856 0716	seclogon - ok
13:29:56.0877 0716	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
13:29:56.0928 0716	SENS - ok
13:29:56.0960 0716	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
13:29:56.0981 0716	SensrSvc - ok
13:29:57.0025 0716	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:29:57.0051 0716	Serenum - ok
13:29:57.0096 0716	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:29:57.0125 0716	Serial - ok
13:29:57.0176 0716	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:29:57.0212 0716	sermouse - ok
13:29:57.0263 0716	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
13:29:57.0293 0716	SessionEnv - ok
13:29:57.0336 0716	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
13:29:57.0352 0716	sffdisk - ok
13:29:57.0367 0716	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
13:29:57.0402 0716	sffp_mmc - ok
13:29:57.0427 0716	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
13:29:57.0456 0716	sffp_sd - ok
13:29:57.0484 0716	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:29:57.0511 0716	sfloppy - ok
13:29:57.0592 0716	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
13:29:57.0615 0716	Sftfs - ok
13:29:57.0759 0716	sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
13:29:57.0776 0716	sftlist - ok
13:29:57.0853 0716	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
13:29:57.0866 0716	Sftplay - ok
13:29:57.0920 0716	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
13:29:57.0929 0716	Sftredir - ok
13:29:57.0965 0716	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
13:29:57.0974 0716	Sftvol - ok
13:29:58.0041 0716	sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
13:29:58.0053 0716	sftvsa - ok
13:29:58.0099 0716	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
13:29:58.0155 0716	SharedAccess - ok
13:29:58.0214 0716	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
13:29:58.0270 0716	ShellHWDetection - ok
13:29:58.0306 0716	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
13:29:58.0318 0716	sisagp - ok
13:29:58.0366 0716	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:29:58.0378 0716	SiSRaid2 - ok
13:29:58.0399 0716	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:29:58.0412 0716	SiSRaid4 - ok
13:29:58.0496 0716	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
13:29:58.0506 0716	SkypeUpdate - ok
13:29:58.0522 0716	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:29:58.0554 0716	Smb - ok
13:29:58.0603 0716	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
13:29:58.0616 0716	SNMPTRAP - ok
13:29:58.0643 0716	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:29:58.0654 0716	spldr - ok
13:29:58.0719 0716	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
13:29:58.0772 0716	Spooler - ok
13:29:59.0021 0716	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
13:29:59.0085 0716	sppsvc - ok
13:29:59.0214 0716	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
13:29:59.0264 0716	sppuinotify - ok
13:29:59.0359 0716	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
13:29:59.0414 0716	srv - ok
13:29:59.0438 0716	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
13:29:59.0475 0716	srv2 - ok
13:29:59.0508 0716	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
13:29:59.0544 0716	srvnet - ok
13:29:59.0594 0716	ssadbus         (406776fe3c2b66796bac1a7afb9ac8a1) C:\windows\system32\DRIVERS\ssadbus.sys
13:29:59.0646 0716	ssadbus - ok
13:29:59.0673 0716	ssadmdfl        (b19532d015a5d295e2aa34bb521202cf) C:\windows\system32\DRIVERS\ssadmdfl.sys
13:29:59.0709 0716	ssadmdfl - ok
13:29:59.0743 0716	ssadmdm         (2aebf9108e6f435458b9499c27394da4) C:\windows\system32\DRIVERS\ssadmdm.sys
13:29:59.0771 0716	ssadmdm - ok
13:29:59.0825 0716	ssadserd        (28f893c9b4e98dee5ae3c24db56b1b11) C:\windows\system32\DRIVERS\ssadserd.sys
13:29:59.0848 0716	ssadserd - ok
13:29:59.0886 0716	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
13:29:59.0934 0716	SSDPSRV - ok
13:29:59.0979 0716	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
13:29:59.0987 0716	ssmdrv - ok
13:30:00.0002 0716	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
13:30:00.0032 0716	SstpSvc - ok
13:30:00.0064 0716	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:30:00.0076 0716	stexstor - ok
13:30:00.0158 0716	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
13:30:00.0181 0716	StiSvc - ok
13:30:00.0219 0716	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
13:30:00.0230 0716	swenum - ok
13:30:00.0282 0716	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
13:30:00.0317 0716	swprv - ok
13:30:00.0482 0716	SynTP           (2185cc5be9922562108cf87f42e4bbaf) C:\windows\system32\DRIVERS\SynTP.sys
13:30:00.0520 0716	SynTP - ok
13:30:00.0743 0716	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
13:30:00.0796 0716	SysMain - ok
13:30:00.0836 0716	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
13:30:00.0869 0716	TabletInputService - ok
13:30:00.0954 0716	tap0901         (8cf6e2ae1707d82e904ecca68cef8b87) C:\windows\system32\DRIVERS\tap0901.sys
13:30:00.0972 0716	tap0901 - ok
13:30:01.0026 0716	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
13:30:01.0076 0716	TapiSrv - ok
13:30:01.0102 0716	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
13:30:01.0154 0716	TBS - ok
13:30:01.0299 0716	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
13:30:01.0331 0716	Tcpip - ok
13:30:01.0358 0716	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
13:30:01.0390 0716	TCPIP6 - ok
13:30:01.0427 0716	tcpipBM         (dcfeb82ca988598ceb8f83148616038e) C:\windows\system32\drivers\tcpipBM.sys
13:30:01.0445 0716	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
13:30:01.0445 0716	tcpipBM - detected UnsignedFile.Multi.Generic (1)
13:30:01.0485 0716	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
13:30:01.0527 0716	tcpipreg - ok
13:30:01.0565 0716	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
13:30:01.0611 0716	TDPIPE - ok
13:30:01.0634 0716	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
13:30:01.0659 0716	TDTCP - ok
13:30:01.0695 0716	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
13:30:01.0740 0716	tdx - ok
13:30:01.0772 0716	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
13:30:01.0784 0716	TermDD - ok
13:30:01.0861 0716	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
13:30:01.0896 0716	TermService - ok
13:30:01.0926 0716	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
13:30:01.0958 0716	Themes - ok
13:30:01.0992 0716	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
13:30:02.0023 0716	THREADORDER - ok
13:30:02.0043 0716	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
13:30:02.0096 0716	TrkWks - ok
13:30:02.0167 0716	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
13:30:02.0212 0716	TrustedInstaller - ok
13:30:02.0243 0716	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
13:30:02.0293 0716	tssecsrv - ok
13:30:02.0346 0716	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
13:30:02.0370 0716	TsUsbFlt - ok
13:30:02.0429 0716	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
13:30:02.0480 0716	tunnel - ok
13:30:02.0518 0716	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:30:02.0530 0716	uagp35 - ok
13:30:02.0582 0716	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
13:30:02.0613 0716	udfs - ok
13:30:02.0651 0716	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
13:30:02.0680 0716	UI0Detect - ok
13:30:02.0718 0716	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
13:30:02.0731 0716	uliagpkx - ok
13:30:02.0773 0716	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
13:30:02.0788 0716	umbus - ok
13:30:02.0817 0716	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:30:02.0849 0716	UmPass - ok
13:30:02.0900 0716	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
13:30:02.0948 0716	upnphost - ok
13:30:02.0970 0716	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
13:30:03.0018 0716	usbccgp - ok
13:30:03.0070 0716	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
13:30:03.0106 0716	usbcir - ok
13:30:03.0135 0716	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
13:30:03.0148 0716	usbehci - ok
13:30:03.0212 0716	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
13:30:03.0229 0716	usbhub - ok
13:30:03.0270 0716	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
13:30:03.0303 0716	usbohci - ok
13:30:03.0341 0716	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:30:03.0356 0716	usbprint - ok
13:30:03.0385 0716	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
13:30:03.0418 0716	usbscan - ok
13:30:03.0465 0716	usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\drivers\usbser.sys
13:30:03.0521 0716	usbser - ok
13:30:03.0547 0716	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:30:03.0600 0716	USBSTOR - ok
13:30:03.0615 0716	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
13:30:03.0641 0716	usbuhci - ok
13:30:03.0700 0716	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
13:30:03.0718 0716	usbvideo - ok
13:30:03.0759 0716	USB_RNDIS       (b71da871254d96d0349639d03e4c1cc1) C:\windows\system32\DRIVERS\usb8023.sys
13:30:03.0789 0716	USB_RNDIS - ok
13:30:03.0819 0716	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
13:30:03.0848 0716	UxSms - ok
13:30:03.0874 0716	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
13:30:03.0888 0716	VaultSvc - ok
13:30:03.0931 0716	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
13:30:03.0943 0716	vdrvroot - ok
13:30:04.0004 0716	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
13:30:04.0041 0716	vds - ok
13:30:04.0084 0716	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:30:04.0100 0716	vga - ok
13:30:04.0133 0716	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:30:04.0177 0716	VgaSave - ok
13:30:04.0221 0716	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
13:30:04.0235 0716	vhdmp - ok
13:30:04.0289 0716	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
13:30:04.0302 0716	viaagp - ok
13:30:04.0331 0716	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:30:04.0359 0716	ViaC7 - ok
13:30:04.0379 0716	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
13:30:04.0391 0716	viaide - ok
13:30:04.0433 0716	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
13:30:04.0445 0716	volmgr - ok
13:30:04.0478 0716	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:30:04.0494 0716	volmgrx - ok
13:30:04.0553 0716	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
13:30:04.0568 0716	volsnap - ok
13:30:04.0626 0716	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:30:04.0641 0716	vsmraid - ok
13:30:04.0752 0716	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
13:30:04.0805 0716	VSS - ok
13:30:04.0830 0716	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:30:04.0865 0716	vwifibus - ok
13:30:04.0908 0716	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:30:04.0939 0716	vwififlt - ok
13:30:04.0988 0716	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
13:30:05.0044 0716	W32Time - ok
13:30:05.0070 0716	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:30:05.0098 0716	WacomPen - ok
13:30:05.0149 0716	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:30:05.0195 0716	WANARP - ok
13:30:05.0198 0716	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:30:05.0226 0716	Wanarpv6 - ok
13:30:05.0375 0716	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
13:30:05.0418 0716	WatAdminSvc - ok
13:30:05.0560 0716	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
13:30:05.0620 0716	wbengine - ok
13:30:05.0659 0716	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
13:30:05.0680 0716	WbioSrvc - ok
13:30:05.0736 0716	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
13:30:05.0770 0716	wcncsvc - ok
13:30:05.0774 0716	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
13:30:05.0813 0716	WcsPlugInService - ok
13:30:05.0867 0716	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:30:05.0879 0716	Wd - ok
13:30:05.0925 0716	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:30:05.0943 0716	Wdf01000 - ok
13:30:05.0960 0716	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
13:30:06.0011 0716	WdiServiceHost - ok
13:30:06.0014 0716	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
13:30:06.0032 0716	WdiSystemHost - ok
13:30:06.0084 0716	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
13:30:06.0117 0716	WebClient - ok
13:30:06.0151 0716	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
13:30:06.0185 0716	Wecsvc - ok
13:30:06.0203 0716	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
13:30:06.0234 0716	wercplsupport - ok
13:30:06.0267 0716	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
13:30:06.0298 0716	WerSvc - ok
13:30:06.0330 0716	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:30:06.0362 0716	WfpLwf - ok
13:30:06.0379 0716	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:30:06.0391 0716	WIMMount - ok
13:30:06.0517 0716	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:30:06.0554 0716	WinDefend - ok
13:30:06.0560 0716	WinHttpAutoProxySvc - ok
13:30:06.0642 0716	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
13:30:06.0672 0716	Winmgmt - ok
13:30:06.0800 0716	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
13:30:06.0858 0716	WinRM - ok
13:30:06.0937 0716	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
13:30:06.0972 0716	WinUsb - ok
13:30:07.0063 0716	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
13:30:07.0090 0716	Wlansvc - ok
13:30:07.0129 0716	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
13:30:07.0162 0716	WmiAcpi - ok
13:30:07.0236 0716	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
13:30:07.0265 0716	wmiApSrv - ok
13:30:07.0439 0716	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:07.0476 0716	WMPNetworkSvc - ok
13:30:07.0505 0716	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
13:30:07.0526 0716	WPCSvc - ok
13:30:07.0573 0716	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
13:30:07.0612 0716	WPDBusEnum - ok
13:30:07.0673 0716	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:30:07.0719 0716	ws2ifsl - ok
13:30:07.0750 0716	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
13:30:07.0768 0716	wscsvc - ok
13:30:07.0771 0716	WSearch - ok
13:30:07.0933 0716	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
13:30:07.0978 0716	wuauserv - ok
13:30:08.0154 0716	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
13:30:08.0184 0716	WudfPf - ok
13:30:08.0234 0716	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
13:30:08.0265 0716	WUDFRd - ok
13:30:08.0315 0716	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
13:30:08.0344 0716	wudfsvc - ok
13:30:08.0385 0716	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
13:30:08.0406 0716	WwanSvc - ok
13:30:08.0477 0716	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
13:30:08.0529 0716	yukonw7 - ok
13:30:08.0593 0716	ZTEusbmdm6k     (b8b466103280e45e391e876f05122607) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:30:08.0613 0716	ZTEusbmdm6k - ok
13:30:08.0632 0716	ZTEusbnet       (911ba85906bc7602c73441502abfb565) C:\windows\system32\DRIVERS\ZTEusbnet.sys
13:30:08.0653 0716	ZTEusbnet - ok
13:30:08.0693 0716	ZTEusbnmea      (69774b89725ddc4781e0eeb9809f3b20) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
13:30:08.0740 0716	ZTEusbnmea - ok
13:30:08.0802 0716	ZTEusbser6k     (b8b466103280e45e391e876f05122607) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
13:30:08.0815 0716	ZTEusbser6k - ok
13:30:08.0840 0716	ZTEusbvoice     (b8b466103280e45e391e876f05122607) C:\windows\system32\DRIVERS\ZTEusbvoice.sys
13:30:08.0852 0716	ZTEusbvoice - ok
13:30:08.0961 0716	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
13:30:09.0423 0716	\Device\Harddisk0\DR0 - ok
13:30:09.0449 0716	Boot (0x1200)   (615df38242380c7ce249ecda8dfcbf11) \Device\Harddisk0\DR0\Partition0
13:30:09.0451 0716	\Device\Harddisk0\DR0\Partition0 - ok
13:30:09.0464 0716	Boot (0x1200)   (522d36ed4744732fcad88a18441f4f40) \Device\Harddisk0\DR0\Partition1
13:30:09.0466 0716	\Device\Harddisk0\DR0\Partition1 - ok
13:30:09.0492 0716	Boot (0x1200)   (d081fa005a08bca0f74d3dd515baac42) \Device\Harddisk0\DR0\Partition2
13:30:09.0494 0716	\Device\Harddisk0\DR0\Partition2 - ok
13:30:09.0494 0716	============================================================
13:30:09.0494 0716	Scan finished
13:30:09.0494 0716	============================================================
13:30:09.0503 4956	Detected object count: 6
13:30:09.0503 4956	Actual detected object count: 6
13:30:39.0375 4956	C:\windows\system32\drivers\BMLoad.sys - copied to quarantine
13:30:39.0375 4956	HKLM\SYSTEM\ControlSet001\services\BMLoad - will be deleted on reboot
13:30:39.0415 4956	HKLM\SYSTEM\ControlSet002\services\BMLoad - will be deleted on reboot
13:30:39.0583 4956	C:\windows\system32\drivers\BMLoad.sys - will be deleted on reboot
13:30:39.0583 4956	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:39.0618 4956	C:\windows\system32\FsUsbExDisk.SYS - copied to quarantine
13:30:39.0619 4956	HKLM\SYSTEM\ControlSet001\services\FsUsbExDisk - will be deleted on reboot
13:30:39.0632 4956	HKLM\SYSTEM\ControlSet002\services\FsUsbExDisk - will be deleted on reboot
13:30:39.0635 4956	C:\windows\system32\FsUsbExDisk.SYS - will be deleted on reboot
13:30:39.0635 4956	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:39.0680 4956	C:\windows\system32\nlssrv32.exe - copied to quarantine
13:30:39.0680 4956	HKLM\SYSTEM\ControlSet001\services\nlsX86cc - will be deleted on reboot
13:30:39.0695 4956	HKLM\SYSTEM\ControlSet002\services\nlsX86cc - will be deleted on reboot
13:30:39.0698 4956	C:\windows\system32\nlssrv32.exe - will be deleted on reboot
13:30:39.0698 4956	nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:39.0806 4956	C:\Program Files\OpenVPN\bin\openvpnserv.exe - copied to quarantine
13:30:39.0806 4956	HKLM\SYSTEM\ControlSet001\services\OpenVPNService - will be deleted on reboot
13:30:39.0821 4956	HKLM\SYSTEM\ControlSet002\services\OpenVPNService - will be deleted on reboot
13:30:39.0825 4956	C:\Program Files\OpenVPN\bin\openvpnserv.exe - will be deleted on reboot
13:30:39.0825 4956	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:39.0893 4956	C:\windows\SYSTEM32\Rezip.exe - copied to quarantine
13:30:39.0894 4956	HKLM\SYSTEM\ControlSet001\services\Rezip - will be deleted on reboot
13:30:39.0912 4956	HKLM\SYSTEM\ControlSet002\services\Rezip - will be deleted on reboot
13:30:39.0915 4956	C:\windows\SYSTEM32\Rezip.exe - will be deleted on reboot
13:30:39.0915 4956	Rezip ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:39.0945 4956	C:\windows\system32\drivers\tcpipBM.sys - copied to quarantine
13:30:39.0945 4956	HKLM\SYSTEM\ControlSet001\services\tcpipBM - will be deleted on reboot
13:30:39.0965 4956	HKLM\SYSTEM\ControlSet002\services\tcpipBM - will be deleted on reboot
13:30:39.0968 4956	C:\windows\system32\drivers\tcpipBM.sys - will be deleted on reboot
13:30:39.0968 4956	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Delete 
13:30:42.0327 0768	Deinitialize success
         

Geändert von vivacitas83 (03.07.2012 um 13:45 Uhr)

Antwort

Themen zu ständiger Systemabsturz Win 7 home premium, 32 Bit
32 bit, administrator, anti-malware, antispyware, autostart, avira, benötigte, bösartige, dateien, dateisystem, erlaubte, explorer, gestoppt, heuristiks/extra, heuristiks/shuriken, home, löschen, minute, nimmer, registrierung, service, speicher, ständiger, systemabsturz, tagen, ungebetene, version, verzeichnisse, win



Ähnliche Themen: ständiger Systemabsturz Win 7 home premium, 32 Bit


  1. Windows 7 Home Premium SP1 Langsam
    Log-Analyse und Auswertung - 03.05.2015 (7)
  2. Windows 7 Home Premium - Avast - Gruppenrichtlinie
    Log-Analyse und Auswertung - 04.11.2014 (5)
  3. Windows 7 Home Premium - SpyHunter 4 deinstallieren
    Log-Analyse und Auswertung - 16.09.2014 (17)
  4. Win 7 Home Premium mit Pup.Optional.* befallen
    Log-Analyse und Auswertung - 26.03.2014 (17)
  5. Umstellung xp zu windows 7 home premium
    Alles rund um Windows - 20.03.2014 (5)
  6. Windows 7 Home Premium Stürzt ab/PC Neustart
    Alles rund um Windows - 17.12.2013 (3)
  7. Windows / Home Premium BKA/Interpol Speerbildschirm
    Log-Analyse und Auswertung - 13.10.2013 (3)
  8. Win 7 Home Premium 64 Bit: LyriXeeker-1 nicht deinstallierbar
    Log-Analyse und Auswertung - 27.09.2013 (15)
  9. win 7 home premium, weisser Bildschirm
    Log-Analyse und Auswertung - 08.09.2013 (9)
  10. GVU-Trojaner mit Windows 7 Home Premium
    Log-Analyse und Auswertung - 28.08.2013 (19)
  11. Gvu Trojaner unter Windows 7 home Premium
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (1)
  12. Windows 7 Home Premium auf Laptop neu aufspielen
    Alles rund um Windows - 21.07.2013 (13)
  13. Polizeivirus auf Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (33)
  14. Backdoor.bot auf Windows-7 Home Premium (x64)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (49)
  15. GVU Trojaner 2.07 - Windows Vista Home Premium 32 Bit
    Log-Analyse und Auswertung - 07.10.2012 (6)
  16. GVU-Trojaner Win7 64Bit Home Premium
    Log-Analyse und Auswertung - 19.09.2012 (13)
  17. BKA Trojaner - Windows 7 Home Premium 64bit
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (17)

Zum Thema ständiger Systemabsturz Win 7 home premium, 32 Bit - Hallo! Leider habe ich seit Tagen mit einem ungebetenen Gast zu tun...offensichtlich. Antispyware findet ne unerlaubte .exe Datei...will man sie löschen, Sysemabsturz! Avira wird gestoppt oder macht man eine Sysscan...Systemabsturz - ständiger Systemabsturz Win 7 home premium, 32 Bit...
Archiv
Du betrachtest: ständiger Systemabsturz Win 7 home premium, 32 Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.