Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2

hiro · 10.08.2012, 12:34

Ich nehme schon seit Jahren nur die Professional Varianten. Die 10.0.48.1 ist mir schon bekannt, ist aber nichts berufliches!

cosinus · 11.08.2012, 15:34

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
FF - user.js - File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\Shell\option1\command - "" = F:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\Shell\support\command - "" = F:\deskupdate\support.bat
O33 - MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
:Files
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hiro · 12.08.2012, 12:01

Hi,

mir sind noch 2 Sachen eingefallen:

1. da ich 2 Windows Benutzer habe, soll ich folgende Zeile 2 mal im Fix Code schreiben (mit jeweils den Benutzernamen anstatt den ***)?:

C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache

Oder soll ich es nur für den Benutzer machen unter dem ich immer arbeite (und in dem auch die Virenmeldung aufgetreten ist)?

2. nochmal zu deiner Frage wegen Büro-PC: ich benutze den PC für die Uni, arbeite also schon mit ihm aber eben in keinem Büro mit vorgegebenen Richtlinien oder ähnlichem. Hoffe das ändert jetzt nichts?

Vielen Dank für die Hilfe bisher.

cosinus · 13.08.2012, 12:39

Du musst die Zeilen in OTL so zurückeditieren wie es ursprünglich im OTL-Log stand

hiro · 15.08.2012, 12:28

Hier das logfile, nach dem reboot:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
File F:\deskupdate\DeskUpdate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623deca6-2f17-11e1-b9ee-806e6f6e6963}\ not found.
File F:\deskupdate\support.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec926e2-3004-11e1-863e-806e6f6e6963}\ not found.
File F:\SETUP.EXE not found.
========== FILES ==========
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 395531231 bytes
->Temporary Internet Files folder emptied: 81325939 bytes
->FireFox cache emptied: 301364072 bytes
->Flash cache emptied: 15793 bytes
 
User: ***
->Temp folder emptied: 517713470 bytes
->Temporary Internet Files folder emptied: 48509692 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64504656 bytes
->Flash cache emptied: 726 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 435819171 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182580275 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 1928 bytes
 
Total Files Cleaned = 1.934,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.56.0 log created on 08142012_140413

Files\Folders moved on Reboot...
File move failed. C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2236.log moved successfully.

PendingFileRenameOperations files...
[2011.12.27 12:12:29 | 000,000,000 | ---- | M] () C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
[2012.08.14 14:07:52 | 000,000,000 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2236.log not found!

Registry entries deleted on Reboot...

cosinus · 15.08.2012, 19:47

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

hiro · 15.08.2012, 20:05

Der Report:

Code:

ATTFilter

20:57:32.0019 3708  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:57:32.0113 3708  ============================================================
20:57:32.0113 3708  Current date / time: 2012/08/15 20:57:32.0113
20:57:32.0113 3708  SystemInfo:
20:57:32.0113 3708  
20:57:32.0113 3708  OS Version: 6.1.7601 ServicePack: 1.0
20:57:32.0113 3708  Product type: Workstation
20:57:32.0113 3708  ComputerName: ***-PC
20:57:32.0113 3708  UserName: ***
20:57:32.0113 3708  Windows directory: C:\Windows
20:57:32.0113 3708  System windows directory: C:\Windows
20:57:32.0113 3708  Running under WOW64
20:57:32.0113 3708  Processor architecture: Intel x64
20:57:32.0113 3708  Number of processors: 8
20:57:32.0113 3708  Page size: 0x1000
20:57:32.0113 3708  Boot type: Normal boot
20:57:32.0113 3708  ============================================================
20:57:32.0518 3708  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:57:32.0518 3708  ============================================================
20:57:32.0518 3708  \Device\Harddisk0\DR0:
20:57:32.0518 3708  MBR partitions:
20:57:32.0518 3708  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:57:32.0518 3708  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
20:57:32.0518 3708  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0xC350000
20:57:32.0518 3708  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0x15995800
20:57:32.0518 3708  ============================================================
20:57:32.0534 3708  C: <-> \Device\Harddisk0\DR0\Partition2
20:57:32.0581 3708  D: <-> \Device\Harddisk0\DR0\Partition3
20:57:32.0612 3708  E: <-> \Device\Harddisk0\DR0\Partition4
20:57:32.0612 3708  ============================================================
20:57:32.0612 3708  Initialize success
20:57:32.0612 3708  ============================================================
20:57:57.0697 3684  ============================================================
20:57:57.0697 3684  Scan started
20:57:57.0697 3684  Mode: Manual; SigCheck; TDLFS; 
20:57:57.0697 3684  ============================================================
20:57:58.0134 3684  ================ Scan services =============================
20:57:58.0290 3684  [ a87d604aea360176311474c87a63bb88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:57:58.0446 3684  1394ohci - ok
20:57:58.0461 3684  [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:57:58.0492 3684  ACPI - ok
20:57:58.0508 3684  [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:57:58.0539 3684  AcpiPmi - ok
20:57:58.0586 3684  [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:57:58.0602 3684  adp94xx - ok
20:57:58.0648 3684  [ 597f78224ee9224ea1a13d6350ced962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:57:58.0664 3684  adpahci - ok
20:57:58.0680 3684  [ e109549c90f62fb570b9540c4b148e54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:57:58.0711 3684  adpu320 - ok
20:57:58.0726 3684  [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:57:58.0773 3684  AeLookupSvc - ok
20:57:58.0820 3684  [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:57:58.0867 3684  AFD - ok
20:57:58.0929 3684  [ b65f8dba54f251906bbe8611b5a0e7ab ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:57:58.0945 3684  AgereModemAudio - ok
20:57:58.0976 3684  [ c98356d813b581e9c425b42a5d146ce0 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
20:57:59.0038 3684  AgereSoftModem - ok
20:57:59.0070 3684  [ 608c14dba7299d8cb6ed035a68a15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:57:59.0085 3684  agp440 - ok
20:57:59.0085 3684  [ 3290d6946b5e30e70414990574883ddb ] ALG             C:\Windows\System32\alg.exe
20:57:59.0116 3684  ALG - ok
20:57:59.0148 3684  [ 5812713a477a3ad7363c7438ca2ee038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:57:59.0163 3684  aliide - ok
20:57:59.0179 3684  [ 1ff8b4431c353ce385c875f194924c0c ] amdide          C:\Windows\system32\drivers\amdide.sys
20:57:59.0194 3684  amdide - ok
20:57:59.0226 3684  [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:57:59.0272 3684  AmdK8 - ok
20:57:59.0272 3684  [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:57:59.0335 3684  AmdPPM - ok
20:57:59.0350 3684  [ 6ec6d772eae38dc17c14aed9b178d24b ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:57:59.0366 3684  amdsata - ok
20:57:59.0397 3684  [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:57:59.0428 3684  amdsbs - ok
20:57:59.0444 3684  [ 1142a21db581a84ea5597b03a26ebaa0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:57:59.0460 3684  amdxata - ok
20:57:59.0522 3684  [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:57:59.0538 3684  AntiVirSchedulerService - ok
20:57:59.0553 3684  [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:57:59.0569 3684  AntiVirService - ok
20:57:59.0600 3684  [ 89a69c3f2f319b43379399547526d952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:57:59.0678 3684  AppID - ok
20:57:59.0694 3684  [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:57:59.0725 3684  AppIDSvc - ok
20:57:59.0756 3684  [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:57:59.0772 3684  Appinfo - ok
20:57:59.0803 3684  [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:57:59.0834 3684  AppMgmt - ok
20:57:59.0865 3684  [ c484f8ceb1717c540242531db7845c4e ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:57:59.0896 3684  arc - ok
20:57:59.0896 3684  [ 019af6924aefe7839f61c830227fe79c ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:57:59.0928 3684  arcsas - ok
20:58:00.0021 3684  [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:58:00.0052 3684  aspnet_state - ok
20:58:00.0068 3684  [ 769765ce2cc62867468cea93969b2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:00.0130 3684  AsyncMac - ok
20:58:00.0162 3684  [ 02062c0b390b7729edc9e69c680a6f3c ] atapi           C:\Windows\system32\drivers\atapi.sys
20:58:00.0162 3684  atapi - ok
20:58:00.0208 3684  [ 0acc06fcf46f64ed4f11e57ee461c1f4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:58:00.0286 3684  athr - ok
20:58:00.0380 3684  [ cd0660194f369716be4bddc75d81941b ] ATService       C:\Program Files\Fingerprint Sensor\ATService.exe
20:58:00.0474 3684  ATService - ok
20:58:00.0505 3684  [ f0be84449219884bb7ea83af6c0a7a0d ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
20:58:00.0583 3684  ATSwpWDF - ok
20:58:00.0630 3684  [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:00.0708 3684  AudioEndpointBuilder - ok
20:58:00.0739 3684  [ f23fef6d569fce88671949894a8becf1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:58:00.0770 3684  AudioSrv - ok
20:58:00.0786 3684  [ 26e38b5a58c6c55fafbc563eeddb0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:58:00.0801 3684  avgntflt - ok
20:58:00.0817 3684  [ 9d1f00beff84cbbf46d7f052bc7e0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:58:00.0832 3684  avipbb - ok
20:58:00.0848 3684  [ 248db59fc86de44d2779f4c7fb1a567d ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:58:00.0848 3684  avkmgr - ok
20:58:00.0895 3684  [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:58:00.0942 3684  AxInstSV - ok
20:58:00.0973 3684  [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:58:01.0020 3684  b06bdrv - ok
20:58:01.0051 3684  [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:58:01.0098 3684  b57nd60a - ok
20:58:01.0129 3684  [ fde360167101b4e45a96f939f388aeb0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:58:01.0160 3684  BDESVC - ok
20:58:01.0176 3684  [ 16a47ce2decc9b099349a5f840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:58:01.0238 3684  Beep - ok
20:58:01.0285 3684  [ 82974d6a2fd19445cc5171fc378668a4 ] BFE             C:\Windows\System32\bfe.dll
20:58:01.0316 3684  BFE - ok
20:58:01.0347 3684  [ 1ea7969e3271cbc59e1730697dc74682 ] BITS            C:\Windows\System32\qmgr.dll
20:58:01.0425 3684  BITS - ok
20:58:01.0441 3684  [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:01.0456 3684  blbdrive - ok
20:58:01.0488 3684  [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:58:01.0503 3684  bowser - ok
20:58:01.0519 3684  [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:58:01.0566 3684  BrFiltLo - ok
20:58:01.0566 3684  [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:58:01.0581 3684  BrFiltUp - ok
20:58:01.0597 3684  [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser         C:\Windows\System32\browser.dll
20:58:01.0612 3684  Browser - ok
20:58:01.0628 3684  [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:58:01.0659 3684  Brserid - ok
20:58:01.0675 3684  [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:01.0706 3684  BrSerWdm - ok
20:58:01.0706 3684  [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:01.0737 3684  BrUsbMdm - ok
20:58:01.0737 3684  [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:01.0753 3684  BrUsbSer - ok
20:58:01.0768 3684  [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:58:01.0800 3684  BTHMODEM - ok
20:58:01.0831 3684  [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv         C:\Windows\system32\bthserv.dll
20:58:01.0909 3684  bthserv - ok
20:58:01.0924 3684  [ b8bd2bb284668c84865658c77574381a ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:58:01.0956 3684  cdfs - ok
20:58:01.0987 3684  [ f036ce71586e93d94dab220d7bdf4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:58:02.0018 3684  cdrom - ok
20:58:02.0065 3684  [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc     C:\Windows\System32\certprop.dll
20:58:02.0143 3684  CertPropSvc - ok
20:58:02.0158 3684  [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:58:02.0174 3684  circlass - ok
20:58:02.0174 3684  [ fe1ec06f2253f691fe36217c592a0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:58:02.0190 3684  CLFS - ok
20:58:02.0252 3684  [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:02.0268 3684  clr_optimization_v2.0.50727_32 - ok
20:58:02.0314 3684  [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:58:02.0330 3684  clr_optimization_v2.0.50727_64 - ok
20:58:02.0377 3684  [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:02.0408 3684  clr_optimization_v4.0.30319_32 - ok
20:58:02.0424 3684  [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:58:02.0439 3684  clr_optimization_v4.0.30319_64 - ok
20:58:02.0455 3684  [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:58:02.0486 3684  CmBatt - ok
20:58:02.0502 3684  [ e19d3f095812725d88f9001985b94edd ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:58:02.0533 3684  cmdide - ok
20:58:02.0564 3684  [ 9f1c6e308b947cefa1898f094d830ef0 ] cmTCS64 Service C:\Windows\system32\cmTCS64.exe
20:58:02.0595 3684  cmTCS64 Service - ok
20:58:02.0626 3684  [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG             C:\Windows\system32\Drivers\cng.sys
20:58:02.0673 3684  CNG - ok
20:58:02.0704 3684  [ 102de219c3f61415f964c88e9085ad14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:58:02.0720 3684  Compbatt - ok
20:58:02.0751 3684  [ 03edb043586cceba243d689bdda370a8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:58:02.0782 3684  CompositeBus - ok
20:58:02.0814 3684  COMSysApp - ok
20:58:02.0829 3684  [ 1c827878a998c18847245fe1f34ee597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:58:02.0845 3684  crcdisk - ok
20:58:02.0876 3684  [ 4f5414602e2544a4554d95517948b705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:58:02.0907 3684  CryptSvc - ok
20:58:02.0954 3684  [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:58:03.0032 3684  CSC - ok
20:58:03.0079 3684  [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService      C:\Windows\System32\cscsvc.dll
20:58:03.0126 3684  CscService - ok
20:58:03.0188 3684  [ 44bddeb03c84a1c993c992ffb5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
20:58:03.0204 3684  CVirtA - ok
20:58:03.0282 3684  [ 98c413e1a2fb6e5a4c101c25b3d0b275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:58:03.0344 3684  CVPND - ok
20:58:03.0406 3684  [ 79af0e203d089af442a3f70ed00a37fb ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
20:58:03.0422 3684  CVPNDRVA - ok
20:58:03.0469 3684  [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:58:03.0547 3684  DcomLaunch - ok
20:58:03.0562 3684  [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc       C:\Windows\System32\defragsvc.dll
20:58:03.0609 3684  defragsvc - ok
20:58:03.0656 3684  [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:58:03.0703 3684  DfsC - ok
20:58:03.0718 3684  [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:58:03.0765 3684  Dhcp - ok
20:58:03.0796 3684  [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache        C:\Windows\system32\drivers\discache.sys
20:58:03.0828 3684  discache - ok
20:58:03.0843 3684  [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:58:03.0859 3684  Disk - ok
20:58:03.0906 3684  [ 05cb5910b3ca6019fc3cca815ee06ffb ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
20:58:03.0921 3684  DNE - ok
20:58:03.0952 3684  [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:58:03.0999 3684  Dnscache - ok
20:58:04.0030 3684  [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:58:04.0093 3684  dot3svc - ok
20:58:04.0124 3684  [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS             C:\Windows\system32\dps.dll
20:58:04.0155 3684  DPS - ok
20:58:04.0186 3684  [ 9b19f34400d24df84c858a421c205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:58:04.0202 3684  drmkaud - ok
20:58:04.0233 3684  DSDrv4 - ok
20:58:04.0264 3684  [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:58:04.0327 3684  DXGKrnl - ok
20:58:04.0342 3684  [ 52a482dc61f24b498c8268866b90bb44 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
20:58:04.0358 3684  e1kexpress - ok
20:58:04.0389 3684  [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:58:04.0420 3684  EapHost - ok
20:58:04.0498 3684  [ dc5d737f51be844d8c82c695eb17372f ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:58:04.0592 3684  ebdrv - ok
20:58:04.0623 3684  [ c118a82cd78818c29ab228366ebf81c3 ] EFS             C:\Windows\System32\lsass.exe
20:58:04.0654 3684  EFS - ok
20:58:04.0701 3684  [ c4002b6b41975f057d98c439030cea07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:58:04.0764 3684  ehRecvr - ok
20:58:04.0779 3684  [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:58:04.0795 3684  ehSched - ok
20:58:04.0842 3684  [ 0e5da5369a0fcaea12456dd852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:58:04.0873 3684  elxstor - ok
20:58:04.0888 3684  [ 34a3c54752046e79a126e15c51db409b ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:58:04.0920 3684  ErrDev - ok
20:58:04.0951 3684  [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem     C:\Windows\system32\es.dll
20:58:04.0998 3684  EventSystem - ok
20:58:05.0029 3684  [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat           C:\Windows\system32\drivers\exfat.sys
20:58:05.0060 3684  exfat - ok
20:58:05.0076 3684  [ 0adc83218b66a6db380c330836f3e36d ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:58:05.0107 3684  fastfat - ok
20:58:05.0138 3684  [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax             C:\Windows\system32\fxssvc.exe
20:58:05.0154 3684  Fax - ok
20:58:05.0185 3684  [ 9955bf48fd2fa8d481848cd3024edd0b ] FBIOSDRV        C:\Windows\system32\Drivers\FBIOSDRV.sys
20:58:05.0185 3684  FBIOSDRV - ok
20:58:05.0200 3684  [ 6e30b2b532f0de8340a09708e5279daf ] fcrimg4         C:\Windows\system32\DRIVERS\fcrimg4.sys
20:58:05.0232 3684  fcrimg4 - ok
20:58:05.0247 3684  [ d765d19cd8ef61f650c384f62fac00ab ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:58:05.0263 3684  fdc - ok
20:58:05.0294 3684  [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:58:05.0356 3684  fdPHost - ok
20:58:05.0372 3684  [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:58:05.0403 3684  FDResPub - ok
20:58:05.0419 3684  [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:58:05.0450 3684  FileInfo - ok
20:58:05.0466 3684  [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:58:05.0497 3684  Filetrace - ok
20:58:05.0544 3684  [ d5a72cca060bef75075877c0ad504df0 ] FJGSDisk        C:\Windows\system32\DRIVERS\FJGSDisk.sys
20:58:05.0544 3684  FJGSDisk - ok
20:58:05.0559 3684  [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:05.0575 3684  flpydisk - ok
20:58:05.0622 3684  [ da6b67270fd9db3697b20fce94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:58:05.0637 3684  FltMgr - ok
20:58:05.0684 3684  [ b4447f606bb19fd8ad0bafb59b90f5d9 ] FontCache       C:\Windows\system32\FntCache.dll
20:58:05.0778 3684  FontCache - ok
20:58:05.0840 3684  [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:58:05.0856 3684  FontCache3.0.0.0 - ok
20:58:05.0887 3684  [ e820d9ae86732c9a51a841c534ca9b1c ] FscBapi         C:\Windows\system32\DRIVERS\FscBapi.sys
20:58:05.0902 3684  FscBapi - ok
20:58:05.0918 3684  [ 37109e225e77c542a1879ee021b08f8e ] FscGabi         C:\Windows\system32\DRIVERS\FscGabi.sys
20:58:05.0934 3684  FscGabi - ok
20:58:05.0949 3684  [ d43703496149971890703b4b1b723eac ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:58:05.0965 3684  FsDepends - ok
20:58:05.0996 3684  [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:58:05.0996 3684  Fs_Rec - ok
20:58:06.0027 3684  [ ba0c1ffda496d8bcbcac63f8d98d20e3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
20:58:06.0058 3684  FUJ02B1 - ok
20:58:06.0074 3684  [ 7135030cbf87d724b6037bb023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
20:58:06.0090 3684  FUJ02E3 - ok
20:58:06.0121 3684  [ 1f7b25b858fa27015169fe95e54108ed ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:58:06.0152 3684  fvevol - ok
20:58:06.0168 3684  [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:58:06.0183 3684  gagp30kx - ok
20:58:06.0214 3684  [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc           C:\Windows\System32\gpsvc.dll
20:58:06.0308 3684  gpsvc - ok
20:58:06.0339 3684  [ adb4348da1345877b04e22203afc8993 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
20:58:06.0355 3684  hcmon - ok
20:58:06.0370 3684  [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:58:06.0417 3684  hcw85cir - ok
20:58:06.0464 3684  [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:58:06.0495 3684  HdAudAddService - ok
20:58:06.0526 3684  [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:58:06.0558 3684  HDAudBus - ok
20:58:06.0589 3684  [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:58:06.0589 3684  HECIx64 - ok
20:58:06.0604 3684  [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:58:06.0636 3684  HidBatt - ok
20:58:06.0667 3684  [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:58:06.0698 3684  HidBth - ok
20:58:06.0714 3684  [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:58:06.0745 3684  HidIr - ok
20:58:06.0792 3684  [ bd9eb3958f213f96b97b1d897dee006d ] hidserv         C:\Windows\system32\hidserv.dll
20:58:06.0854 3684  hidserv - ok
20:58:06.0885 3684  [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:58:06.0901 3684  HidUsb - ok
20:58:06.0916 3684  [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:58:06.0979 3684  hkmsvc - ok
20:58:07.0010 3684  [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:07.0026 3684  HomeGroupListener - ok
20:58:07.0057 3684  [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:07.0088 3684  HomeGroupProvider - ok
20:58:07.0104 3684  [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:58:07.0119 3684  HpSAMD - ok
20:58:07.0150 3684  [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:58:07.0213 3684  HTTP - ok
20:58:07.0228 3684  [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:58:07.0244 3684  hwpolicy - ok
20:58:07.0260 3684  [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:58:07.0275 3684  i8042prt - ok
20:58:07.0291 3684  [ 073a606333b6f7bbf20aa856df7f0997 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:58:07.0306 3684  iaStor - ok
20:58:07.0322 3684  [ 3df4395a7cf8b7a72a5f4606366b8c2d ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:58:07.0338 3684  iaStorV - ok
20:58:07.0369 3684  [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:58:07.0400 3684  idsvc - ok
20:58:07.0431 3684  [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:58:07.0431 3684  iirsp - ok
20:58:07.0462 3684  [ fcd84c381e0140af901e58d48882d26b ] IKEEXT          C:\Windows\System32\ikeext.dll
20:58:07.0540 3684  IKEEXT - ok
20:58:07.0618 3684  [ 42943bb3ab7a405b30eff7c8283cc129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:58:07.0681 3684  IntcAzAudAddService - ok
20:58:07.0696 3684  [ f00f20e70c6ec3aa366910083a0518aa ] intelide        C:\Windows\system32\drivers\intelide.sys
20:58:07.0712 3684  intelide - ok
20:58:07.0728 3684  [ ada036632c664caa754079041cf1f8c1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:58:07.0759 3684  intelppm - ok
20:58:07.0774 3684  [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:58:07.0806 3684  IPBusEnum - ok
20:58:07.0821 3684  [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:07.0852 3684  IpFilterDriver - ok
20:58:07.0884 3684  [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:58:07.0930 3684  iphlpsvc - ok
20:58:07.0946 3684  [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:58:07.0977 3684  IPMIDRV - ok
20:58:07.0993 3684  [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:58:08.0024 3684  IPNAT - ok
20:58:08.0040 3684  [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:58:08.0071 3684  IRENUM - ok
20:58:08.0102 3684  [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:58:08.0118 3684  isapnp - ok
20:58:08.0133 3684  [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:58:08.0133 3684  iScsiPrt - ok
20:58:08.0164 3684  [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:58:08.0180 3684  kbdclass - ok
20:58:08.0196 3684  [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:58:08.0211 3684  kbdhid - ok
20:58:08.0227 3684  [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso          C:\Windows\system32\lsass.exe
20:58:08.0227 3684  KeyIso - ok
20:58:08.0258 3684  [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:58:08.0274 3684  KSecDD - ok
20:58:08.0274 3684  [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:58:08.0289 3684  KSecPkg - ok
20:58:08.0320 3684  [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:58:08.0352 3684  ksthunk - ok
20:58:08.0367 3684  [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:58:08.0414 3684  KtmRm - ok
20:58:08.0445 3684  [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:58:08.0476 3684  LanmanServer - ok
20:58:08.0508 3684  [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:08.0554 3684  LanmanWorkstation - ok
20:58:08.0586 3684  [ 1538831cf8ad2979a04c423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:58:08.0632 3684  lltdio - ok
20:58:08.0664 3684  [ c1185803384ab3feed115f79f109427f ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:58:08.0710 3684  lltdsvc - ok
20:58:08.0726 3684  [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:58:08.0757 3684  lmhosts - ok
20:58:08.0820 3684  [ a1c148801b4af64847aeb9f3ad9594ef ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:58:08.0851 3684  LMS ( UnsignedFile.Multi.Generic ) - warning
20:58:08.0851 3684  LMS - detected UnsignedFile.Multi.Generic (1)
20:58:08.0929 3684  [ a939b91c1dd17ab5b86182d3a052b0ac ] LogonUserService C:\Program Files\SmartCase Logon+\System\logonuser.exe
20:58:08.0944 3684  LogonUserService ( UnsignedFile.Multi.Generic ) - warning
20:58:08.0944 3684  LogonUserService - detected UnsignedFile.Multi.Generic (1)
20:58:08.0976 3684  [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:58:08.0991 3684  LSI_FC - ok
20:58:09.0007 3684  [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:58:09.0022 3684  LSI_SAS - ok
20:58:09.0022 3684  [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:58:09.0038 3684  LSI_SAS2 - ok
20:58:09.0054 3684  [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:58:09.0054 3684  LSI_SCSI - ok
20:58:09.0085 3684  [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv           C:\Windows\system32\drivers\luafv.sys
20:58:09.0132 3684  luafv - ok
20:58:09.0163 3684  [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:58:09.0178 3684  Mcx2Svc - ok
20:58:09.0194 3684  [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:58:09.0210 3684  megasas - ok
20:58:09.0210 3684  [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:58:09.0225 3684  MegaSR - ok
20:58:09.0241 3684  [ e40e80d0304a73e8d269f7141d77250b ] MMCSS           C:\Windows\system32\mmcss.dll
20:58:09.0288 3684  MMCSS - ok
20:58:09.0334 3684  [ d1ee6c8bdef6f1e4da55dc889f8a9355 ] mod7700         C:\Windows\system32\DRIVERS\dvb7700all.sys
20:58:09.0366 3684  mod7700 - ok
20:58:09.0381 3684  [ 800ba92f7010378b09f9ed9270f07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:58:09.0428 3684  Modem - ok
20:58:09.0459 3684  [ b03d591dc7da45ece20b3b467e6aadaa ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:58:09.0475 3684  monitor - ok
20:58:09.0490 3684  [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:58:09.0490 3684  mouclass - ok
20:58:09.0522 3684  [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:58:09.0522 3684  mouhid - ok
20:58:09.0568 3684  [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:58:09.0584 3684  mountmgr - ok
20:58:09.0600 3684  [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:58:09.0600 3684  mpio - ok
20:58:09.0615 3684  [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:58:09.0646 3684  mpsdrv - ok
20:58:09.0678 3684  [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:58:09.0724 3684  MpsSvc - ok
20:58:09.0756 3684  [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:58:09.0771 3684  MRxDAV - ok
20:58:09.0787 3684  [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:09.0834 3684  mrxsmb - ok
20:58:09.0849 3684  [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:09.0896 3684  mrxsmb10 - ok
20:58:09.0927 3684  [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:09.0943 3684  mrxsmb20 - ok
20:58:09.0943 3684  [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:58:09.0958 3684  msahci - ok
20:58:09.0990 3684  [ db801a638d011b9633829eb6f663c900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:58:10.0005 3684  msdsm - ok
20:58:10.0021 3684  [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:58:10.0036 3684  MSDTC - ok
20:58:10.0068 3684  [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:58:10.0099 3684  Msfs - ok
20:58:10.0114 3684  [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:58:10.0146 3684  mshidkmdf - ok
20:58:10.0146 3684  [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:58:10.0146 3684  msisadrv - ok
20:58:10.0192 3684  [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:58:10.0255 3684  MSiSCSI - ok
20:58:10.0270 3684  msiserver - ok
20:58:10.0286 3684  [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:58:10.0317 3684  MSKSSRV - ok
20:58:10.0317 3684  [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:10.0364 3684  MSPCLOCK - ok
20:58:10.0380 3684  [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:58:10.0426 3684  MSPQM - ok
20:58:10.0442 3684  [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:58:10.0458 3684  MsRPC - ok
20:58:10.0473 3684  [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:58:10.0473 3684  mssmbios - ok
20:58:10.0489 3684  [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:58:10.0551 3684  MSTEE - ok
20:58:10.0567 3684  [ 7ea404308934e675bffde8edf0757bcd ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:58:10.0567 3684  MTConfig - ok
20:58:10.0582 3684  [ f9a18612fd3526fe473c1bda678d61c8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:58:10.0598 3684  Mup - ok
20:58:10.0614 3684  [ 582ac6d9873e31dfa28a4547270862dd ] napagent        C:\Windows\system32\qagentRT.dll
20:58:10.0645 3684  napagent - ok
20:58:10.0676 3684  [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:58:10.0707 3684  NativeWifiP - ok
20:58:10.0738 3684  [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:58:10.0785 3684  NDIS - ok
20:58:10.0801 3684  [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:10.0832 3684  NdisCap - ok
20:58:10.0848 3684  [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:10.0879 3684  NdisTapi - ok
20:58:10.0910 3684  [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:10.0957 3684  Ndisuio - ok
20:58:10.0988 3684  [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:11.0019 3684  NdisWan - ok
20:58:11.0035 3684  [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:58:11.0082 3684  NDProxy - ok
20:58:11.0175 3684  [ b90e093e7a7250906f1054418b5339c0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:58:11.0222 3684  Nero BackItUp Scheduler 4.0 - ok
20:58:11.0238 3684  [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:58:11.0269 3684  NetBIOS - ok
20:58:11.0300 3684  [ 09594d1089c523423b32a4229263f068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:58:11.0331 3684  NetBT - ok
20:58:11.0347 3684  [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon        C:\Windows\system32\lsass.exe
20:58:11.0347 3684  Netlogon - ok
20:58:11.0394 3684  [ 847d3ae376c0817161a14a82c8922a9e ] Netman          C:\Windows\System32\netman.dll
20:58:11.0425 3684  Netman - ok
20:58:11.0456 3684  [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:11.0487 3684  NetMsmqActivator - ok
20:58:11.0487 3684  [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:11.0503 3684  NetPipeActivator - ok
20:58:11.0518 3684  [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm        C:\Windows\System32\netprofm.dll
20:58:11.0581 3684  netprofm - ok
20:58:11.0581 3684  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:11.0596 3684  NetTcpActivator - ok
20:58:11.0596 3684  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:11.0596 3684  NetTcpPortSharing - ok
20:58:11.0628 3684  [ 77889813be4d166cdab78ddba990da92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:58:11.0628 3684  nfrd960 - ok
20:58:11.0659 3684  [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:58:11.0721 3684  NlaSvc - ok
20:58:11.0721 3684  [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:58:11.0752 3684  Npfs - ok
20:58:11.0768 3684  [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:58:11.0799 3684  nsi - ok
20:58:11.0815 3684  [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:58:11.0846 3684  nsiproxy - ok
20:58:11.0908 3684  [ 05d78aa5cb5f3f5c31160bdb955d0b7c ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:58:11.0955 3684  Ntfs - ok
20:58:11.0971 3684  [ 9899284589f75fa8724ff3d16aed75c1 ] Null            C:\Windows\system32\drivers\Null.sys
20:58:12.0002 3684  Null - ok
20:58:12.0189 3684  [ bec4de50b563a982a2196dfb250fc149 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:58:12.0439 3684  nvlddmkm - ok
20:58:12.0454 3684  [ 5d9fd91f3d38dc9da01e3cb5fa89cd48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:58:12.0470 3684  nvraid - ok
20:58:12.0517 3684  [ f7cd50fe7139f07e77da8ac8033d1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:58:12.0532 3684  nvstor - ok
20:58:12.0564 3684  [ fe4ef0dc671d515397de7a17ad6d5438 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:58:12.0579 3684  nvsvc - ok
20:58:12.0595 3684  [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:58:12.0610 3684  nv_agp - ok
20:58:12.0688 3684  [ d955d5de998db2476bf0892be3a96c26 ] O2Flash         C:\Windows\SysWOW64\o2flash.exe
20:58:12.0688 3684  O2Flash ( UnsignedFile.Multi.Generic ) - warning
20:58:12.0688 3684  O2Flash - detected UnsignedFile.Multi.Generic (1)
20:58:12.0704 3684  [ aecff27d5c70f295b09b85efe3292ed1 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2mdx64.sys
20:58:12.0720 3684  O2MDRDR - ok
20:58:12.0735 3684  [ 3b179a7eff9edcc045f5570510c812f6 ] O2SCBUS         C:\Windows\system32\DRIVERS\ozscrx64.sys
20:58:12.0751 3684  O2SCBUS - ok
20:58:12.0766 3684  [ df014c48015b637790be3eddd1384728 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sdx64.sys
20:58:12.0766 3684  O2SDRDR - ok
20:58:12.0844 3684  [ 84de1dd996b48b05ace31ad015fa108a ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:58:12.0876 3684  odserv - ok
20:58:12.0891 3684  [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:58:12.0891 3684  ohci1394 - ok
20:58:12.0954 3684  [ 5a432a042dae460abe7199b758e8606c ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:12.0969 3684  ose - ok
20:58:13.0000 3684  [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:58:13.0032 3684  p2pimsvc - ok
20:58:13.0047 3684  [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:58:13.0063 3684  p2psvc - ok
20:58:13.0094 3684  [ 0086431c29c35be1dbc43f52cc273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:58:13.0110 3684  Parport - ok
20:58:13.0141 3684  [ e9766131eeade40a27dc27d2d68fba9c ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:58:13.0141 3684  partmgr - ok
20:58:13.0172 3684  [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:58:13.0188 3684  PcaSvc - ok
20:58:13.0219 3684  [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci             C:\Windows\system32\drivers\pci.sys
20:58:13.0250 3684  pci - ok
20:58:13.0266 3684  [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide          C:\Windows\system32\drivers\pciide.sys
20:58:13.0281 3684  pciide - ok
20:58:13.0297 3684  [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:58:13.0328 3684  pcmcia - ok
20:58:13.0344 3684  [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:58:13.0359 3684  pcw - ok
20:58:13.0359 3684  [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:58:13.0406 3684  PEAUTH - ok
20:58:13.0437 3684  [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:58:13.0500 3684  PeerDistSvc - ok
20:58:13.0515 3684  [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:58:13.0546 3684  PerfHost - ok
20:58:13.0593 3684  [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla             C:\Windows\system32\pla.dll
20:58:13.0656 3684  pla - ok
20:58:13.0702 3684  [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:58:13.0718 3684  PlugPlay - ok
20:58:13.0718 3684  [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:58:13.0749 3684  PNRPAutoReg - ok
20:58:13.0765 3684  [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:58:13.0780 3684  PNRPsvc - ok
20:58:13.0796 3684  [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:58:13.0843 3684  PolicyAgent - ok
20:58:13.0858 3684  [ 6ba9d927dded70bd1a9caded45f8b184 ] Power           C:\Windows\system32\umpo.dll
20:58:13.0905 3684  Power - ok
20:58:13.0968 3684  [ 843ba5f09a391d52ac1f8486c5fc3d4f ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
20:58:13.0968 3684  PowerSavingUtilityService - ok
20:58:13.0999 3684  [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:58:14.0046 3684  PptpMiniport - ok
20:58:14.0061 3684  [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:58:14.0077 3684  Processor - ok
20:58:14.0092 3684  [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc         C:\Windows\system32\profsvc.dll
20:58:14.0139 3684  ProfSvc - ok
20:58:14.0155 3684  [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:14.0170 3684  ProtectedStorage - ok
20:58:14.0202 3684  [ 0557cf5a2556bd58e26384169d72438d ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:58:14.0233 3684  Psched - ok
20:58:14.0280 3684  [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:58:14.0326 3684  ql2300 - ok
20:58:14.0342 3684  [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:58:14.0358 3684  ql40xx - ok
20:58:14.0389 3684  [ 906191634e99aea92c4816150bda3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:58:14.0404 3684  QWAVE - ok
20:58:14.0420 3684  [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:58:14.0436 3684  QWAVEdrv - ok
20:58:14.0451 3684  [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:58:14.0482 3684  RasAcd - ok
20:58:14.0514 3684  [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:14.0529 3684  RasAgileVpn - ok
20:58:14.0545 3684  [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:58:14.0576 3684  RasAuto - ok
20:58:14.0592 3684  [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:14.0623 3684  Rasl2tp - ok
20:58:14.0654 3684  [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan          C:\Windows\System32\rasmans.dll
20:58:14.0685 3684  RasMan - ok
20:58:14.0701 3684  [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:14.0732 3684  RasPppoe - ok
20:58:14.0732 3684  [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:58:14.0763 3684  RasSstp - ok
20:58:14.0794 3684  [ 77f665941019a1594d887a74f301fa2f ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:58:14.0857 3684  rdbss - ok
20:58:14.0872 3684  [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:58:14.0888 3684  rdpbus - ok
20:58:14.0904 3684  [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:14.0919 3684  RDPCDD - ok
20:58:14.0966 3684  [ 1b6163c503398b23ff8b939c67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:58:14.0966 3684  RDPDR - ok
20:58:14.0982 3684  [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:58:15.0044 3684  RDPENCDD - ok
20:58:15.0060 3684  [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:58:15.0075 3684  RDPREFMP - ok
20:58:15.0106 3684  [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:58:15.0122 3684  RDPWD - ok
20:58:15.0138 3684  [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:58:15.0153 3684  rdyboost - ok
20:58:15.0169 3684  [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:58:15.0200 3684  RemoteAccess - ok
20:58:15.0231 3684  [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:58:15.0278 3684  RemoteRegistry - ok
20:58:15.0294 3684  [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:58:15.0340 3684  RpcEptMapper - ok
20:58:15.0356 3684  [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator      C:\Windows\system32\locator.exe
20:58:15.0387 3684  RpcLocator - ok
20:58:15.0434 3684  [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:58:15.0496 3684  RpcSs - ok
20:58:15.0528 3684  [ ddc86e4f8e7456261e637e3552e804ff ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:58:15.0574 3684  rspndr - ok
20:58:15.0606 3684  [ e60c0a09f997826c7627b244195ab581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:58:15.0637 3684  s3cap - ok
20:58:15.0652 3684  [ c118a82cd78818c29ab228366ebf81c3 ] SamSs           C:\Windows\system32\lsass.exe
20:58:15.0668 3684  SamSs - ok
20:58:15.0684 3684  [ ac03af3329579fffb455aa2daabbe22b ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:58:15.0699 3684  sbp2port - ok
20:58:15.0730 3684  [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:58:15.0793 3684  SCardSvr - ok
20:58:15.0824 3684  [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:58:15.0855 3684  scfilter - ok
20:58:15.0902 3684  [ 262f6592c3299c005fd6bec90fc4463a ] Schedule        C:\Windows\system32\schedsvc.dll
20:58:15.0964 3684  Schedule - ok
20:58:15.0996 3684  [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:58:16.0027 3684  SCPolicySvc - ok
20:58:16.0058 3684  [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:58:16.0089 3684  sdbus - ok
20:58:16.0120 3684  [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:58:16.0152 3684  SDRSVC - ok
20:58:16.0183 3684  [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:58:16.0245 3684  secdrv - ok
20:58:16.0245 3684  [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon        C:\Windows\system32\seclogon.dll
20:58:16.0308 3684  seclogon - ok
20:58:16.0339 3684  [ c32ab8fa018ef34c0f113bd501436d21 ] SENS            C:\Windows\System32\sens.dll
20:58:16.0386 3684  SENS - ok
20:58:16.0401 3684  [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:58:16.0417 3684  SensrSvc - ok
20:58:16.0432 3684  [ cb624c0035412af0debec78c41f5ca1b ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:58:16.0448 3684  Serenum - ok
20:58:16.0479 3684  [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:58:16.0510 3684  Serial - ok
20:58:16.0557 3684  [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:58:16.0588 3684  sermouse - ok
20:58:16.0620 3684  [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:58:16.0666 3684  SessionEnv - ok
20:58:16.0682 3684  [ a554811bcd09279536440c964ae35bbf ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:58:16.0698 3684  sffdisk - ok
20:58:16.0713 3684  [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:58:16.0729 3684  sffp_mmc - ok
20:58:16.0744 3684  [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:58:16.0760 3684  sffp_sd - ok
20:58:16.0760 3684  [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:58:16.0776 3684  sfloppy - ok
20:58:16.0807 3684  [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:58:16.0838 3684  SharedAccess - ok
20:58:16.0854 3684  [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:16.0885 3684  ShellHWDetection - ok
20:58:16.0900 3684  [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:58:16.0916 3684  SiSRaid2 - ok
20:58:16.0916 3684  [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:58:16.0932 3684  SiSRaid4 - ok
20:58:16.0963 3684  [ 346ada7fcc14981ca529553ad1d3894b ] SmartCaseServer C:\Program Files\SmartCase Logon+\Password Manager\SmartCaseServer.exe
20:58:16.0978 3684  SmartCaseServer ( UnsignedFile.Multi.Generic ) - warning
20:58:16.0978 3684  SmartCaseServer - detected UnsignedFile.Multi.Generic (1)
20:58:17.0025 3684  [ 76377eb397b0baccc7be651a64bb440f ] SmartyLogService C:\Program Files\SmartCase Logon+\System\SmartyLog.exe
20:58:17.0041 3684  SmartyLogService ( UnsignedFile.Multi.Generic ) - warning
20:58:17.0041 3684  SmartyLogService - detected UnsignedFile.Multi.Generic (1)
20:58:17.0072 3684  [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:58:17.0119 3684  Smb - ok
20:58:17.0150 3684  [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:58:17.0150 3684  SNMPTRAP - ok
20:58:17.0259 3684  [ ed116ef32d0c80596b5cc9b16799b29a ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
20:58:17.0337 3684  SNP2UVC - ok
20:58:17.0353 3684  [ b9e31e5cacdfe584f34f730a677803f9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:58:17.0353 3684  spldr - ok
20:58:17.0384 3684  [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler         C:\Windows\System32\spoolsv.exe
20:58:17.0415 3684  Spooler - ok
20:58:17.0509 3684  [ e17e0188bb90fae42d83e98707efa59c ] sppsvc          C:\Windows\system32\sppsvc.exe
20:58:17.0602 3684  sppsvc - ok
20:58:17.0634 3684  [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:58:17.0680 3684  sppuinotify - ok
20:58:17.0712 3684  [ 441fba48bff01fdb9d5969ebc1838f0b ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:58:17.0743 3684  srv - ok
20:58:17.0758 3684  [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:58:17.0774 3684  srv2 - ok
20:58:17.0790 3684  [ 27e461f0be5bff5fc737328f749538c3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:58:17.0805 3684  srvnet - ok
20:58:17.0836 3684  [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:58:17.0868 3684  SSDPSRV - ok
20:58:17.0883 3684  [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:58:17.0914 3684  SstpSvc - ok
20:58:17.0930 3684  [ f3817967ed533d08327dc73bc4d5542a ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:58:17.0930 3684  stexstor - ok
20:58:17.0961 3684  [ decacb6921ded1a38642642685d77dac ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:58:17.0992 3684  StillCam - ok
20:58:18.0024 3684  [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:58:18.0055 3684  stisvc - ok
20:58:18.0102 3684  [ 7785dc213270d2fc066538daf94087e7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:58:18.0117 3684  storflt - ok
20:58:18.0133 3684  [ c40841817ef57d491f22eb103da587cc ] StorSvc         C:\Windows\system32\storsvc.dll
20:58:18.0148 3684  StorSvc - ok
20:58:18.0164 3684  [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:58:18.0180 3684  storvsc - ok
20:58:18.0211 3684  [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:58:18.0211 3684  swenum - ok
20:58:18.0242 3684  [ e08e46fdd841b7184194011ca1955a0b ] swprv           C:\Windows\System32\swprv.dll
20:58:18.0273 3684  swprv - ok
20:58:18.0320 3684  [ 2f827bb08cc7f1a17df2ead7b424d731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:58:18.0336 3684  SynTP - ok
20:58:18.0398 3684  [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain         C:\Windows\system32\sysmain.dll
20:58:18.0460 3684  SysMain - ok
20:58:18.0492 3684  [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:58:18.0507 3684  TabletInputService - ok
20:58:18.0538 3684  [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:58:18.0616 3684  TapiSrv - ok
20:58:18.0616 3684  [ 1be03ac720f4d302ea01d40f588162f6 ] TBS             C:\Windows\System32\tbssvc.dll
20:58:18.0679 3684  TBS - ok
20:58:18.0757 3684  [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:58:18.0819 3684  Tcpip - ok
20:58:18.0897 3684  [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:58:18.0928 3684  TCPIP6 - ok
20:58:18.0960 3684  [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:58:18.0991 3684  tcpipreg - ok
20:58:19.0022 3684  [ 3371d21011695b16333a3934340c4e7c ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:58:19.0053 3684  TDPIPE - ok
20:58:19.0084 3684  [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:58:19.0116 3684  TDTCP - ok
20:58:19.0162 3684  [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:58:19.0209 3684  tdx - ok
20:58:19.0225 3684  [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:58:19.0240 3684  TermDD - ok
20:58:19.0256 3684  [ 2e648163254233755035b46dd7b89123 ] TermService     C:\Windows\System32\termsrv.dll
20:58:19.0303 3684  TermService - ok
20:58:19.0334 3684  [ f0344071948d1a1fa732231785a0664c ] Themes          C:\Windows\system32\themeservice.dll
20:58:19.0381 3684  Themes - ok
20:58:19.0396 3684  [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER     C:\Windows\system32\mmcss.dll
20:58:19.0428 3684  THREADORDER - ok
20:58:19.0428 3684  [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks          C:\Windows\System32\trkwks.dll
20:58:19.0474 3684  TrkWks - ok
20:58:19.0521 3684  [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:58:19.0568 3684  TrustedInstaller - ok
20:58:19.0599 3684  [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:19.0615 3684  tssecsrv - ok
20:58:19.0646 3684  [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:58:19.0677 3684  TsUsbFlt - ok
20:58:19.0724 3684  [ 3566a8daafa27af944f5d705eaa64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:58:19.0786 3684  tunnel - ok
20:58:19.0802 3684  [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:58:19.0818 3684  uagp35 - ok
20:58:19.0833 3684  [ ff4232a1a64012baa1fd97c7b67df593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:58:19.0896 3684  udfs - ok
20:58:19.0927 3684  [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:58:19.0942 3684  UI0Detect - ok
20:58:19.0974 3684  [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:58:19.0974 3684  uliagpkx - ok
20:58:20.0020 3684  [ dc54a574663a895c8763af0fa1ff7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:58:20.0052 3684  umbus - ok
20:58:20.0083 3684  [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:58:20.0098 3684  UmPass - ok
20:58:20.0130 3684  [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService    C:\Windows\System32\umrdp.dll
20:58:20.0145 3684  UmRdpService - ok
20:58:20.0239 3684  [ 41118d920b2b268c0adc36421248cdcf ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:58:20.0301 3684  UNS ( UnsignedFile.Multi.Generic ) - warning
20:58:20.0301 3684  UNS - detected UnsignedFile.Multi.Generic (1)
20:58:20.0332 3684  [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost        C:\Windows\System32\upnphost.dll
20:58:20.0379 3684  upnphost - ok
20:58:20.0410 3684  [ 481dff26b4dca8f4cbac1f7dce1d6829 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
20:58:20.0442 3684  usbccgp - ok
20:58:20.0457 3684  [ af0892a803fdda7492f595368e3b68e7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:58:20.0488 3684  usbcir - ok
20:58:20.0520 3684  [ 74ee782b1d9c241efe425565854c661c ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:58:20.0566 3684  usbehci - ok
20:58:20.0598 3684  [ dc96bd9ccb8403251bcf25047573558e ] usbhub          C:\Windows\system32\drivers\usbhub.sys
20:58:20.0629 3684  usbhub - ok
20:58:20.0644 3684  [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:58:20.0644 3684  usbohci - ok
20:58:20.0660 3684  [ 73188f58fb384e75c4063d29413cee3d ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:58:20.0676 3684  usbprint - ok
20:58:20.0691 3684  [ d76510cfa0fc09023077f22c2f979d86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:58:20.0707 3684  USBSTOR - ok
20:58:20.0722 3684  [ 81fb2216d3a60d1284455d511797db3d ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:58:20.0738 3684  usbuhci - ok
20:58:20.0754 3684  [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:58:20.0769 3684  usbvideo - ok
20:58:20.0785 3684  [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms           C:\Windows\System32\uxsms.dll
20:58:20.0816 3684  UxSms - ok
20:58:20.0832 3684  [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:58:20.0847 3684  VaultSvc - ok
20:58:20.0863 3684  [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:58:20.0863 3684  vdrvroot - ok
20:58:20.0894 3684  [ 8d6b481601d01a456e75c3210f1830be ] vds             C:\Windows\System32\vds.exe
20:58:20.0941 3684  vds - ok
20:58:20.0988 3684  [ 85256da6fdbd6b16c526c858f2da8bf0 ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
20:58:21.0003 3684  VFPRadioSupportService - ok
20:58:21.0019 3684  [ da4da3f5e02943c2dc8c6ed875de68dd ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:58:21.0050 3684  vga - ok
20:58:21.0066 3684  [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:58:21.0128 3684  VgaSave - ok
20:58:21.0144 3684  [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:58:21.0144 3684  vhdmp - ok
20:58:21.0175 3684  [ e5689d93ffe4e5d66c0178761240dd54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:58:21.0190 3684  viaide - ok
20:58:21.0315 3684  [ 94cf2d157c8fd9089afa5da78aa64c65 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
20:58:21.0331 3684  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
20:58:21.0331 3684  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
20:58:21.0362 3684  [ 86ea3e79ae350fea5331a1303054005f ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:58:21.0393 3684  vmbus - ok
20:58:21.0409 3684  [ 7de90b48f210d29649380545db45a187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:58:21.0409 3684  VMBusHID - ok
20:58:21.0440 3684  [ 87fc1dd880e8cac4faebb84af61a87c4 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
20:58:21.0456 3684  vmci - ok
20:58:21.0487 3684  [ 0b13268268b3d2c99ba5021593d0f767 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
20:58:21.0502 3684  vmkbd - ok
20:58:21.0518 3684  [ b259c31378bc855afd1b53f59311c251 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:58:21.0534 3684  VMnetAdapter - ok
20:58:21.0549 3684  [ dec4ce720ffeda939cf1ba315cfbd993 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:58:21.0565 3684  VMnetBridge - ok
20:58:21.0565 3684  VMnetDHCP - ok
20:58:21.0580 3684  [ 518d188f04bc4c6ba0581775b9a5ea90 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
20:58:21.0580 3684  VMnetuserif - ok
20:58:21.0627 3684  [ 9cd350e880d6625f855b6d709b5a3ef4 ] VMparport       C:\Windows\system32\drivers\VMparport.sys
20:58:21.0643 3684  VMparport - ok
20:58:21.0690 3684  [ 415b167695c4b5960a13098622ef3d80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
20:58:21.0705 3684  vmusb - ok
20:58:21.0752 3684  [ 18903ca7936912c337c9d28858880cf2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
20:58:21.0799 3684  VMUSBArbService - ok
20:58:21.0799 3684  VMware NAT Service - ok
20:58:21.0814 3684  [ baf28a75b00b79dc92702af7acffd3e5 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
20:58:21.0814 3684  vmx86 - ok
20:58:21.0846 3684  [ d2aafd421940f640b407aefaaebd91b0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:58:21.0861 3684  volmgr - ok
20:58:21.0892 3684  [ a255814907c89be58b79ef2f189b843b ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:58:21.0924 3684  volmgrx - ok
20:58:21.0939 3684  [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:58:21.0955 3684  volsnap - ok
20:58:21.0986 3684  [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:58:21.0986 3684  vsmraid - ok
20:58:22.0048 3684  [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS             C:\Windows\system32\vssvc.exe
20:58:22.0158 3684  VSS - ok
20:58:22.0173 3684  [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:58:22.0204 3684  vwifibus - ok
20:58:22.0204 3684  [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:58:22.0220 3684  vwififlt - ok
20:58:22.0251 3684  [ 1c9d80cc3849b3788048078c26486e1a ] W32Time         C:\Windows\system32\w32time.dll
20:58:22.0282 3684  W32Time - ok
20:58:22.0298 3684  [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:58:22.0314 3684  WacomPen - ok
20:58:22.0345 3684  [ 356afd78a6ed4457169241ac3965230c ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:58:22.0392 3684  WANARP - ok
20:58:22.0392 3684  [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:58:22.0423 3684  Wanarpv6 - ok
20:58:22.0470 3684  [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine        C:\Windows\system32\wbengine.exe
20:58:22.0532 3684  wbengine - ok
20:58:22.0548 3684  [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:58:22.0563 3684  WbioSrvc - ok
20:58:22.0579 3684  [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:58:22.0626 3684  wcncsvc - ok
20:58:22.0641 3684  [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:58:22.0657 3684  WcsPlugInService - ok
20:58:22.0672 3684  [ 72889e16ff12ba0f235467d6091b17dc ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:58:22.0688 3684  Wd - ok
20:58:22.0719 3684  [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:58:22.0766 3684  Wdf01000 - ok
20:58:22.0782 3684  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:58:22.0813 3684  WdiServiceHost - ok
20:58:22.0813 3684  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:58:22.0828 3684  WdiSystemHost - ok
20:58:22.0860 3684  [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:58:22.0891 3684  WebClient - ok
20:58:22.0906 3684  [ c749025a679c5103e575e3b48e092c43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:58:22.0969 3684  Wecsvc - ok
20:58:22.0984 3684  [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:58:23.0047 3684  wercplsupport - ok
20:58:23.0062 3684  [ 6d137963730144698cbd10f202e9f251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:58:23.0094 3684  WerSvc - ok
20:58:23.0109 3684  [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:58:23.0125 3684  WfpLwf - ok
20:58:23.0140 3684  [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:58:23.0156 3684  WIMMount - ok
20:58:23.0172 3684  WinDefend - ok
20:58:23.0172 3684  WinHttpAutoProxySvc - ok
20:58:23.0234 3684  [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:58:23.0296 3684  Winmgmt - ok
20:58:23.0343 3684  [ bcb1310604aa415c4508708975b3931e ] WinRM           C:\Windows\system32\WsmSvc.dll
20:58:23.0421 3684  WinRM - ok
20:58:23.0484 3684  [ fe88b288356e7b47b74b13372add906d ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:58:23.0515 3684  WinUsb - ok
20:58:23.0562 3684  [ c2208229a0761b05e874e10ffb341a64 ] WirelessSelectorService C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
20:58:23.0577 3684  WirelessSelectorService - ok
20:58:23.0608 3684  [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:58:23.0686 3684  Wlansvc - ok
20:58:23.0702 3684  [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:58:23.0702 3684  WmiAcpi - ok
20:58:23.0733 3684  [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:58:23.0749 3684  wmiApSrv - ok
20:58:23.0780 3684  WMPNetworkSvc - ok
20:58:23.0780 3684  [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:58:23.0796 3684  WPCSvc - ok
20:58:23.0827 3684  [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:58:23.0842 3684  WPDBusEnum - ok
20:58:23.0858 3684  [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:58:23.0889 3684  ws2ifsl - ok
20:58:23.0905 3684  [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc          C:\Windows\System32\wscsvc.dll
20:58:23.0936 3684  wscsvc - ok
20:58:23.0936 3684  WSearch - ok
20:58:23.0998 3684  [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:58:24.0061 3684  wuauserv - ok
20:58:24.0076 3684  [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:58:24.0123 3684  WudfPf - ok
20:58:24.0170 3684  [ cf8d590be3373029d57af80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:58:24.0248 3684  WUDFRd - ok
20:58:24.0248 3684  [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:58:24.0279 3684  wudfsvc - ok
20:58:24.0295 3684  [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:58:24.0310 3684  WwanSvc - ok
20:58:24.0326 3684  ================ Scan global ===============================
20:58:24.0342 3684  (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
20:58:24.0357 3684  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:58:24.0373 3684  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:58:24.0388 3684  (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
20:58:24.0420 3684  (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
20:58:24.0420 3684  [Global] - ok
20:58:24.0420 3684  ================ Scan MBR ==================================
20:58:24.0435 3684  MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:58:24.0856 3684  \Device\Harddisk0\DR0 - ok
20:58:24.0856 3684  ================ Scan VBR ==================================
20:58:24.0888 3684  Boot (0x1200)   (60c624876aef2379bf928fd629aa9d30) \Device\Harddisk0\DR0\Partition1
20:58:24.0903 3684  \Device\Harddisk0\DR0\Partition1 - ok
20:58:24.0903 3684  Boot (0x1200)   (a5d2d13166ba2fbeba579b19ffdb03a8) \Device\Harddisk0\DR0\Partition2
20:58:24.0903 3684  \Device\Harddisk0\DR0\Partition2 - ok
20:58:24.0934 3684  Boot (0x1200)   (85be4b844dec6fd69c8e09475d379b42) \Device\Harddisk0\DR0\Partition3
20:58:24.0934 3684  \Device\Harddisk0\DR0\Partition3 - ok
20:58:24.0950 3684  Boot (0x1200)   (e2d8918bc89cfbbc2344be9bbfd4f8bf) \Device\Harddisk0\DR0\Partition4
20:58:24.0950 3684  \Device\Harddisk0\DR0\Partition4 - ok
20:58:24.0950 3684  ============================================================
20:58:24.0950 3684  Scan finished
20:58:24.0950 3684  ============================================================
20:58:24.0966 4588  Detected object count: 7
20:58:24.0966 4588  Actual detected object count: 7
20:59:02.0593 4588  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0593 4588  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0593 4588  LogonUserService ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0593 4588  LogonUserService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0593 4588  O2Flash ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0593 4588  O2Flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0593 4588  SmartCaseServer ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0609 4588  SmartCaseServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0609 4588  SmartyLogService ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0609 4588  SmartyLogService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0609 4588  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0609 4588  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:02.0609 4588  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:02.0609 4588  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 16.08.2012, 09:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hiro · 18.08.2012, 12:17

Hi,
ich habe ComboFix ausgeführt, unten steht das logfile.
Ehrlich kann ich nicht genau erkennen was ComboFix gemacht hat und ich habe etwas Bedenken, dass etwas gelöscht wurde das ich evtl. noch brauche. Wäre super wenn Du mir kurz Deine Einschätzung zu den Punkten gibst, bei denen es grenzwertig ist, ob es wirklich gelöscht werden musste.
Außerdem interessiert mich, ob all die aufgeführten Registrierungsschlüssel gelsöcht wurden? (die meisten Schlüssel handeln ja z.B. von Tortoise was ich täglich benutze)

Danke!

Code:

ATTFilter

ComboFix 12-08-17.03 - *** 18.08.2012  12:40:44.1.8 - x64
Microsoft Windows 7 Professional  *** [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\#Short company name#
c:\programdata\#Short company name#\#settings_subfolder#\Timerlist.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\***\AppData\Roaming\#Short company name#
c:\users\***\AppData\Roaming\#Short company name#\#settings_subfolder#\#dvr.ini
c:\users\***\AppData\Roaming\wrtiec.dll
c:\users\***\AppData\Roaming\#Short company name#
c:\users\***\AppData\Roaming\#Short company name#\#settings_subfolder#\#dvr.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-18 bis 2012-08-18  ))))))))))))))))))))))))))))))
.
.
2012-08-18 10:45 . 2012-08-18 10:45	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-08-18 10:45 . 2012-08-18 10:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-17 14:48 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{431858E2-8137-4CD4-8953-E8E500446A45}\mpengine.dll
2012-08-15 11:28 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 11:28 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 11:28 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 11:28 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 11:28 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 11:28 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-14 12:04 . 2012-08-14 12:04	--------	d-----w-	C:\_OTL
2012-08-05 15:33 . 2012-08-05 15:33	--------	d-----w-	c:\program files (x86)\ESET
2012-08-05 15:32 . 2012-08-05 15:32	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-07-30 19:28 . 2012-07-30 19:28	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-30 19:27 . 2012-07-30 19:27	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-30 19:27 . 2012-07-30 19:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-30 19:27 . 2012-07-30 19:27	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-30 19:27 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-30 17:56 . 2012-07-30 17:56	--------	d-----w-	c:\program files\HitmanPro
2012-07-30 17:56 . 2012-07-30 17:57	--------	d-----w-	c:\programdata\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 11:58 . 2012-02-04 19:54	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-03 07:40 . 2012-04-02 19:00	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 07:40 . 2012-01-07 14:55	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 10:09	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 10:09	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:09	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:09	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:09	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:09	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:09	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 08:49	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 08:50	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 08:50	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 08:50	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 08:49	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 08:50	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 08:49	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 08:49	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 08:49	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 10:09	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 10:09	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 10:09	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 10:09	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 10:09	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 10:09	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 10:09	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:09	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 10:09	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2011-12-27 10:18	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2009-12-04 195080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-01 104960]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-06-16 36712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FscBapi;FscBapi;c:\windows\system32\DRIVERS\FscBapi.sys [2009-05-05 18944]
R3 SmartyLogService;SmartyLogService;c:\program files\SmartCase Logon+\System\SmartyLog.exe [2009-03-12 321600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2011-12-26 14696]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 fcrimg4;SecureDrive;c:\windows\system32\DRIVERS\fcrimg4.sys [2009-11-13 45120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-13 86224]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-12-27 2704704]
S2 cmTCS64 Service;cmTCS64 Service;c:\windows\system32\cmTCS64.exe [2009-12-14 814944]
S2 LogonUserService;LogonUser Service;c:\program files\SmartCase Logon+\System\logonuser.exe [2009-07-24 280128]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 SmartCaseServer;SmartCaseServer;c:\program files\SmartCase Logon+\Password Manager\SmartCaseServer.exe [2009-07-01 324672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-10-12 145792]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-28 736840]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-01 283824]
S3 FscGabi;FscGabi;c:\windows\system32\DRIVERS\FscGabi.sys [2009-05-05 19968]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-13 58400]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-07-03 56096]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"nwiz"="nwiz.exe" [2009-11-11 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-13 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-07-22 282984]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-10-12 535392]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-10-12 431456]
"SclStart.exe"="c:\program files\SmartCase Logon+\System\SclStart.exe" [2010-02-05 87688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usvm269k.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-BthSyncServ - c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-18  12:48:22
ComboFix-quarantined-files.txt  2012-08-18 10:48
.
Vor Suchlauf: 8 Verzeichnis(se), 160.284.028.928 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 160.806.637.568 Bytes frei
.
- - End Of File - - 8B7F132B11CC6845A57C328F678FF6B0

cosinus · 18.08.2012, 14:11

Ob etwas nicht geht kann ich nicht beurteilen, das musst du selbst ausprobieren
Notfalls findest du die mit CF gelöschten Objekte in C:\Qoobox\... wieder

hiro · 19.08.2012, 13:08

Es scheint alles noch zu funktionieren, trotzdem bin ich ehrlich gesagt etwas verunsichert, nicht mehr genau überblicken zu können was gelöscht wird (insbes. Registry Einträge, Dateien). Deshalb bin ich am überlegen, ob ich den Systemwiederherstellungspunkt vor ComboFix wählen soll.
Deshalb meine Frage, wie würde es denn nun weiter gehen? Kommen noch viele Programme? Und wäre das System ohne ComboFix sauber oder kommen wir um ComboFix nicht drum herum?

Vielen Dank auf jeden Fall für die Hilfe bisher!

cosinus · 20.08.2012, 17:14

Wir sind fast durch

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

hiro · 31.08.2012, 20:02

Hi,

ich habe die Programme wie beschrieben ausgeführt. Anbei die logs, wobei das log von GMER leer ist weil er nichts gefunden hat.
Ein paar Postings vorher hast du gefragt, ob noch alle Programme funktionieren. Inzwischen habe ich festgestellt, dass pdfcreator nicht mehr richtig funktioniert. Ich glaube in einer der ersten Logs wurde bzgl. pdfcreator etwas gefunden. Wäre super, wenn Du mir Rückmeldung gibst, ob das zutrifft und ob ich jetzt pdfcreator einfach neuinstallieren soll (wobei ich ja dann wieder spyware o.ä. drauf hätte)

Vielen Dank!

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 20:29:23
-----------------------------
20:29:23.451    OS Version: Windows x64 6.1.7601 Service Pack 1
20:29:23.451    Number of processors: 8 586 0x1E05
20:29:23.451    ComputerName: ***-PC  UserName: ***
20:29:24.311    Initialize success
20:29:29.087    AVAST engine defs: 12082100
20:29:39.991    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:29:39.991    Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
20:29:40.007    Disk 0 MBR read successfully
20:29:40.007    Disk 0 MBR scan
20:29:40.022    Disk 0 Windows 7 default MBR code
20:29:40.022    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:29:40.038    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199899 MB offset 206848
20:29:40.069    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       100000 MB offset 409600000
20:29:40.085    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       176939 MB offset 614400000
20:29:40.147    Disk 0 scanning C:\Windows\system32\drivers
20:29:52.424    Service scanning
20:30:12.330    Modules scanning
20:30:12.330    Disk 0 trace - called modules:
20:30:12.860    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:30:12.876    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069ad790]
20:30:12.876    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8004995e40]
20:30:12.891    5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004996050]
20:30:12.907    Scan finished successfully
20:32:54.882    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:32:54.882    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

ï»¿OSAM Logfile:OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:16:27 on 21.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"DSDrv4" (DSDrv4) - ? - C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys  (File not found)
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\drivers\vmx86.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{37B109B0-E817-4072-8429-EDC6A987FCE3} "SingleSignOn Class" - ? - C:\Program Files (x86)\TrustedDesk Logon+\Password Manager\SmartCaseBho.dll  (File found, but it contains no detailed information)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LtMoh" - "LSI Corp." - C:\Program Files\ltmoh\Ltmoh.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"IMSS" - ? - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"IndicatorUtility" - "FUJITSU LIMITED" - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
"LoadFUJ02E3" - "FUJITSU LIMITED" - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Discovery Port Monitor (HP Officejet Pro 8500 A910)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM5312.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Program Files\Fingerprint Sensor\ATService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
"cmTCS64 Service" (cmTCS64 Service) - "charismathics" - C:\Windows\system32\cmTCS64.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"LogonUser Service" (LogonUserService) - "iC ComPas GmbH & Co KG" - C:\Program Files\SmartCase Logon+\System\logonuser.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"O2Flash Memory Service" (O2Flash) - "O2Micro International" - C:\Windows\SysWOW64\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PowerSavingUtilityService" (PowerSavingUtilityService) - "FUJITSU LIMITED" - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
"SmartCaseServer" (SmartCaseServer) - ? - C:\Program Files\SmartCase Logon+\Password Manager\SmartCaseServer.exe
"SmartyLogService" (SmartyLogService) - "iC ComPas GmbH & Co KG" - C:\Program Files\SmartCase Logon+\System\SmartyLog.exe
"UnterstÃ¼tzung fÃ¼r Bluetooth-Funktionen" (VFPRadioSupportService) - "CSR, plc" - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - ? - C:\Windows\system32\vmnetdhcp.exe  (File not found)
"VMware NAT Service" (VMware NAT Service) - ? - C:\Windows\system32\vmnat.exe  (File not found)
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
"WirelessSelectorService" (WirelessSelectorService) - ? - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

--- --- ---

cosinus · 31.08.2012, 20:45

Wozu braucht man überhaupt den PDFCreator? Wenn es der schon sein soll, muss man auch mal bei der Installation aufpassen was der mit installiert. Jeden unnötigen Mist muss man abwählen, also jede Toolbar und das gilt auch für alle anderen Setups
Ansonsten kann man als Alternative zum PDFCreator auch FreePDF/Ghostscript verwenden

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hiro · 01.09.2012, 19:05

Hier die Logs:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

01.09.2012 11:14:55
mbam-log-2012-09-01 (11-14-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447345
Laufzeit: 1 Stunde(n), 10 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/01/2012 at 07:26 PM

Application Version : 5.5.1012

Core Rules Database Version : 9166
Trace Rules Database Version: 6978

Scan type       : Complete Scan
Total Scan Time : 01:31:42

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned      : 575
Memory threats detected   : 0
Registry items scanned    : 65740
Registry threats detected : 0
File items scanned        : 207635
File threats detected     : 0

13.08.2012, 12:39	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2 - Standard$ Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2 Du musst die Zeilen in OTL so zurückeditieren wie es ursprünglich im OTL-Log stand __________________ Logfiles bitte immer in CODE-Tags posten

Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2

Plagegeister aller Art und deren Bekämpfung: Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2