Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2012, 16:14   #16
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Hey, ich hab das Log doch gepostet...
Wollte nur fragen ob es okay war, dass ich den Virenscanner wieder eingeschaltet hab und, dass sonst alles beim alten ist ;-)

Alt 14.08.2012, 17:00   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Ja das OTL-Fix-Log aber nicht das dein Virenscanner wieder neulich ausgespuckt hat
__________________

__________________

Alt 14.08.2012, 17:17   #18
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Ich finde ehrlich gesagt keine Logfiles von Avast.

Aber es hat sich ja auch nichts verändert. Der Virenscanner meldet immer wieder:
Name: 00000001.@
Virus: Win32:Malware-gen
Ort: C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U
__________________

Alt 14.08.2012, 17:40   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Genau diesen Kram sollten wir aber mit OTL plattgemacht haben
Ich schalge vor wir wiederholen den OTL-Fix aber wenden ihn nur auf die typischen ZeroAccess Objekte an:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
ATTFilter
:Files
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@
C:\ProgramData\FullRemove.exe
C:\Users\D\AppData\Roaming\Qatuox
C:\Users\D\AppData\Roaming\Buwa
C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.08.2012, 19:36   #20
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U folder moved successfully.
File\Folder C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L not found.
File\Folder C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n not found.
File move failed. C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ scheduled to be moved on reboot.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ not found.
File\Folder C:\ProgramData\FullRemove.exe not found.
File\Folder C:\Users\D\AppData\Roaming\Qatuox not found.
File\Folder C:\Users\D\AppData\Roaming\Buwa not found.
File\Folder C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: D
->Temp folder emptied: 51287 bytes
->Temporary Internet Files folder emptied: 69559 bytes
->FireFox cache emptied: 87024038 bytes
->Flash cache emptied: 1626 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 83.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: D
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_190110

Files\Folders moved on Reboot...
File move failed. C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ scheduled to be moved on reboot.
C:\Users\D\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ : Unable to obtain MD5
File C:\Users\D\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Also scheint jetzt erstmal gut zu sein... Avast hätte schon längst meckern müssen (cih warte immer erst ein bisschen ab bis ich poste). Geil. Danke
Aber: die Firewall lässt sich noch nicht aktivieren (gleicher Fehlercode wie oben)

Edit: scheiße jetzt hat's doch gebimmelt. Genau das gleiche wie oben wieder gefunden... :-(


Geändert von Over (14.08.2012 um 19:57 Uhr)

Alt 15.08.2012, 19:09   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750

Alt 16.08.2012, 10:09   #22
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Hey arne, bin jetzt gerade im Urlaub. bin aber Samstag schon wider am Rechner dann mach ich das. nur bitte nicht aus deinem Abo löschen. danke!

Alt 16.08.2012, 11:51   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Ich lösch nichts aus meinen Abos, auch abgeschlossene Fälle nicht
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.08.2012, 12:06   #24
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



So, da bin ich wieder anbei das Log

Code:
ATTFilter
13:01:47.0856 7576  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:01:48.0028 7576  ============================================================
13:01:48.0028 7576  Current date / time: 2012/08/19 13:01:48.0028
13:01:48.0028 7576  SystemInfo:
13:01:48.0028 7576  
13:01:48.0028 7576  OS Version: 6.1.7601 ServicePack: 1.0
13:01:48.0028 7576  Product type: Workstation
13:01:48.0028 7576  ComputerName: D-PC
13:01:48.0028 7576  UserName: D
13:01:48.0028 7576  Windows directory: C:\Windows
13:01:48.0028 7576  System windows directory: C:\Windows
13:01:48.0028 7576  Running under WOW64
13:01:48.0028 7576  Processor architecture: Intel x64
13:01:48.0028 7576  Number of processors: 2
13:01:48.0028 7576  Page size: 0x1000
13:01:48.0028 7576  Boot type: Normal boot
13:01:48.0028 7576  ============================================================
13:01:49.0213 7576  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:01:49.0229 7576  ============================================================
13:01:49.0229 7576  \Device\Harddisk0\DR0:
13:01:49.0229 7576  MBR partitions:
13:01:49.0229 7576  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x74701B0
13:01:49.0229 7576  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91BB367, BlocksNum 0x1400921A
13:01:49.0229 7576  ============================================================
13:01:49.0260 7576  C: <-> \Device\Harddisk0\DR0\Partition1
13:01:49.0291 7576  D: <-> \Device\Harddisk0\DR0\Partition2
13:01:49.0291 7576  ============================================================
13:01:49.0291 7576  Initialize success
13:01:49.0291 7576  ============================================================
13:02:28.0026 7680  ============================================================
13:02:28.0026 7680  Scan started
13:02:28.0026 7680  Mode: Manual; SigCheck; TDLFS; 
13:02:28.0026 7680  ============================================================
13:02:30.0382 7680  ================ Scan services =============================
13:02:30.0569 7680  [ a87d604aea360176311474c87a63bb88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:02:30.0740 7680  1394ohci - ok
13:02:30.0772 7680  [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:02:30.0803 7680  ACPI - ok
13:02:30.0834 7680  [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:02:30.0881 7680  AcpiPmi - ok
13:02:30.0974 7680  [ 8b46d5a1d3ef08232c04d0eafb871fb2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:02:31.0021 7680  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:02:31.0021 7680  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:02:31.0162 7680  [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:31.0193 7680  AdobeFlashPlayerUpdateSvc - ok
13:02:31.0255 7680  [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:31.0286 7680  adp94xx - ok
13:02:31.0318 7680  [ 597f78224ee9224ea1a13d6350ced962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:02:31.0349 7680  adpahci - ok
13:02:31.0380 7680  [ e109549c90f62fb570b9540c4b148e54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:02:31.0396 7680  adpu320 - ok
13:02:31.0427 7680  [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:02:31.0505 7680  AeLookupSvc - ok
13:02:31.0567 7680  [ fb2be0bae9b3f248080cdbf91ef16c7f ] AFBAgent        C:\Windows\system32\FBAgent.exe
13:02:31.0614 7680  AFBAgent - ok
13:02:31.0661 7680  [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:02:31.0754 7680  AFD - ok
13:02:31.0817 7680  [ 608c14dba7299d8cb6ed035a68a15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:02:31.0848 7680  agp440 - ok
13:02:31.0879 7680  [ 3290d6946b5e30e70414990574883ddb ] ALG             C:\Windows\System32\alg.exe
13:02:31.0926 7680  ALG - ok
13:02:31.0988 7680  [ 5812713a477a3ad7363c7438ca2ee038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:02:32.0051 7680  aliide - ok
13:02:32.0129 7680  [ f238be4fa4e55eb67f17281fadf69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:02:32.0222 7680  AMD External Events Utility - ok
13:02:32.0254 7680  [ 1ff8b4431c353ce385c875f194924c0c ] amdide          C:\Windows\system32\drivers\amdide.sys
13:02:32.0285 7680  amdide - ok
13:02:32.0332 7680  [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:02:32.0410 7680  AmdK8 - ok
13:02:32.0456 7680  [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:02:32.0534 7680  AmdPPM - ok
13:02:32.0566 7680  [ 8818a2ab90189b7ff60a24c0847f9a6b ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
13:02:32.0612 7680  amdsata - ok
13:02:32.0644 7680  [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:32.0675 7680  amdsbs - ok
13:02:32.0690 7680  [ 3c430969f097dee18d13010d678069cd ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
13:02:32.0706 7680  amdxata - ok
13:02:32.0768 7680  [ 391887990cdaa83de5c56c3fde966da1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
13:02:32.0831 7680  AmUStor - ok
13:02:32.0878 7680  [ 89a69c3f2f319b43379399547526d952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:02:32.0971 7680  AppID - ok
13:02:33.0018 7680  [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:02:33.0112 7680  AppIDSvc - ok
13:02:33.0174 7680  [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:02:33.0221 7680  Appinfo - ok
13:02:33.0283 7680  [ c484f8ceb1717c540242531db7845c4e ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:02:33.0314 7680  arc - ok
13:02:33.0346 7680  [ 019af6924aefe7839f61c830227fe79c ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:02:33.0361 7680  arcsas - ok
13:02:33.0424 7680  [ 18e5c2f937f9deb8c282df66a3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:02:33.0486 7680  ASLDRService - ok
13:02:33.0548 7680  [ 2db34edd17d3a8da7105a19c95a3dd68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:02:33.0595 7680  ASMMAP64 - ok
13:02:33.0642 7680  [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:02:33.0673 7680  aswFsBlk - ok
13:02:33.0704 7680  [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:02:33.0736 7680  aswMonFlt - ok
13:02:33.0782 7680  [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
13:02:33.0814 7680  aswRdr - ok
13:02:33.0860 7680  [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:02:33.0907 7680  aswSnx - ok
13:02:33.0938 7680  [ 3610ca74a69e380424f0452dec5c1317 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:02:33.0954 7680  aswSP - ok
13:02:33.0970 7680  [ 87de3e31cb0091d22351349869324065 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:02:34.0001 7680  aswTdi - ok
13:02:34.0016 7680  [ 769765ce2cc62867468cea93969b2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:34.0094 7680  AsyncMac - ok
13:02:34.0126 7680  [ 02062c0b390b7729edc9e69c680a6f3c ] atapi           C:\Windows\system32\drivers\atapi.sys
13:02:34.0157 7680  atapi - ok
13:02:34.0219 7680  [ 0acc06fcf46f64ed4f11e57ee461c1f4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:02:34.0328 7680  athr - ok
13:02:34.0375 7680  [ 3b9014fb7ce9e20fd726321c7db7d8b0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
13:02:34.0391 7680  AtiHdmiService - ok
13:02:34.0562 7680  [ 2db9047aac9d981f59ce06d04d70c4d8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:02:34.0843 7680  atikmdag - ok
13:02:34.0890 7680  [ 7c5d273e29dcc5505469b299c6f29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
13:02:34.0906 7680  AtiPcie - ok
13:02:34.0921 7680  [ 7c157574a181b19b9dcf5f339e25337e ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:02:34.0952 7680  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
13:02:34.0952 7680  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
13:02:35.0015 7680  [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:35.0140 7680  AudioEndpointBuilder - ok
13:02:35.0171 7680  [ f23fef6d569fce88671949894a8becf1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:02:35.0233 7680  AudioSrv - ok
13:02:35.0296 7680  [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:02:35.0327 7680  avast! Antivirus - ok
13:02:35.0374 7680  [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:02:35.0483 7680  AxInstSV - ok
13:02:35.0530 7680  [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:02:35.0576 7680  b06bdrv - ok
13:02:35.0608 7680  [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:02:35.0654 7680  b57nd60a - ok
13:02:35.0701 7680  [ fde360167101b4e45a96f939f388aeb0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:02:35.0732 7680  BDESVC - ok
13:02:35.0779 7680  [ 16a47ce2decc9b099349a5f840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:02:35.0904 7680  Beep - ok
13:02:35.0920 7680  [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:35.0966 7680  blbdrive - ok
13:02:35.0998 7680  [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:02:36.0029 7680  bowser - ok
13:02:36.0076 7680  [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:36.0138 7680  BrFiltLo - ok
13:02:36.0169 7680  [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:36.0216 7680  BrFiltUp - ok
13:02:36.0247 7680  [ 8ef0d5c41ec907751b8429162b1239ed ] Browser         C:\Windows\System32\browser.dll
13:02:36.0341 7680  Browser - ok
13:02:36.0388 7680  [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:02:36.0419 7680  Brserid - ok
13:02:36.0450 7680  [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:36.0481 7680  BrSerWdm - ok
13:02:36.0512 7680  [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:36.0544 7680  BrUsbMdm - ok
13:02:36.0559 7680  [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:36.0590 7680  BrUsbSer - ok
13:02:36.0606 7680  [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:36.0637 7680  BTHMODEM - ok
13:02:36.0684 7680  [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv         C:\Windows\system32\bthserv.dll
13:02:36.0778 7680  bthserv - ok
13:02:36.0809 7680  [ b8bd2bb284668c84865658c77574381a ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:02:37.0027 7680  cdfs - ok
13:02:37.0074 7680  [ f036ce71586e93d94dab220d7bdf4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:02:37.0152 7680  cdrom - ok
13:02:37.0183 7680  [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc     C:\Windows\System32\certprop.dll
13:02:37.0261 7680  CertPropSvc - ok
13:02:37.0308 7680  [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:02:37.0339 7680  circlass - ok
13:02:37.0386 7680  [ fe1ec06f2253f691fe36217c592a0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:02:37.0448 7680  CLFS - ok
13:02:37.0511 7680  [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:37.0558 7680  clr_optimization_v2.0.50727_32 - ok
13:02:37.0620 7680  [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:02:37.0651 7680  clr_optimization_v2.0.50727_64 - ok
13:02:37.0714 7680  [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:02:37.0792 7680  clr_optimization_v4.0.30319_32 - ok
13:02:37.0838 7680  [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:02:37.0870 7680  clr_optimization_v4.0.30319_64 - ok
13:02:37.0916 7680  [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:37.0948 7680  CmBatt - ok
13:02:37.0994 7680  [ e19d3f095812725d88f9001985b94edd ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:02:38.0041 7680  cmdide - ok
13:02:38.0072 7680  [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG             C:\Windows\system32\Drivers\cng.sys
13:02:38.0182 7680  CNG - ok
13:02:38.0228 7680  [ 102de219c3f61415f964c88e9085ad14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:02:38.0244 7680  Compbatt - ok
13:02:38.0275 7680  [ 03edb043586cceba243d689bdda370a8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:02:38.0338 7680  CompositeBus - ok
13:02:38.0369 7680  COMSysApp - ok
13:02:38.0384 7680  [ 1c827878a998c18847245fe1f34ee597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:38.0400 7680  crcdisk - ok
13:02:38.0431 7680  [ 4f5414602e2544a4554d95517948b705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:02:38.0478 7680  CryptSvc - ok
13:02:38.0540 7680  [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:02:38.0665 7680  DcomLaunch - ok
13:02:38.0696 7680  [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc       C:\Windows\System32\defragsvc.dll
13:02:38.0790 7680  defragsvc - ok
13:02:38.0821 7680  [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:02:38.0946 7680  DfsC - ok
13:02:38.0993 7680  [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:02:39.0149 7680  Dhcp - ok
13:02:39.0196 7680  [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache        C:\Windows\system32\drivers\discache.sys
13:02:39.0258 7680  discache - ok
13:02:39.0274 7680  [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:02:39.0289 7680  Disk - ok
13:02:39.0352 7680  [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:02:39.0398 7680  Dnscache - ok
13:02:39.0445 7680  [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:02:39.0508 7680  dot3svc - ok
13:02:39.0539 7680  [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS             C:\Windows\system32\dps.dll
13:02:39.0648 7680  DPS - ok
13:02:39.0679 7680  [ 9b19f34400d24df84c858a421c205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:02:39.0726 7680  drmkaud - ok
13:02:39.0788 7680  [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:02:39.0866 7680  DXGKrnl - ok
13:02:39.0913 7680  [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:02:40.0054 7680  EapHost - ok
13:02:40.0178 7680  [ dc5d737f51be844d8c82c695eb17372f ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:02:40.0366 7680  ebdrv - ok
13:02:40.0397 7680  [ c118a82cd78818c29ab228366ebf81c3 ] EFS             C:\Windows\System32\lsass.exe
13:02:40.0459 7680  EFS - ok
13:02:40.0553 7680  [ c4002b6b41975f057d98c439030cea07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:02:40.0615 7680  ehRecvr - ok
13:02:40.0662 7680  [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:02:40.0740 7680  ehSched - ok
13:02:40.0802 7680  [ 0e5da5369a0fcaea12456dd852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:02:40.0912 7680  elxstor - ok
13:02:40.0958 7680  [ 34a3c54752046e79a126e15c51db409b ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:02:41.0021 7680  ErrDev - ok
13:02:41.0083 7680  [ 1299d1ea00b7a4bf69c5869dca31e0f6 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
13:02:41.0146 7680  ETD - ok
13:02:41.0208 7680  [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem     C:\Windows\system32\es.dll
13:02:41.0317 7680  EventSystem - ok
13:02:41.0348 7680  [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat           C:\Windows\system32\drivers\exfat.sys
13:02:41.0426 7680  exfat - ok
13:02:41.0442 7680  [ 0adc83218b66a6db380c330836f3e36d ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:02:41.0520 7680  fastfat - ok
13:02:41.0582 7680  [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax             C:\Windows\system32\fxssvc.exe
13:02:41.0645 7680  Fax - ok
13:02:41.0676 7680  [ d765d19cd8ef61f650c384f62fac00ab ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:02:41.0707 7680  fdc - ok
13:02:41.0754 7680  [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:02:41.0832 7680  fdPHost - ok
13:02:41.0863 7680  [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:02:41.0910 7680  FDResPub - ok
13:02:41.0957 7680  [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:02:41.0988 7680  FileInfo - ok
13:02:42.0004 7680  [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:02:42.0113 7680  Filetrace - ok
13:02:42.0144 7680  [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:42.0191 7680  flpydisk - ok
13:02:42.0238 7680  [ da6b67270fd9db3697b20fce94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:02:42.0253 7680  FltMgr - ok
13:02:42.0331 7680  [ 5c4cb4086fb83115b153e47add961a0c ] FontCache       C:\Windows\system32\FntCache.dll
13:02:42.0425 7680  FontCache - ok
13:02:42.0487 7680  [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:02:42.0518 7680  FontCache3.0.0.0 - ok
13:02:42.0550 7680  [ d43703496149971890703b4b1b723eac ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:02:42.0565 7680  FsDepends - ok
13:02:42.0628 7680  [ 5814011b2f6e088e29d689b5fcd49b8f ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
13:02:42.0674 7680  fssfltr - ok
13:02:42.0737 7680  [ f6717211c1ec2cddaa81b97b0727c2e9 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:02:42.0815 7680  fsssvc - ok
13:02:42.0862 7680  [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:02:42.0877 7680  Fs_Rec - ok
13:02:42.0924 7680  [ 1f7b25b858fa27015169fe95e54108ed ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:02:42.0940 7680  fvevol - ok
13:02:42.0986 7680  [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:43.0002 7680  gagp30kx - ok
13:02:43.0064 7680  [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc           C:\Windows\System32\gpsvc.dll
13:02:43.0174 7680  gpsvc - ok
13:02:43.0236 7680  [ f02a533f517eb38333cb12a9e8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:43.0283 7680  gupdate - ok
13:02:43.0298 7680  [ f02a533f517eb38333cb12a9e8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:43.0314 7680  gupdatem - ok
13:02:43.0345 7680  [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:02:43.0376 7680  hcw85cir - ok
13:02:43.0454 7680  [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:43.0548 7680  HdAudAddService - ok
13:02:43.0579 7680  [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:02:43.0657 7680  HDAudBus - ok
13:02:43.0704 7680  [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:43.0735 7680  HidBatt - ok
13:02:43.0766 7680  [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:02:43.0829 7680  HidBth - ok
13:02:43.0860 7680  [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:02:43.0938 7680  HidIr - ok
13:02:43.0985 7680  [ bd9eb3958f213f96b97b1d897dee006d ] hidserv         C:\Windows\system32\hidserv.dll
13:02:44.0047 7680  hidserv - ok
13:02:44.0094 7680  [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:02:44.0141 7680  HidUsb - ok
13:02:44.0172 7680  [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:02:44.0312 7680  hkmsvc - ok
13:02:44.0344 7680  [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:44.0390 7680  HomeGroupListener - ok
13:02:44.0422 7680  [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:44.0453 7680  HomeGroupProvider - ok
13:02:44.0515 7680  [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:02:44.0562 7680  HpSAMD - ok
13:02:44.0609 7680  [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:02:44.0765 7680  HTTP - ok
13:02:44.0796 7680  [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:02:44.0812 7680  hwpolicy - ok
13:02:44.0843 7680  [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:02:44.0874 7680  i8042prt - ok
13:02:44.0921 7680  [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:02:44.0936 7680  iaStorV - ok
13:02:45.0030 7680  [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:02:45.0092 7680  idsvc - ok
13:02:45.0186 7680  [ e28602c9e17b0ddce9f5deb3b3e2a635 ] IGDCTRL         D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE
13:02:45.0217 7680  IGDCTRL - ok
13:02:45.0264 7680  [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:02:45.0280 7680  iirsp - ok
13:02:45.0326 7680  [ fcd84c381e0140af901e58d48882d26b ] IKEEXT          C:\Windows\System32\ikeext.dll
13:02:45.0420 7680  IKEEXT - ok
13:02:45.0451 7680  [ f00f20e70c6ec3aa366910083a0518aa ] intelide        C:\Windows\system32\drivers\intelide.sys
13:02:45.0482 7680  intelide - ok
13:02:45.0529 7680  [ ada036632c664caa754079041cf1f8c1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:02:45.0576 7680  intelppm - ok
13:02:45.0607 7680  [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:02:45.0716 7680  IPBusEnum - ok
13:02:45.0763 7680  [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:45.0826 7680  IpFilterDriver - ok
13:02:45.0872 7680  [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:02:45.0904 7680  IPMIDRV - ok
13:02:45.0966 7680  [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:02:46.0028 7680  IPNAT - ok
13:02:46.0091 7680  [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:02:46.0138 7680  IRENUM - ok
13:02:46.0169 7680  [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:02:46.0184 7680  isapnp - ok
13:02:46.0231 7680  [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:02:46.0247 7680  iScsiPrt - ok
13:02:46.0278 7680  [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:02:46.0294 7680  kbdclass - ok
13:02:46.0340 7680  [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:02:46.0403 7680  kbdhid - ok
13:02:46.0450 7680  [ e63ef8c3271d014f14e2469ce75fecb4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
13:02:46.0481 7680  kbfiltr - ok
13:02:46.0528 7680  [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso          C:\Windows\system32\lsass.exe
13:02:46.0543 7680  KeyIso - ok
13:02:46.0574 7680  [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:02:46.0590 7680  KSecDD - ok
13:02:46.0621 7680  [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:02:46.0652 7680  KSecPkg - ok
13:02:46.0684 7680  [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:02:46.0762 7680  ksthunk - ok
13:02:46.0793 7680  [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:02:46.0871 7680  KtmRm - ok
13:02:46.0902 7680  [ 1541d77d3eb41177bd7026d49948aa95 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
13:02:46.0933 7680  L1E - ok
13:02:46.0964 7680  [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:02:47.0042 7680  LanmanServer - ok
13:02:47.0089 7680  [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:47.0198 7680  LanmanWorkstation - ok
13:02:47.0214 7680  Lbd - ok
13:02:47.0292 7680  [ 88e52495b47c67126b510af53fdb0bc7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
13:02:47.0354 7680  LBTServ - ok
13:02:47.0401 7680  [ b6552d382ff070b4ed34cbd6737277c0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:02:47.0432 7680  LHidFilt - ok
13:02:47.0448 7680  [ 1538831cf8ad2979a04c423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:02:47.0526 7680  lltdio - ok
13:02:47.0573 7680  [ c1185803384ab3feed115f79f109427f ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:02:47.0651 7680  lltdsvc - ok
13:02:47.0682 7680  [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:02:47.0744 7680  lmhosts - ok
13:02:47.0791 7680  [ 73c1f563ab73d459dffe682d66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:02:47.0807 7680  LMouFilt - ok
13:02:47.0838 7680  [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:47.0854 7680  LSI_FC - ok
13:02:47.0869 7680  [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:47.0885 7680  LSI_SAS - ok
13:02:47.0916 7680  [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:47.0932 7680  LSI_SAS2 - ok
13:02:47.0947 7680  [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:47.0963 7680  LSI_SCSI - ok
13:02:48.0010 7680  [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv           C:\Windows\system32\drivers\luafv.sys
13:02:48.0119 7680  luafv - ok
13:02:48.0150 7680  [ 9d9714e78eac9e5368208649489c920e ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
13:02:48.0181 7680  LUsbFilt - ok
13:02:48.0212 7680  [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:02:48.0244 7680  Mcx2Svc - ok
13:02:48.0259 7680  [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:02:48.0275 7680  megasas - ok
13:02:48.0306 7680  [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:48.0337 7680  MegaSR - ok
13:02:48.0400 7680  [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:02:48.0446 7680  Microsoft Office Groove Audit Service - ok
13:02:48.0493 7680  [ e40e80d0304a73e8d269f7141d77250b ] MMCSS           C:\Windows\system32\mmcss.dll
13:02:48.0587 7680  MMCSS - ok
13:02:48.0602 7680  [ 800ba92f7010378b09f9ed9270f07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:02:48.0665 7680  Modem - ok
13:02:48.0712 7680  [ b03d591dc7da45ece20b3b467e6aadaa ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:02:48.0727 7680  monitor - ok
13:02:48.0758 7680  [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:02:48.0774 7680  mouclass - ok
13:02:48.0790 7680  [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:02:48.0836 7680  mouhid - ok
13:02:48.0868 7680  [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:02:48.0899 7680  mountmgr - ok
13:02:48.0930 7680  [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:02:48.0961 7680  mpio - ok
13:02:48.0977 7680  [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:02:49.0024 7680  mpsdrv - ok
13:02:49.0070 7680  [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:02:49.0133 7680  MRxDAV - ok
13:02:49.0180 7680  [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:49.0211 7680  mrxsmb - ok
13:02:49.0258 7680  [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:49.0289 7680  mrxsmb10 - ok
13:02:49.0320 7680  [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:49.0367 7680  mrxsmb20 - ok
13:02:49.0414 7680  [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:02:49.0429 7680  msahci - ok
13:02:49.0460 7680  [ db801a638d011b9633829eb6f663c900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:02:49.0476 7680  msdsm - ok
13:02:49.0492 7680  [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:02:49.0570 7680  MSDTC - ok
13:02:49.0632 7680  [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:02:49.0694 7680  Msfs - ok
13:02:49.0726 7680  [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:02:49.0788 7680  mshidkmdf - ok
13:02:49.0835 7680  [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:02:49.0850 7680  msisadrv - ok
13:02:49.0897 7680  [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:02:49.0960 7680  MSiSCSI - ok
13:02:49.0975 7680  msiserver - ok
13:02:50.0022 7680  [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:02:50.0084 7680  MSKSSRV - ok
13:02:50.0116 7680  [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:50.0334 7680  MSPCLOCK - ok
13:02:50.0365 7680  [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:02:50.0428 7680  MSPQM - ok
13:02:50.0474 7680  [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:02:50.0552 7680  MsRPC - ok
13:02:50.0599 7680  [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:02:50.0630 7680  mssmbios - ok
13:02:50.0662 7680  [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:02:50.0724 7680  MSTEE - ok
13:02:50.0740 7680  [ 7ea404308934e675bffde8edf0757bcd ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:50.0771 7680  MTConfig - ok
13:02:50.0818 7680  [ 032d35c996f21d19a205a7c8f0b76f3c ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:02:50.0833 7680  MTsensor - ok
13:02:50.0849 7680  [ f9a18612fd3526fe473c1bda678d61c8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:02:50.0864 7680  Mup - ok
13:02:50.0911 7680  [ 582ac6d9873e31dfa28a4547270862dd ] napagent        C:\Windows\system32\qagentRT.dll
13:02:50.0989 7680  napagent - ok
13:02:51.0020 7680  [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:02:51.0067 7680  NativeWifiP - ok
13:02:51.0192 7680  [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:02:51.0254 7680  NDIS - ok
13:02:51.0286 7680  [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:51.0410 7680  NdisCap - ok
13:02:51.0457 7680  [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:51.0551 7680  NdisTapi - ok
13:02:51.0582 7680  [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:51.0644 7680  Ndisuio - ok
13:02:51.0676 7680  [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:51.0738 7680  NdisWan - ok
13:02:51.0785 7680  [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:02:51.0832 7680  NDProxy - ok
13:02:51.0941 7680  [ b90e093e7a7250906f1054418b5339c0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:02:52.0019 7680  Nero BackItUp Scheduler 4.0 - ok
13:02:52.0050 7680  [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:02:52.0112 7680  NetBIOS - ok
13:02:52.0159 7680  [ 09594d1089c523423b32a4229263f068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:02:52.0237 7680  NetBT - ok
13:02:52.0268 7680  [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon        C:\Windows\system32\lsass.exe
13:02:52.0284 7680  Netlogon - ok
13:02:52.0315 7680  [ 847d3ae376c0817161a14a82c8922a9e ] Netman          C:\Windows\System32\netman.dll
13:02:52.0409 7680  Netman - ok
13:02:52.0440 7680  [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm        C:\Windows\System32\netprofm.dll
13:02:52.0502 7680  netprofm - ok
13:02:52.0549 7680  [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:52.0580 7680  NetTcpPortSharing - ok
13:02:52.0627 7680  [ 77889813be4d166cdab78ddba990da92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:52.0643 7680  nfrd960 - ok
13:02:52.0674 7680  [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:02:52.0752 7680  NlaSvc - ok
13:02:52.0783 7680  [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:02:52.0861 7680  Npfs - ok
13:02:52.0892 7680  [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:02:52.0955 7680  nsi - ok
13:02:52.0986 7680  [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:02:53.0048 7680  nsiproxy - ok
13:02:53.0158 7680  [ a2f74975097f52a00745f9637451fdd8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:02:53.0267 7680  Ntfs - ok
13:02:53.0298 7680  [ 9899284589f75fa8724ff3d16aed75c1 ] Null            C:\Windows\system32\drivers\Null.sys
13:02:53.0376 7680  Null - ok
13:02:53.0407 7680  [ 0a92cb65770442ed0dc44834632f66ad ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:02:53.0438 7680  nvraid - ok
13:02:53.0454 7680  [ dab0e87525c10052bf65f06152f37e4a ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:02:53.0485 7680  nvstor - ok
13:02:53.0501 7680  [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:02:53.0516 7680  nv_agp - ok
13:02:53.0594 7680  [ 649791f5b905e6a8ecced15ad8efd436 ] OberonGameConsoleService C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
13:02:53.0626 7680  OberonGameConsoleService - ok
13:02:53.0704 7680  [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:02:53.0782 7680  odserv - ok
13:02:53.0813 7680  [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:02:53.0844 7680  ohci1394 - ok
13:02:53.0875 7680  [ 5a432a042dae460abe7199b758e8606c ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:53.0906 7680  ose - ok
13:02:53.0953 7680  [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:02:54.0047 7680  p2pimsvc - ok
13:02:54.0078 7680  [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:02:54.0156 7680  p2psvc - ok
13:02:54.0203 7680  [ 0086431c29c35be1dbc43f52cc273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:02:54.0265 7680  Parport - ok
13:02:54.0296 7680  [ e9766131eeade40a27dc27d2d68fba9c ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:02:54.0359 7680  partmgr - ok
13:02:54.0390 7680  [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:02:54.0437 7680  PcaSvc - ok
13:02:54.0468 7680  [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci             C:\Windows\system32\drivers\pci.sys
13:02:54.0499 7680  pci - ok
13:02:54.0530 7680  [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide          C:\Windows\system32\drivers\pciide.sys
13:02:54.0546 7680  pciide - ok
13:02:54.0593 7680  [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:54.0640 7680  pcmcia - ok
13:02:54.0671 7680  [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:02:54.0718 7680  pcw - ok
13:02:54.0749 7680  [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:02:54.0827 7680  PEAUTH - ok
13:02:54.0920 7680  [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:02:54.0998 7680  PerfHost - ok
13:02:55.0092 7680  [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla             C:\Windows\system32\pla.dll
13:02:55.0217 7680  pla - ok
13:02:55.0264 7680  [ e406a33046228bd89f0c2db5c172f19c ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
13:02:55.0279 7680  PLFlash DeviceIoControl Service - ok
13:02:55.0326 7680  [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:02:55.0373 7680  PlugPlay - ok
13:02:55.0404 7680  [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:02:55.0435 7680  PNRPAutoReg - ok
13:02:55.0451 7680  [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:02:55.0482 7680  PNRPsvc - ok
13:02:55.0529 7680  [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:02:55.0591 7680  PolicyAgent - ok
13:02:55.0622 7680  [ 6ba9d927dded70bd1a9caded45f8b184 ] Power           C:\Windows\system32\umpo.dll
13:02:55.0700 7680  Power - ok
13:02:55.0732 7680  [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:02:55.0794 7680  PptpMiniport - ok
13:02:55.0841 7680  [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:02:55.0903 7680  Processor - ok
13:02:55.0950 7680  [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:02:55.0997 7680  ProfSvc - ok
13:02:56.0012 7680  [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:56.0044 7680  ProtectedStorage - ok
13:02:56.0075 7680  [ 0557cf5a2556bd58e26384169d72438d ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:02:56.0168 7680  Psched - ok
13:02:56.0215 7680  [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:02:56.0371 7680  ql2300 - ok
13:02:56.0418 7680  [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:56.0449 7680  ql40xx - ok
13:02:56.0480 7680  [ 906191634e99aea92c4816150bda3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:02:56.0512 7680  QWAVE - ok
13:02:56.0527 7680  [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:02:56.0574 7680  QWAVEdrv - ok
13:02:56.0605 7680  [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:02:56.0668 7680  RasAcd - ok
13:02:56.0714 7680  [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:56.0777 7680  RasAgileVpn - ok
13:02:56.0824 7680  [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:02:56.0886 7680  RasAuto - ok
13:02:56.0917 7680  [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:56.0995 7680  Rasl2tp - ok
13:02:57.0042 7680  [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan          C:\Windows\System32\rasmans.dll
13:02:57.0198 7680  RasMan - ok
13:02:57.0245 7680  [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:57.0338 7680  RasPppoe - ok
13:02:57.0370 7680  [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:02:57.0416 7680  RasSstp - ok
13:02:57.0463 7680  [ 77f665941019a1594d887a74f301fa2f ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:02:57.0541 7680  rdbss - ok
13:02:57.0572 7680  [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:57.0604 7680  rdpbus - ok
13:02:57.0619 7680  [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:57.0682 7680  RDPCDD - ok
13:02:57.0728 7680  [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:02:57.0806 7680  RDPENCDD - ok
13:02:57.0838 7680  [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:02:57.0900 7680  RDPREFMP - ok
13:02:57.0931 7680  [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:02:57.0994 7680  RDPWD - ok
13:02:58.0040 7680  [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:02:58.0056 7680  rdyboost - ok
13:02:58.0103 7680  [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:02:58.0228 7680  RemoteAccess - ok
13:02:58.0274 7680  [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:02:58.0352 7680  RemoteRegistry - ok
13:02:58.0368 7680  [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:02:58.0477 7680  RpcEptMapper - ok
13:02:58.0508 7680  [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator      C:\Windows\system32\locator.exe
13:02:58.0540 7680  RpcLocator - ok
13:02:58.0586 7680  [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:02:58.0633 7680  RpcSs - ok
13:02:58.0680 7680  [ ddc86e4f8e7456261e637e3552e804ff ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:02:58.0742 7680  rspndr - ok
13:02:58.0774 7680  [ c118a82cd78818c29ab228366ebf81c3 ] SamSs           C:\Windows\system32\lsass.exe
13:02:58.0789 7680  SamSs - ok
13:02:58.0805 7680  [ ac03af3329579fffb455aa2daabbe22b ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:02:58.0836 7680  sbp2port - ok
13:02:58.0852 7680  SBRE - ok
13:02:58.0883 7680  [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:02:58.0930 7680  SCardSvr - ok
13:02:58.0976 7680  [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:02:59.0039 7680  scfilter - ok
13:02:59.0101 7680  [ 262f6592c3299c005fd6bec90fc4463a ] Schedule        C:\Windows\system32\schedsvc.dll
13:02:59.0210 7680  Schedule - ok
13:02:59.0242 7680  [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:02:59.0288 7680  SCPolicySvc - ok
13:02:59.0320 7680  [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:02:59.0366 7680  SDRSVC - ok
13:02:59.0398 7680  [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:02:59.0460 7680  secdrv - ok
13:02:59.0507 7680  [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon        C:\Windows\system32\seclogon.dll
13:02:59.0616 7680  seclogon - ok
13:02:59.0663 7680  [ c32ab8fa018ef34c0f113bd501436d21 ] SENS            C:\Windows\System32\sens.dll
13:02:59.0725 7680  SENS - ok
13:02:59.0756 7680  [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:02:59.0788 7680  SensrSvc - ok
13:02:59.0819 7680  [ cb624c0035412af0debec78c41f5ca1b ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:02:59.0850 7680  Serenum - ok
13:02:59.0866 7680  [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:02:59.0912 7680  Serial - ok
13:02:59.0944 7680  [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:03:00.0006 7680  sermouse - ok
13:03:00.0068 7680  [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:03:00.0178 7680  SessionEnv - ok
13:03:00.0193 7680  [ a554811bcd09279536440c964ae35bbf ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:03:00.0240 7680  sffdisk - ok
13:03:00.0256 7680  [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:03:00.0302 7680  sffp_mmc - ok
13:03:00.0318 7680  [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:03:00.0349 7680  sffp_sd - ok
13:03:00.0380 7680  [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:03:00.0443 7680  sfloppy - ok
13:03:00.0505 7680  [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:03:00.0568 7680  ShellHWDetection - ok
13:03:00.0614 7680  [ 1bc348cf6baa90ec8e533ef6e6a69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
13:03:00.0646 7680  SiSGbeLH - ok
13:03:00.0677 7680  [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:00.0708 7680  SiSRaid2 - ok
13:03:00.0739 7680  [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:00.0770 7680  SiSRaid4 - ok
13:03:00.0802 7680  [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:03:00.0895 7680  Smb - ok
13:03:00.0958 7680  [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:03:00.0989 7680  SNMPTRAP - ok
13:03:01.0098 7680  [ 1d8474722cdffbb8fca5fa12c50a05a2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
13:03:01.0223 7680  SNP2UVC - ok
13:03:01.0238 7680  [ b9e31e5cacdfe584f34f730a677803f9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:03:01.0254 7680  spldr - ok
13:03:01.0285 7680  [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler         C:\Windows\System32\spoolsv.exe
13:03:01.0363 7680  Spooler - ok
13:03:01.0488 7680  [ e17e0188bb90fae42d83e98707efa59c ] sppsvc          C:\Windows\system32\sppsvc.exe
13:03:01.0738 7680  sppsvc - ok
13:03:01.0784 7680  [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:03:01.0847 7680  sppuinotify - ok
13:03:01.0925 7680  [ 602884696850c86434530790b110e8eb ] sptd            C:\Windows\system32\Drivers\sptd.sys
13:03:01.0925 7680  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
13:03:01.0940 7680  sptd ( LockedFile.Multi.Generic ) - warning
13:03:01.0940 7680  sptd - detected LockedFile.Multi.Generic (1)
13:03:01.0987 7680  [ 441fba48bff01fdb9d5969ebc1838f0b ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:03:02.0050 7680  srv - ok
13:03:02.0112 7680  [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:03:02.0190 7680  srv2 - ok
13:03:02.0221 7680  [ 27e461f0be5bff5fc737328f749538c3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:03:02.0268 7680  srvnet - ok
13:03:02.0299 7680  [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:03:02.0393 7680  SSDPSRV - ok
13:03:02.0424 7680  [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:03:02.0549 7680  SstpSvc - ok
13:03:02.0580 7680  StarOpen - ok
13:03:02.0611 7680  [ f3817967ed533d08327dc73bc4d5542a ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:03:02.0642 7680  stexstor - ok
13:03:02.0705 7680  [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:03:02.0798 7680  stisvc - ok
13:03:02.0814 7680  [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:03:02.0830 7680  swenum - ok
13:03:02.0876 7680  [ e08e46fdd841b7184194011ca1955a0b ] swprv           C:\Windows\System32\swprv.dll
13:03:02.0954 7680  swprv - ok
13:03:03.0032 7680  [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain         C:\Windows\system32\sysmain.dll
13:03:03.0220 7680  SysMain - ok
13:03:03.0251 7680  [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:03:03.0282 7680  TabletInputService - ok
13:03:03.0313 7680  [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:03:03.0376 7680  TapiSrv - ok
13:03:03.0407 7680  [ 1be03ac720f4d302ea01d40f588162f6 ] TBS             C:\Windows\System32\tbssvc.dll
13:03:03.0532 7680  TBS - ok
13:03:03.0641 7680  [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:03:03.0750 7680  Tcpip - ok
13:03:03.0812 7680  [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:03:03.0859 7680  TCPIP6 - ok
13:03:03.0906 7680  [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:03:03.0984 7680  tcpipreg - ok
13:03:04.0031 7680  [ 3371d21011695b16333a3934340c4e7c ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:03:04.0078 7680  TDPIPE - ok
13:03:04.0109 7680  [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:03:04.0140 7680  TDTCP - ok
13:03:04.0187 7680  [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:03:04.0265 7680  tdx - ok
13:03:04.0296 7680  [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:03:04.0343 7680  TermDD - ok
13:03:04.0374 7680  [ 2e648163254233755035b46dd7b89123 ] TermService     C:\Windows\System32\termsrv.dll
13:03:04.0468 7680  TermService - ok
13:03:04.0499 7680  [ f0344071948d1a1fa732231785a0664c ] Themes          C:\Windows\system32\themeservice.dll
13:03:04.0546 7680  Themes - ok
13:03:04.0577 7680  [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER     C:\Windows\system32\mmcss.dll
13:03:04.0624 7680  THREADORDER - ok
13:03:04.0670 7680  [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks          C:\Windows\System32\trkwks.dll
13:03:04.0733 7680  TrkWks - ok
13:03:04.0795 7680  [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:03:04.0889 7680  TrustedInstaller - ok
13:03:04.0936 7680  [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:04.0998 7680  tssecsrv - ok
13:03:05.0029 7680  [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:03:05.0060 7680  TsUsbFlt - ok
13:03:05.0123 7680  [ 3566a8daafa27af944f5d705eaa64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:03:05.0185 7680  tunnel - ok
13:03:05.0216 7680  [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:03:05.0248 7680  uagp35 - ok
13:03:05.0294 7680  [ ff4232a1a64012baa1fd97c7b67df593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:03:05.0372 7680  udfs - ok
13:03:05.0419 7680  [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:03:05.0466 7680  UI0Detect - ok
13:03:05.0482 7680  [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:03:05.0497 7680  uliagpkx - ok
13:03:05.0528 7680  [ dc54a574663a895c8763af0fa1ff7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
13:03:05.0560 7680  umbus - ok
13:03:05.0591 7680  [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:03:05.0622 7680  UmPass - ok
13:03:05.0653 7680  [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost        C:\Windows\System32\upnphost.dll
13:03:05.0716 7680  upnphost - ok
13:03:05.0747 7680  [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:05.0762 7680  usbccgp - ok
13:03:05.0794 7680  [ af0892a803fdda7492f595368e3b68e7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:03:05.0825 7680  usbcir - ok
13:03:05.0840 7680  [ c025055fe7b87701eb042095df1a2d7b ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:03:05.0887 7680  usbehci - ok
13:03:05.0918 7680  [ 6648c6d7323a2ce0c4776c36cefbcb14 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
13:03:05.0950 7680  usbfilter - ok
13:03:05.0981 7680  [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:03:06.0028 7680  usbhub - ok
13:03:06.0059 7680  [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:03:06.0074 7680  usbohci - ok
13:03:06.0106 7680  [ 73188f58fb384e75c4063d29413cee3d ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:03:06.0137 7680  usbprint - ok
13:03:06.0168 7680  [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:06.0199 7680  USBSTOR - ok
13:03:06.0215 7680  [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:03:06.0246 7680  usbuhci - ok
13:03:06.0293 7680  [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:03:06.0324 7680  usbvideo - ok
13:03:06.0355 7680  [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms           C:\Windows\System32\uxsms.dll
13:03:06.0418 7680  UxSms - ok
13:03:06.0449 7680  [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:03:06.0464 7680  VaultSvc - ok
13:03:06.0496 7680  [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:03:06.0527 7680  vdrvroot - ok
13:03:06.0574 7680  [ 8d6b481601d01a456e75c3210f1830be ] vds             C:\Windows\System32\vds.exe
13:03:06.0698 7680  vds - ok
13:03:06.0730 7680  [ da4da3f5e02943c2dc8c6ed875de68dd ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:06.0761 7680  vga - ok
13:03:06.0776 7680  [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:03:06.0823 7680  VgaSave - ok
13:03:06.0870 7680  [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:03:06.0901 7680  vhdmp - ok
13:03:06.0979 7680  [ fe595d1a1b781190bb483444b62cc607 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:03:07.0057 7680  VIAHdAudAddService - ok
13:03:07.0088 7680  [ e5689d93ffe4e5d66c0178761240dd54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:03:07.0104 7680  viaide - ok
13:03:07.0120 7680  [ d2aafd421940f640b407aefaaebd91b0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:03:07.0135 7680  volmgr - ok
13:03:07.0166 7680  [ a255814907c89be58b79ef2f189b843b ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:03:07.0198 7680  volmgrx - ok
13:03:07.0213 7680  [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:03:07.0244 7680  volsnap - ok
13:03:07.0291 7680  [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:07.0307 7680  vsmraid - ok
13:03:07.0400 7680  [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS             C:\Windows\system32\vssvc.exe
13:03:07.0541 7680  VSS - ok
13:03:07.0588 7680  [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:03:07.0619 7680  vwifibus - ok
13:03:07.0634 7680  [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:03:07.0681 7680  vwififlt - ok
13:03:07.0728 7680  [ 1c9d80cc3849b3788048078c26486e1a ] W32Time         C:\Windows\system32\w32time.dll
13:03:07.0822 7680  W32Time - ok
13:03:07.0853 7680  [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:03:07.0884 7680  WacomPen - ok
13:03:07.0931 7680  [ 356afd78a6ed4457169241ac3965230c ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:03:08.0009 7680  WANARP - ok
13:03:08.0024 7680  [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:03:08.0134 7680  Wanarpv6 - ok
13:03:08.0212 7680  [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine        C:\Windows\system32\wbengine.exe
13:03:08.0352 7680  wbengine - ok
13:03:08.0383 7680  [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:03:08.0430 7680  WbioSrvc - ok
13:03:08.0461 7680  [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:03:08.0539 7680  wcncsvc - ok
13:03:08.0570 7680  [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:03:08.0648 7680  WcsPlugInService - ok
13:03:08.0695 7680  [ 72889e16ff12ba0f235467d6091b17dc ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:03:08.0711 7680  Wd - ok
13:03:08.0758 7680  [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:03:08.0836 7680  Wdf01000 - ok
13:03:08.0867 7680  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:03:08.0960 7680  WdiServiceHost - ok
13:03:08.0976 7680  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:03:09.0007 7680  WdiSystemHost - ok
13:03:09.0038 7680  [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:03:09.0085 7680  WebClient - ok
13:03:09.0101 7680  [ c749025a679c5103e575e3b48e092c43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:03:09.0194 7680  Wecsvc - ok
13:03:09.0226 7680  [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:03:09.0288 7680  wercplsupport - ok
13:03:09.0319 7680  [ 6d137963730144698cbd10f202e9f251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:03:09.0382 7680  WerSvc - ok
13:03:09.0428 7680  [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:09.0475 7680  WfpLwf - ok
13:03:09.0538 7680  [ 52ded146e4797e6ccf94799e8e22bb2a ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:03:09.0553 7680  WimFltr - ok
13:03:09.0584 7680  [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:03:09.0600 7680  WIMMount - ok
13:03:09.0616 7680  WinHttpAutoProxySvc - ok
13:03:09.0678 7680  [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:03:09.0787 7680  Winmgmt - ok
13:03:09.0896 7680  [ bcb1310604aa415c4508708975b3931e ] WinRM           C:\Windows\system32\WsmSvc.dll
13:03:10.0068 7680  WinRM - ok
13:03:10.0130 7680  [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:03:10.0208 7680  Wlansvc - ok
13:03:10.0380 7680  [ 98f138897ef4246381d197cb81846d62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:03:10.0489 7680  wlidsvc - ok
13:03:10.0536 7680  [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:03:10.0567 7680  WmiAcpi - ok
13:03:10.0614 7680  [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:03:10.0661 7680  wmiApSrv - ok
13:03:10.0692 7680  WMPNetworkSvc - ok
13:03:10.0723 7680  [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:03:10.0754 7680  WPCSvc - ok
13:03:10.0786 7680  [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:03:10.0817 7680  WPDBusEnum - ok
13:03:10.0848 7680  [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:03:10.0895 7680  ws2ifsl - ok
13:03:10.0910 7680  WSearch - ok
13:03:10.0942 7680  [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:03:10.0988 7680  WudfPf - ok
13:03:11.0035 7680  [ cf8d590be3373029d57af80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:11.0082 7680  WUDFRd - ok
13:03:11.0113 7680  [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:03:11.0176 7680  wudfsvc - ok
13:03:11.0207 7680  [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:03:11.0254 7680  WwanSvc - ok
13:03:11.0285 7680  ================ Scan global ===============================
13:03:11.0316 7680  (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
13:03:11.0347 7680  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:03:11.0363 7680  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:03:11.0394 7680  (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
13:03:11.0425 7680  (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe
13:03:11.0441 7680  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
13:03:11.0441 7680  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
13:03:11.0441 7680  ================ Scan MBR ==================================
13:03:11.0472 7680  MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:03:12.0174 7680  \Device\Harddisk0\DR0 - ok
13:03:12.0174 7680  ================ Scan VBR ==================================
13:03:12.0190 7680  Boot (0x1200)   (4f86c15403ac3d811325aea1415ca36f) \Device\Harddisk0\DR0\Partition1
13:03:12.0190 7680  \Device\Harddisk0\DR0\Partition1 - ok
13:03:12.0205 7680  Boot (0x1200)   (9a2791439d13ab158aa1afe5ecc34ac7) \Device\Harddisk0\DR0\Partition2
13:03:12.0221 7680  \Device\Harddisk0\DR0\Partition2 - ok
13:03:12.0221 7680  ============================================================
13:03:12.0221 7680  Scan finished
13:03:12.0221 7680  ============================================================
13:03:12.0252 5684  Detected object count: 4
13:03:12.0252 5684  Actual detected object count: 4
13:03:37.0586 5684  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:37.0586 5684  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:03:37.0602 5684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:37.0602 5684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:03:37.0602 5684  sptd ( LockedFile.Multi.Generic ) - skipped by user
13:03:37.0602 5684  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:03:37.0602 5684  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
13:03:37.0602 5684  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip 
13:03:52.0953 7516  Deinitialize success
         

Alt 20.08.2012, 17:11   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Code:
ATTFilter
C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
         
Der ZAccess ist noch aktiv, starte mal den TDSS-Killer erneut, lass ihn scannen, und von den Ergebnissen bitte alle anderen skippen, nur diesen ZAccess bitte fixen (CURE bzw. DELETE, je nachdem was angeboten wird)
Danach Windows neu starten und einen neuen Scan mit dem TDSS-Killer machen und posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.08.2012, 20:19   #26
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Das erste Log (vom Scan mit Löschung) hab ich jetzt nicht mit dran, der Text war zu lang.... Beim zweiten Sacn (nach der Löschung) hatt ich nur noch 3 statt 4 Funde, der Virenscanner ist jetzt aber auch echt leise. Danke
Aber: Die Firewall geht immer noch nicht an, gleicher Fehlercode....


Code:
ATTFilter
21:12:03.0595 4516  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
21:12:03.0689 4516  ============================================================
21:12:03.0689 4516  Current date / time: 2012/08/20 21:12:03.0689
21:12:03.0689 4516  SystemInfo:
21:12:03.0689 4516  
21:12:03.0689 4516  OS Version: 6.1.7601 ServicePack: 1.0
21:12:03.0689 4516  Product type: Workstation
21:12:03.0689 4516  ComputerName: D-PC
21:12:03.0689 4516  UserName: D
21:12:03.0689 4516  Windows directory: C:\Windows
21:12:03.0689 4516  System windows directory: C:\Windows
21:12:03.0689 4516  Running under WOW64
21:12:03.0689 4516  Processor architecture: Intel x64
21:12:03.0689 4516  Number of processors: 2
21:12:03.0689 4516  Page size: 0x1000
21:12:03.0689 4516  Boot type: Normal boot
21:12:03.0689 4516  ============================================================
21:12:06.0559 4516  BG loaded
21:12:07.0433 4516  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:12:07.0448 4516  ============================================================
21:12:07.0448 4516  \Device\Harddisk0\DR0:
21:12:07.0464 4516  MBR partitions:
21:12:07.0464 4516  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x74701B0
21:12:07.0479 4516  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91BB367, BlocksNum 0x1400921A
21:12:07.0479 4516  ============================================================
21:12:07.0557 4516  C: <-> \Device\Harddisk0\DR0\Partition1
21:12:07.0635 4516  D: <-> \Device\Harddisk0\DR0\Partition2
21:12:07.0635 4516  ============================================================
21:12:07.0635 4516  Initialize success
21:12:07.0635 4516  ============================================================
21:12:16.0512 4980  ============================================================
21:12:16.0512 4980  Scan started
21:12:16.0512 4980  Mode: Manual; SigCheck; TDLFS; 
21:12:16.0512 4980  ============================================================
21:12:18.0150 4980  ================ Scan services =============================
21:12:18.0743 4980  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:12:18.0930 4980  1394ohci - ok
21:12:19.0023 4980  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:12:19.0070 4980  ACPI - ok
21:12:19.0117 4980  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:12:19.0881 4980  AcpiPmi - ok
21:12:20.0287 4980  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:12:20.0381 4980  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:12:20.0381 4980  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:12:21.0363 4980  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:12:21.0395 4980  AdobeFlashPlayerUpdateSvc - ok
21:12:21.0644 4980  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:12:21.0691 4980  adp94xx - ok
21:12:21.0800 4980  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:12:21.0847 4980  adpahci - ok
21:12:21.0941 4980  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:12:21.0987 4980  adpu320 - ok
21:12:22.0097 4980  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:12:22.0986 4980  AeLookupSvc - ok
21:12:23.0157 4980  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
21:12:23.0189 4980  AFBAgent - ok
21:12:23.0313 4980  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:12:23.0423 4980  AFD - ok
21:12:23.0469 4980  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:12:23.0485 4980  agp440 - ok
21:12:23.0532 4980  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:12:23.0625 4980  ALG - ok
21:12:23.0688 4980  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:12:23.0703 4980  aliide - ok
21:12:23.0750 4980  [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:12:23.0844 4980  AMD External Events Utility - ok
21:12:23.0875 4980  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:12:23.0906 4980  amdide - ok
21:12:23.0937 4980  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:12:24.0031 4980  AmdK8 - ok
21:12:24.0078 4980  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:12:24.0140 4980  AmdPPM - ok
21:12:24.0171 4980  [ 8818A2AB90189B7FF60A24C0847F9A6B ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
21:12:24.0187 4980  amdsata - ok
21:12:24.0234 4980  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:12:24.0281 4980  amdsbs - ok
21:12:24.0312 4980  [ 3C430969F097DEE18D13010D678069CD ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
21:12:24.0343 4980  amdxata - ok
21:12:24.0405 4980  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
21:12:24.0515 4980  AmUStor - ok
21:12:24.0561 4980  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:12:24.0811 4980  AppID - ok
21:12:24.0858 4980  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:12:24.0983 4980  AppIDSvc - ok
21:12:25.0029 4980  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:12:25.0123 4980  Appinfo - ok
21:12:25.0170 4980  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:12:25.0201 4980  arc - ok
21:12:25.0248 4980  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:12:25.0310 4980  arcsas - ok
21:12:25.0373 4980  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
21:12:25.0419 4980  ASLDRService - ok
21:12:25.0482 4980  [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys
21:12:25.0513 4980  ASMMAP64 - ok
21:12:25.0560 4980  [ DF59B8E8DF0BD2E0E303778A3806A17D ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:12:25.0607 4980  aswFsBlk - ok
21:12:25.0622 4980  [ F8E6AB4F876FEFF69250F2E0C29EF004 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:12:25.0653 4980  aswMonFlt - ok
21:12:25.0685 4980  [ AA92BC4BCBA40CA3AA3FFD1BE24F0C09 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:12:25.0716 4980  aswRdr - ok
21:12:25.0825 4980  [ F06E230E1E8CA9437A6474B7B551CD37 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:12:25.0872 4980  aswSnx - ok
21:12:25.0903 4980  [ 3610CA74A69E380424F0452DEC5C1317 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:12:25.0919 4980  aswSP - ok
21:12:25.0934 4980  [ 87DE3E31CB0091D22351349869324065 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:12:25.0950 4980  aswTdi - ok
21:12:25.0981 4980  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:26.0059 4980  AsyncMac - ok
21:12:26.0090 4980  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:12:26.0106 4980  atapi - ok
21:12:26.0184 4980  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:12:26.0277 4980  athr - ok
21:12:26.0340 4980  [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:12:26.0371 4980  AtiHdmiService - ok
21:12:26.0621 4980  [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:12:26.0777 4980  atikmdag - ok
21:12:26.0823 4980  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
21:12:26.0839 4980  AtiPcie - ok
21:12:26.0855 4980  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:12:26.0901 4980  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
21:12:26.0901 4980  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
21:12:26.0979 4980  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:12:27.0089 4980  AudioEndpointBuilder - ok
21:12:27.0120 4980  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:12:27.0182 4980  AudioSrv - ok
21:12:27.0245 4980  [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:12:27.0291 4980  avast! Antivirus - ok
21:12:27.0338 4980  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:12:27.0463 4980  AxInstSV - ok
21:12:27.0525 4980  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:12:27.0588 4980  b06bdrv - ok
21:12:27.0603 4980  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:12:27.0650 4980  b57nd60a - ok
21:12:27.0697 4980  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:12:27.0759 4980  BDESVC - ok
21:12:27.0791 4980  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:12:27.0900 4980  Beep - ok
21:12:27.0915 4980  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:12:27.0962 4980  blbdrive - ok
21:12:28.0009 4980  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:12:28.0087 4980  bowser - ok
21:12:28.0118 4980  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:12:28.0227 4980  BrFiltLo - ok
21:12:28.0243 4980  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:12:28.0290 4980  BrFiltUp - ok
21:12:28.0337 4980  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
21:12:28.0430 4980  Browser - ok
21:12:28.0477 4980  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:12:28.0555 4980  Brserid - ok
21:12:28.0571 4980  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:12:28.0617 4980  BrSerWdm - ok
21:12:28.0649 4980  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:12:28.0695 4980  BrUsbMdm - ok
21:12:28.0727 4980  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:12:28.0758 4980  BrUsbSer - ok
21:12:28.0773 4980  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:12:28.0820 4980  BTHMODEM - ok
21:12:28.0867 4980  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:12:28.0992 4980  bthserv - ok
21:12:29.0023 4980  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:12:29.0085 4980  cdfs - ok
21:12:29.0132 4980  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:12:29.0179 4980  cdrom - ok
21:12:29.0226 4980  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:12:29.0335 4980  CertPropSvc - ok
21:12:29.0366 4980  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:12:29.0397 4980  circlass - ok
21:12:29.0444 4980  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:12:29.0491 4980  CLFS - ok
21:12:29.0600 4980  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:12:29.0631 4980  clr_optimization_v2.0.50727_32 - ok
21:12:29.0678 4980  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:12:29.0694 4980  clr_optimization_v2.0.50727_64 - ok
21:12:29.0741 4980  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:12:29.0865 4980  clr_optimization_v4.0.30319_32 - ok
21:12:29.0928 4980  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:12:29.0959 4980  clr_optimization_v4.0.30319_64 - ok
21:12:30.0021 4980  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:12:30.0068 4980  CmBatt - ok
21:12:30.0084 4980  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:12:30.0099 4980  cmdide - ok
21:12:30.0177 4980  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:12:30.0240 4980  CNG - ok
21:12:30.0287 4980  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:12:30.0349 4980  Compbatt - ok
21:12:30.0380 4980  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:12:30.0427 4980  CompositeBus - ok
21:12:30.0443 4980  COMSysApp - ok
21:12:30.0458 4980  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:12:30.0474 4980  crcdisk - ok
21:12:30.0521 4980  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:12:30.0583 4980  CryptSvc - ok
21:12:30.0661 4980  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:12:30.0739 4980  DcomLaunch - ok
21:12:30.0786 4980  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:12:30.0864 4980  defragsvc - ok
21:12:30.0879 4980  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:12:30.0957 4980  DfsC - ok
21:12:31.0020 4980  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:12:31.0098 4980  Dhcp - ok
21:12:31.0113 4980  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:12:31.0160 4980  discache - ok
21:12:31.0207 4980  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:12:31.0223 4980  Disk - ok
21:12:31.0269 4980  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:12:31.0347 4980  Dnscache - ok
21:12:31.0379 4980  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:12:31.0441 4980  dot3svc - ok
21:12:31.0488 4980  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:12:31.0613 4980  DPS - ok
21:12:31.0644 4980  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:12:31.0722 4980  drmkaud - ok
21:12:31.0831 4980  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:12:31.0862 4980  DXGKrnl - ok
21:12:31.0893 4980  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:12:31.0956 4980  EapHost - ok
21:12:32.0174 4980  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:12:32.0346 4980  ebdrv - ok
21:12:32.0377 4980  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:12:32.0439 4980  EFS - ok
21:12:32.0595 4980  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:12:32.0720 4980  ehRecvr - ok
21:12:32.0783 4980  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:12:32.0876 4980  ehSched - ok
21:12:32.0954 4980  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:12:33.0017 4980  elxstor - ok
21:12:33.0079 4980  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:12:33.0173 4980  ErrDev - ok
21:12:33.0219 4980  [ 1299D1EA00B7A4BF69C5869DCA31E0F6 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
21:12:33.0297 4980  ETD - ok
21:12:33.0360 4980  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:12:33.0485 4980  EventSystem - ok
21:12:33.0516 4980  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:12:33.0609 4980  exfat - ok
21:12:33.0625 4980  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:12:33.0734 4980  fastfat - ok
21:12:33.0797 4980  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:12:33.0859 4980  Fax - ok
21:12:33.0875 4980  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:12:33.0921 4980  fdc - ok
21:12:33.0968 4980  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:12:34.0062 4980  fdPHost - ok
21:12:34.0077 4980  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:12:34.0140 4980  FDResPub - ok
21:12:34.0171 4980  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:12:34.0187 4980  FileInfo - ok
21:12:34.0218 4980  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:12:34.0296 4980  Filetrace - ok
21:12:34.0343 4980  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:34.0374 4980  flpydisk - ok
21:12:34.0421 4980  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:12:34.0467 4980  FltMgr - ok
21:12:34.0655 4980  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:12:34.0795 4980  FontCache - ok
21:12:34.0873 4980  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:12:34.0935 4980  FontCache3.0.0.0 - ok
21:12:34.0967 4980  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:12:34.0998 4980  FsDepends - ok
21:12:35.0045 4980  [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:12:35.0091 4980  fssfltr - ok
21:12:35.0201 4980  [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:12:35.0263 4980  fsssvc - ok
21:12:35.0325 4980  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:12:35.0388 4980  Fs_Rec - ok
21:12:35.0435 4980  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:12:35.0481 4980  fvevol - ok
21:12:35.0544 4980  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:12:35.0559 4980  gagp30kx - ok
21:12:35.0747 4980  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:12:35.0840 4980  gpsvc - ok
21:12:35.0934 4980  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:35.0965 4980  gupdate - ok
21:12:35.0981 4980  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:35.0996 4980  gupdatem - ok
21:12:36.0027 4980  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:12:36.0105 4980  hcw85cir - ok
21:12:36.0152 4980  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:12:36.0199 4980  HdAudAddService - ok
21:12:36.0215 4980  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:12:36.0246 4980  HDAudBus - ok
21:12:36.0277 4980  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:12:36.0308 4980  HidBatt - ok
21:12:36.0339 4980  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:12:36.0386 4980  HidBth - ok
21:12:36.0417 4980  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:12:36.0495 4980  HidIr - ok
21:12:36.0527 4980  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:12:36.0605 4980  hidserv - ok
21:12:36.0667 4980  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:12:36.0714 4980  HidUsb - ok
21:12:36.0761 4980  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:12:36.0885 4980  hkmsvc - ok
21:12:36.0932 4980  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:12:36.0995 4980  HomeGroupListener - ok
21:12:37.0041 4980  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:12:37.0119 4980  HomeGroupProvider - ok
21:12:37.0151 4980  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:12:37.0197 4980  HpSAMD - ok
21:12:37.0307 4980  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:12:37.0385 4980  HTTP - ok
21:12:37.0416 4980  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:12:37.0447 4980  hwpolicy - ok
21:12:37.0478 4980  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:12:37.0509 4980  i8042prt - ok
21:12:37.0572 4980  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:12:37.0619 4980  iaStorV - ok
21:12:37.0681 4980  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:12:37.0728 4980  idsvc - ok
21:12:37.0821 4980  [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL         D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE
21:12:37.0868 4980  IGDCTRL - ok
21:12:37.0915 4980  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:12:37.0931 4980  iirsp - ok
21:12:37.0993 4980  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:12:38.0165 4980  IKEEXT - ok
21:12:38.0196 4980  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:12:38.0227 4980  intelide - ok
21:12:38.0274 4980  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:12:38.0321 4980  intelppm - ok
21:12:38.0352 4980  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:12:38.0461 4980  IPBusEnum - ok
21:12:38.0508 4980  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:12:38.0586 4980  IpFilterDriver - ok
21:12:38.0648 4980  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:12:38.0726 4980  IPMIDRV - ok
21:12:38.0789 4980  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:12:38.0945 4980  IPNAT - ok
21:12:38.0991 4980  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:12:39.0116 4980  IRENUM - ok
21:12:39.0147 4980  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:12:39.0163 4980  isapnp - ok
21:12:39.0225 4980  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:12:39.0288 4980  iScsiPrt - ok
21:12:39.0319 4980  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:12:39.0350 4980  kbdclass - ok
21:12:39.0397 4980  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:12:39.0491 4980  kbdhid - ok
21:12:39.0537 4980  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
21:12:39.0553 4980  kbfiltr - ok
21:12:39.0584 4980  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:12:39.0600 4980  KeyIso - ok
21:12:39.0631 4980  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:12:39.0647 4980  KSecDD - ok
21:12:39.0678 4980  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:12:39.0709 4980  KSecPkg - ok
21:12:39.0740 4980  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:12:39.0849 4980  ksthunk - ok
21:12:39.0881 4980  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:12:39.0959 4980  KtmRm - ok
21:12:39.0990 4980  [ 1541D77D3EB41177BD7026D49948AA95 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
21:12:40.0021 4980  L1E - ok
21:12:40.0068 4980  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:12:40.0161 4980  LanmanServer - ok
21:12:40.0208 4980  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:12:40.0271 4980  LanmanWorkstation - ok
21:12:40.0286 4980  Lbd - ok
21:12:40.0458 4980  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:12:40.0489 4980  LBTServ - ok
21:12:40.0536 4980  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:12:40.0551 4980  LHidFilt - ok
21:12:40.0583 4980  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:12:40.0676 4980  lltdio - ok
21:12:40.0739 4980  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:12:40.0848 4980  lltdsvc - ok
21:12:40.0863 4980  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:12:40.0973 4980  lmhosts - ok
21:12:41.0004 4980  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:12:41.0035 4980  LMouFilt - ok
21:12:41.0082 4980  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:12:41.0113 4980  LSI_FC - ok
21:12:41.0144 4980  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:12:41.0175 4980  LSI_SAS - ok
21:12:41.0207 4980  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:12:41.0238 4980  LSI_SAS2 - ok
21:12:41.0269 4980  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:12:41.0285 4980  LSI_SCSI - ok
21:12:41.0316 4980  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:12:41.0378 4980  luafv - ok
21:12:41.0456 4980  [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
21:12:41.0472 4980  LUsbFilt - ok
21:12:41.0519 4980  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:12:41.0565 4980  Mcx2Svc - ok
21:12:41.0597 4980  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:12:41.0628 4980  megasas - ok
21:12:41.0675 4980  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:12:41.0721 4980  MegaSR - ok
21:12:41.0799 4980  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:12:41.0846 4980  Microsoft Office Groove Audit Service - ok
21:12:41.0909 4980  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:12:42.0033 4980  MMCSS - ok
21:12:42.0049 4980  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:12:42.0127 4980  Modem - ok
21:12:42.0174 4980  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:12:42.0205 4980  monitor - ok
21:12:42.0221 4980  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:12:42.0236 4980  mouclass - ok
21:12:42.0267 4980  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:12:42.0299 4980  mouhid - ok
21:12:42.0345 4980  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:12:42.0377 4980  mountmgr - ok
21:12:42.0439 4980  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:12:42.0486 4980  mpio - ok
21:12:42.0533 4980  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:12:42.0595 4980  mpsdrv - ok
21:12:42.0626 4980  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:12:42.0704 4980  MRxDAV - ok
21:12:42.0782 4980  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:12:42.0891 4980  mrxsmb - ok
21:12:42.0923 4980  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:12:42.0954 4980  mrxsmb10 - ok
21:12:43.0001 4980  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:12:43.0047 4980  mrxsmb20 - ok
21:12:43.0094 4980  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:12:43.0125 4980  msahci - ok
21:12:43.0157 4980  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:12:43.0188 4980  msdsm - ok
21:12:43.0219 4980  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:12:43.0313 4980  MSDTC - ok
21:12:43.0359 4980  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:12:43.0406 4980  Msfs - ok
21:12:43.0453 4980  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:12:43.0515 4980  mshidkmdf - ok
21:12:43.0593 4980  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:12:43.0640 4980  msisadrv - ok
21:12:43.0703 4980  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:12:43.0781 4980  MSiSCSI - ok
21:12:43.0796 4980  msiserver - ok
21:12:43.0859 4980  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:12:43.0952 4980  MSKSSRV - ok
21:12:43.0968 4980  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:12:44.0030 4980  MSPCLOCK - ok
21:12:44.0061 4980  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:12:44.0124 4980  MSPQM - ok
21:12:44.0171 4980  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:12:44.0202 4980  MsRPC - ok
21:12:44.0249 4980  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:12:44.0264 4980  mssmbios - ok
21:12:44.0311 4980  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:12:44.0373 4980  MSTEE - ok
21:12:44.0405 4980  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:12:44.0451 4980  MTConfig - ok
21:12:44.0483 4980  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:12:44.0498 4980  MTsensor - ok
21:12:44.0545 4980  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:12:44.0592 4980  Mup - ok
21:12:44.0654 4980  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:12:44.0763 4980  napagent - ok
21:12:44.0810 4980  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:12:44.0873 4980  NativeWifiP - ok
21:12:44.0935 4980  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:12:45.0029 4980  NDIS - ok
21:12:45.0075 4980  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:12:45.0185 4980  NdisCap - ok
21:12:45.0231 4980  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:12:45.0309 4980  NdisTapi - ok
21:12:45.0341 4980  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:12:45.0450 4980  Ndisuio - ok
21:12:45.0497 4980  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:12:45.0606 4980  NdisWan - ok
21:12:45.0637 4980  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:12:45.0684 4980  NDProxy - ok
21:12:45.0918 4980  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:12:45.0996 4980  Nero BackItUp Scheduler 4.0 - ok
21:12:46.0027 4980  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:12:46.0089 4980  NetBIOS - ok
21:12:46.0136 4980  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:12:46.0230 4980  NetBT - ok
21:12:46.0261 4980  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:12:46.0277 4980  Netlogon - ok
21:12:46.0339 4980  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:12:46.0417 4980  Netman - ok
21:12:46.0464 4980  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:12:46.0589 4980  netprofm - ok
21:12:46.0667 4980  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:12:46.0713 4980  NetTcpPortSharing - ok
21:12:46.0760 4980  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:12:46.0791 4980  nfrd960 - ok
21:12:46.0901 4980  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:12:46.0979 4980  NlaSvc - ok
21:12:47.0025 4980  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:12:47.0103 4980  Npfs - ok
21:12:47.0135 4980  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:12:47.0197 4980  nsi - ok
21:12:47.0228 4980  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:12:47.0291 4980  nsiproxy - ok
21:12:47.0587 4980  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:12:47.0712 4980  Ntfs - ok
21:12:47.0821 4980  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:12:47.0930 4980  Null - ok
21:12:48.0008 4980  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:12:48.0024 4980  nvraid - ok
21:12:48.0055 4980  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:12:48.0086 4980  nvstor - ok
21:12:48.0133 4980  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:12:48.0164 4980  nv_agp - ok
21:12:48.0242 4980  [ 649791F5B905E6A8ECCED15AD8EFD436 ] OberonGameConsoleService C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
21:12:48.0273 4980  OberonGameConsoleService - ok
21:12:48.0367 4980  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:12:48.0476 4980  odserv - ok
21:12:48.0523 4980  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:12:48.0570 4980  ohci1394 - ok
21:12:48.0617 4980  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:48.0648 4980  ose - ok
21:12:48.0788 4980  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:12:48.0882 4980  p2pimsvc - ok
21:12:48.0913 4980  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:12:48.0975 4980  p2psvc - ok
21:12:49.0007 4980  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:12:49.0069 4980  Parport - ok
21:12:49.0131 4980  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:12:49.0147 4980  partmgr - ok
21:12:49.0178 4980  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:12:49.0256 4980  PcaSvc - ok
21:12:49.0303 4980  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:12:49.0397 4980  pci - ok
21:12:49.0475 4980  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:12:49.0521 4980  pciide - ok
21:12:49.0599 4980  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:12:49.0646 4980  pcmcia - ok
21:12:49.0677 4980  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:12:49.0724 4980  pcw - ok
21:12:50.0005 4980  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:12:50.0083 4980  PEAUTH - ok
21:12:50.0239 4980  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:12:50.0270 4980  PerfHost - ok
21:12:50.0333 4980  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:12:50.0426 4980  pla - ok
21:12:50.0520 4980  [ E406A33046228BD89F0C2DB5C172F19C ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
21:12:50.0535 4980  PLFlash DeviceIoControl Service - ok
21:12:50.0582 4980  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:12:50.0629 4980  PlugPlay - ok
21:12:50.0645 4980  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:12:50.0676 4980  PNRPAutoReg - ok
21:12:50.0691 4980  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:12:50.0738 4980  PNRPsvc - ok
21:12:50.0832 4980  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:12:50.0941 4980  PolicyAgent - ok
21:12:51.0035 4980  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:12:51.0113 4980  Power - ok
21:12:51.0144 4980  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:12:51.0222 4980  PptpMiniport - ok
21:12:51.0269 4980  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:12:51.0300 4980  Processor - ok
21:12:51.0362 4980  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:12:51.0425 4980  ProfSvc - ok
21:12:51.0440 4980  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:12:51.0456 4980  ProtectedStorage - ok
21:12:51.0503 4980  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:12:51.0565 4980  Psched - ok
21:12:51.0612 4980  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:12:51.0737 4980  ql2300 - ok
21:12:51.0768 4980  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:12:51.0799 4980  ql40xx - ok
21:12:51.0830 4980  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:12:51.0861 4980  QWAVE - ok
21:12:51.0893 4980  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:12:51.0939 4980  QWAVEdrv - ok
21:12:51.0971 4980  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:12:52.0080 4980  RasAcd - ok
21:12:52.0111 4980  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:12:52.0173 4980  RasAgileVpn - ok
21:12:52.0205 4980  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:12:52.0283 4980  RasAuto - ok
21:12:52.0329 4980  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:52.0392 4980  Rasl2tp - ok
21:12:52.0454 4980  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:12:52.0610 4980  RasMan - ok
21:12:52.0673 4980  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:52.0813 4980  RasPppoe - ok
21:12:52.0875 4980  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:12:52.0953 4980  RasSstp - ok
21:12:53.0063 4980  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:12:53.0125 4980  rdbss - ok
21:12:53.0156 4980  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:12:53.0203 4980  rdpbus - ok
21:12:53.0234 4980  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:53.0297 4980  RDPCDD - ok
21:12:53.0343 4980  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:12:53.0406 4980  RDPENCDD - ok
21:12:53.0437 4980  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:12:53.0546 4980  RDPREFMP - ok
21:12:53.0577 4980  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:12:53.0624 4980  RDPWD - ok
21:12:53.0671 4980  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:12:53.0702 4980  rdyboost - ok
21:12:53.0733 4980  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:12:53.0796 4980  RemoteAccess - ok
21:12:53.0843 4980  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:12:53.0936 4980  RemoteRegistry - ok
21:12:53.0952 4980  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:12:54.0030 4980  RpcEptMapper - ok
21:12:54.0092 4980  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:12:54.0155 4980  RpcLocator - ok
21:12:54.0233 4980  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:12:54.0311 4980  RpcSs - ok
21:12:54.0357 4980  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:12:54.0404 4980  rspndr - ok
21:12:54.0435 4980  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:12:54.0451 4980  SamSs - ok
21:12:54.0498 4980  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:12:54.0529 4980  sbp2port - ok
21:12:54.0560 4980  SBRE - ok
21:12:54.0607 4980  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:12:54.0685 4980  SCardSvr - ok
21:12:54.0732 4980  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:12:54.0825 4980  scfilter - ok
21:12:54.0872 4980  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:12:54.0950 4980  Schedule - ok
21:12:54.0981 4980  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:12:55.0075 4980  SCPolicySvc - ok
21:12:55.0122 4980  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:12:55.0184 4980  SDRSVC - ok
21:12:55.0215 4980  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:12:55.0278 4980  secdrv - ok
21:12:55.0356 4980  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:12:55.0418 4980  seclogon - ok
21:12:55.0465 4980  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:12:55.0559 4980  SENS - ok
21:12:55.0605 4980  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:12:55.0699 4980  SensrSvc - ok
21:12:55.0715 4980  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:12:55.0746 4980  Serenum - ok
21:12:55.0777 4980  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:12:55.0808 4980  Serial - ok
21:12:55.0839 4980  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:12:55.0902 4980  sermouse - ok
21:12:55.0949 4980  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:12:56.0089 4980  SessionEnv - ok
21:12:56.0136 4980  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:12:56.0198 4980  sffdisk - ok
21:12:56.0229 4980  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:12:56.0261 4980  sffp_mmc - ok
21:12:56.0276 4980  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:12:56.0448 4980  sffp_sd - ok
21:12:56.0479 4980  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:12:56.0541 4980  sfloppy - ok
21:12:56.0604 4980  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:12:56.0713 4980  ShellHWDetection - ok
21:12:56.0760 4980  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
21:12:56.0791 4980  SiSGbeLH - ok
21:12:56.0822 4980  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:12:56.0853 4980  SiSRaid2 - ok
21:12:56.0900 4980  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:12:56.0947 4980  SiSRaid4 - ok
21:12:56.0978 4980  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:12:57.0041 4980  Smb - ok
21:12:57.0103 4980  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:12:57.0150 4980  SNMPTRAP - ok
21:12:57.0399 4980  [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
21:12:57.0462 4980  SNP2UVC - ok
21:12:57.0477 4980  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:12:57.0540 4980  spldr - ok
21:12:57.0649 4980  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
21:12:57.0711 4980  Spooler - ok
21:12:58.0008 4980  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:12:58.0117 4980  sppsvc - ok
21:12:58.0164 4980  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:12:58.0242 4980  sppuinotify - ok
21:12:58.0320 4980  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
21:12:58.0320 4980  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
21:12:58.0320 4980  sptd ( LockedFile.Multi.Generic ) - warning
21:12:58.0320 4980  sptd - detected LockedFile.Multi.Generic (1)
21:12:58.0445 4980  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:12:58.0554 4980  srv - ok
21:12:58.0663 4980  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:12:58.0710 4980  srv2 - ok
21:12:58.0741 4980  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:12:58.0788 4980  srvnet - ok
21:12:58.0819 4980  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:12:58.0897 4980  SSDPSRV - ok
21:12:58.0928 4980  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:12:59.0006 4980  SstpSvc - ok
21:12:59.0037 4980  StarOpen - ok
21:12:59.0084 4980  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:12:59.0147 4980  stexstor - ok
21:12:59.0193 4980  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:12:59.0240 4980  stisvc - ok
21:12:59.0287 4980  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:12:59.0303 4980  swenum - ok
21:12:59.0427 4980  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:12:59.0490 4980  swprv - ok
21:12:59.0599 4980  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:12:59.0661 4980  SysMain - ok
21:12:59.0693 4980  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:12:59.0724 4980  TabletInputService - ok
21:12:59.0755 4980  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:12:59.0849 4980  TapiSrv - ok
21:12:59.0880 4980  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:12:59.0958 4980  TBS - ok
21:13:00.0083 4980  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:13:00.0207 4980  Tcpip - ok
21:13:00.0270 4980  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:13:00.0332 4980  TCPIP6 - ok
21:13:00.0379 4980  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:13:00.0426 4980  tcpipreg - ok
21:13:00.0457 4980  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:13:00.0504 4980  TDPIPE - ok
21:13:00.0535 4980  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:13:00.0566 4980  TDTCP - ok
21:13:00.0629 4980  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:13:00.0675 4980  tdx - ok
21:13:00.0707 4980  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:13:00.0722 4980  TermDD - ok
21:13:00.0785 4980  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:13:00.0941 4980  TermService - ok
21:13:01.0003 4980  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:13:01.0097 4980  Themes - ok
21:13:01.0112 4980  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:13:01.0237 4980  THREADORDER - ok
21:13:01.0299 4980  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:13:01.0393 4980  TrkWks - ok
21:13:01.0549 4980  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:13:01.0627 4980  TrustedInstaller - ok
21:13:01.0658 4980  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:13:01.0721 4980  tssecsrv - ok
21:13:01.0767 4980  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:13:01.0799 4980  TsUsbFlt - ok
21:13:01.0861 4980  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:13:01.0923 4980  tunnel - ok
21:13:01.0986 4980  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:13:02.0001 4980  uagp35 - ok
21:13:02.0126 4980  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:13:02.0282 4980  udfs - ok
21:13:02.0345 4980  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:13:02.0423 4980  UI0Detect - ok
21:13:02.0438 4980  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:13:02.0454 4980  uliagpkx - ok
21:13:02.0485 4980  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:13:02.0501 4980  umbus - ok
21:13:02.0532 4980  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:13:02.0579 4980  UmPass - ok
21:13:02.0625 4980  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:13:02.0703 4980  upnphost - ok
21:13:02.0766 4980  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:13:02.0844 4980  usbccgp - ok
21:13:02.0875 4980  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:13:02.0906 4980  usbcir - ok
21:13:02.0922 4980  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:13:02.0969 4980  usbehci - ok
21:13:03.0000 4980  [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
21:13:03.0047 4980  usbfilter - ok
21:13:03.0093 4980  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:13:03.0140 4980  usbhub - ok
21:13:03.0171 4980  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:13:03.0187 4980  usbohci - ok
21:13:03.0218 4980  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:13:03.0327 4980  usbprint - ok
21:13:03.0343 4980  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:13:03.0390 4980  USBSTOR - ok
21:13:03.0421 4980  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:13:03.0452 4980  usbuhci - ok
21:13:03.0499 4980  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:13:03.0561 4980  usbvideo - ok
21:13:03.0608 4980  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:13:03.0671 4980  UxSms - ok
21:13:03.0702 4980  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:13:03.0733 4980  VaultSvc - ok
21:13:03.0780 4980  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:13:03.0811 4980  vdrvroot - ok
21:13:03.0873 4980  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:13:03.0967 4980  vds - ok
21:13:04.0014 4980  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:13:04.0045 4980  vga - ok
21:13:04.0076 4980  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:13:04.0139 4980  VgaSave - ok
21:13:04.0201 4980  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:13:04.0232 4980  vhdmp - ok
21:13:04.0326 4980  [ FE595D1A1B781190BB483444B62CC607 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:13:04.0388 4980  VIAHdAudAddService - ok
21:13:04.0404 4980  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:13:04.0435 4980  viaide - ok
21:13:04.0451 4980  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:13:04.0482 4980  volmgr - ok
21:13:04.0529 4980  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:13:04.0544 4980  volmgrx - ok
21:13:04.0607 4980  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:13:04.0653 4980  volsnap - ok
21:13:04.0685 4980  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:13:04.0716 4980  vsmraid - ok
21:13:04.0763 4980  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:13:04.0841 4980  VSS - ok
21:13:04.0856 4980  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:13:04.0903 4980  vwifibus - ok
21:13:04.0934 4980  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:13:04.0981 4980  vwififlt - ok
21:13:05.0075 4980  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:13:05.0121 4980  W32Time - ok
21:13:05.0153 4980  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:13:05.0199 4980  WacomPen - ok
21:13:05.0246 4980  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:13:05.0355 4980  WANARP - ok
21:13:05.0371 4980  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:13:05.0433 4980  Wanarpv6 - ok
21:13:05.0605 4980  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:13:05.0714 4980  wbengine - ok
21:13:05.0777 4980  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:13:05.0823 4980  WbioSrvc - ok
21:13:05.0855 4980  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:13:05.0901 4980  wcncsvc - ok
21:13:05.0933 4980  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:13:05.0995 4980  WcsPlugInService - ok
21:13:06.0042 4980  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:13:06.0135 4980  Wd - ok
21:13:06.0260 4980  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:13:06.0323 4980  Wdf01000 - ok
21:13:06.0385 4980  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:13:06.0525 4980  WdiServiceHost - ok
21:13:06.0541 4980  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:13:06.0572 4980  WdiSystemHost - ok
21:13:06.0603 4980  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:13:06.0650 4980  WebClient - ok
21:13:06.0697 4980  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:13:06.0759 4980  Wecsvc - ok
21:13:06.0791 4980  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:13:06.0853 4980  wercplsupport - ok
21:13:06.0900 4980  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:13:07.0025 4980  WerSvc - ok
21:13:07.0056 4980  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:13:07.0134 4980  WfpLwf - ok
21:13:07.0181 4980  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
21:13:07.0212 4980  WimFltr - ok
21:13:07.0259 4980  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:13:07.0305 4980  WIMMount - ok
21:13:07.0321 4980  WinHttpAutoProxySvc - ok
21:13:07.0508 4980  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:13:07.0571 4980  Winmgmt - ok
21:13:07.0773 4980  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:13:07.0929 4980  WinRM - ok
21:13:08.0039 4980  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:13:08.0101 4980  Wlansvc - ok
21:13:08.0507 4980  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:13:08.0553 4980  wlidsvc - ok
21:13:08.0600 4980  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:13:08.0647 4980  WmiAcpi - ok
21:13:08.0709 4980  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:13:08.0756 4980  wmiApSrv - ok
21:13:08.0819 4980  WMPNetworkSvc - ok
21:13:08.0897 4980  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:13:09.0021 4980  WPCSvc - ok
21:13:09.0053 4980  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:13:09.0084 4980  WPDBusEnum - ok
21:13:09.0146 4980  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:13:09.0255 4980  ws2ifsl - ok
21:13:09.0271 4980  WSearch - ok
21:13:09.0302 4980  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:13:09.0349 4980  WudfPf - ok
21:13:09.0443 4980  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:13:09.0505 4980  WUDFRd - ok
21:13:09.0536 4980  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:13:09.0583 4980  wudfsvc - ok
21:13:09.0677 4980  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:13:09.0770 4980  WwanSvc - ok
21:13:09.0817 4980  ================ Scan global ===============================
21:13:09.0848 4980  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:13:09.0942 4980  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:13:09.0957 4980  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:13:10.0035 4980  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:13:10.0145 4980  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:13:10.0160 4980  [Global] - ok
21:13:10.0160 4980  ================ Scan MBR ==================================
21:13:10.0207 4980  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:13:11.0034 4980  \Device\Harddisk0\DR0 - ok
21:13:11.0034 4980  ================ Scan VBR ==================================
21:13:11.0065 4980  [ 4F86C15403AC3D811325AEA1415CA36F ] \Device\Harddisk0\DR0\Partition1
21:13:11.0081 4980  \Device\Harddisk0\DR0\Partition1 - ok
21:13:11.0081 4980  [ 9A2791439D13AB158AA1AFE5ECC34AC7 ] \Device\Harddisk0\DR0\Partition2
21:13:11.0081 4980  \Device\Harddisk0\DR0\Partition2 - ok
21:13:11.0081 4980  ============================================================
21:13:11.0081 4980  Scan finished
21:13:11.0081 4980  ============================================================
21:13:11.0096 4972  Detected object count: 3
21:13:11.0096 4972  Actual detected object count: 3
21:13:15.0683 4972  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:13:15.0683 4972  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:13:15.0683 4972  sptd ( LockedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:13:25.0261 4168  Deinitialize success
         

Alt 21.08.2012, 12:25   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.08.2012, 16:42   #28
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Hey, die Symbole bleiben wo sie sind und die Firewall ist aktiv. Wahnsinn!
CF hat rumgemeckert es würde noch was von Avira laufen, aber Avira hab ich nicht mehrund weder in den Prozessen noch in den Programmen ist noch was von Avira zu finden. Avast hatte ich deaktiviert... Fand ich komisch, hat aber trotzdem scheinbar funktioniert
Jetzt das Log

Code:
ATTFilter
ComboFix 12-08-22.03 - D 23.08.2012  17:05:38.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2204 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-23 bis 2012-08-23  ))))))))))))))))))))))))))))))
.
.
2012-08-23 15:14 . 2012-08-23 15:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-20 19:08 . 2012-08-20 19:08	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-08-15 20:12 . 2012-08-15 20:12	9826504	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-10 15:09 . 2012-08-10 15:09	--------	d-----w-	c:\program files (x86)\ESET
2012-08-08 17:32 . 2012-08-08 17:32	--------	d-----w-	c:\programdata\GFI Software
2012-08-08 12:53 . 2012-08-08 12:53	--------	d-----w-	c:\users\D\AppData\Roaming\Malwarebytes
2012-08-08 12:52 . 2012-08-08 12:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-08 12:52 . 2012-08-08 12:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 12:52 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-08 10:14 . 2012-08-08 10:14	--------	d-----w-	c:\users\D\AppData\Local\Downloaded Installations
2012-08-08 09:45 . 2012-07-03 16:21	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-08 09:45 . 2012-07-03 16:21	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-08 09:45 . 2012-07-03 16:21	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-08-08 09:44 . 2012-07-03 16:21	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-08 09:44 . 2012-07-03 16:21	958400	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-08 09:44 . 2012-07-03 16:21	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-08 09:44 . 2012-07-03 16:21	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-08-08 09:44 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-08-08 09:44 . 2012-07-03 16:21	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-08-08 09:43 . 2012-08-08 09:43	--------	d-----w-	c:\programdata\AVAST Software
2012-08-08 09:43 . 2012-08-08 09:43	--------	d-----w-	c:\program files\AVAST Software
2012-08-04 16:21 . 2012-08-04 16:21	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-08-04 15:45 . 2012-08-04 15:45	--------	d-----w-	C:\Mozilla
2012-07-30 21:52 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 19:09 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-08-15 20:12 . 2012-05-18 07:08	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 20:12 . 2011-06-13 19:02	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 06:36 . 2009-12-25 13:40	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 06:45	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 17:34	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 17:34	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 17:34	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 17:34	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 17:34	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 17:34	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 17:34	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 14:02	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:02	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:02	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:02	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:02	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:02	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:02	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:02	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 14:02	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 06:34	17807360	----a-w-	c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 06:34	10924032	----a-w-	c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 06:34	2311680	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 06:34	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 06:34	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 06:34	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 06:34	237056	----a-w-	c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 06:34	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 06:34	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 06:34	818688	----a-w-	c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 06:34	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 06:34	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 06:34	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 06:34	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 06:34	1800192	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 06:34	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 06:34	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 06:34	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 06:34	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 17:34	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 17:34	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 17:34	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 17:34	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 17:34	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 17:34	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 17:34	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 17:34	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 17:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"GrooveMonitor"="d:\programme (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBAgent"="d:\programme (x86)\Nero\BackIt Up & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"QuickTime Task"="c:\program files (x86)\Panasonic\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-12-2 12862]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-12-21 29184]
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
PHOTOfunSTUDIO 6.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-8-21 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-23 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 IGDCTRL;AVM IGD CTRL Service;d:\programme (x86)\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 20:12]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 18:00]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\k37c4983.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
SafeBoot-27299096.sys
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,8a,5c,4c,dc,39,8f,44,ac,08,33,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,8a,5c,4c,dc,39,8f,44,ac,08,33,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-23  17:23:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-23 15:23
.
Vor Suchlauf: 9 Verzeichnis(se), 25.449.267.200 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.272.897.536 Bytes frei
.
- - End Of File - - 897D764C977112FE28878666386BA135
         

Alt 30.08.2012, 14:21   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.08.2012, 17:11   #30
Over
 
TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Standard

TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750



GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 17:09:26
Windows 6.1.7601 Service Pack 1 
Running: z065m0x9.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB7 0x7B 0x47 0x49 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x78 0x86 0xEA 0xE4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x6B 0x5B 0xF0 0x51 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB7 0x7B 0x47 0x49 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x78 0x86 0xEA 0xE4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x6B 0x5B 0xF0 0x51 ...

---- EOF - GMER 1.0.15 ----
         


OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:15:05 on 30.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BackItUp and BurnRights" - "Nero AG" - D:\Programme (x86)\Nero\BackIt Up & Burn\Nero BurnRights\NeroBurnRights_bb.cpl
"Nero BurnRights" - "Nero AG" - D:\Programme (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\Panasonic\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - ? - C:\Program Files\ATKGFNEX\ASMMAP64.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Lbd" (Lbd) - ? - C:\Windows\System32\DRIVERS\Lbd.sys  (File not found)
"SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - D:\Programme (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - D:\Programme (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - D:\Programme (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme (x86)\WinRAR\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_34.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe  (Shortcut exists | File exists)
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - D:\Programme (x86)\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"PHOTOfunSTUDIO 6.0.lnk" - "Panasonic Corporation" - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"GrooveMonitor" - "Microsoft Corporation" - "D:\Programme (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
"HDAudDeck" - "VIA" - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
"NBAgent" - "Nero AG" - "D:\Programme (x86)\Nero\BackIt Up & Burn\Nero BackItUp\NBAgent.exe" /WinStart
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\Panasonic\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MP810" - "CANON INC." - C:\Windows\system32\CNMLM8A.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\SysWOW64\IoctlSvc.exe
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         


aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 17:17:32
-----------------------------
17:17:32.257    OS Version: Windows x64 6.1.7601 Service Pack 1
17:17:32.257    Number of processors: 2 586 0x301
17:17:32.257    ComputerName: D-PC  UserName: D
17:17:33.895    Initialize success
17:17:34.036    AVAST engine defs: 12082901
17:17:52.319    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:17:52.335    Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 11
17:17:52.366    Disk 0 MBR read successfully
17:17:52.366    Disk 0 MBR scan
17:17:52.381    Disk 0 Windows VISTA default MBR code
17:17:52.413    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    14997 MB offset 2048
17:17:52.444    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        59616 MB offset 30716280
17:17:52.459    Disk 0 Partition - 00     0F Extended LBA            163858 MB offset 152810280
17:17:52.491    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       163858 MB offset 152810343
17:17:52.537    Disk 0 scanning C:\Windows\system32\drivers
17:18:04.830    Service scanning
17:18:23.160    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:18:30.274    Modules scanning
17:18:30.305    Disk 0 trace - called modules:
17:18:30.352    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80034c52c0]<<spew.sys amdxata.sys storport.sys hal.dll amdsata.sys 
17:18:30.368    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003872060]
17:18:30.383    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003805b60]
17:18:30.399    \Driver\amdxata[0xfffffa8003599c90] -> IRP_MJ_CREATE -> 0xfffffa80034c52c0
17:18:30.399    5 amdxata.sys[fffff88000fdc917] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80037ff900]
17:18:30.414    \Driver\amdsata[0xfffffa80035989d0] -> IRP_MJ_CREATE -> 0xfffffa80034c32c0
17:18:31.023    AVAST engine scan C:\Windows
17:18:34.018    AVAST engine scan C:\Windows\system32
17:21:49.954    AVAST engine scan C:\Windows\system32\drivers
17:22:03.495    AVAST engine scan C:\Users\D
17:28:59.907    AVAST engine scan C:\ProgramData
17:30:20.409    Scan finished successfully
18:05:20.341    Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
18:05:20.357    The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR.txt"
         

Antwort

Themen zu TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750
abgesicherten, aufforderung, avira, board, datei, funde, installieren, löschen, melde, modus, namen, natürlich, neu aufgesetzt, neustarten, probleme, programm, quarantäne, rechner, schei, system, tr/atraps.gen, vater, verschieben, win, würde, zusammen



Ähnliche Themen: TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750


  1. TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen
    Log-Analyse und Auswertung - 20.09.2013 (5)
  2. W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (14)
  3. TR/ATRAPS.Gen2 sowie W32/Patched.UC
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (23)
  4. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (10)
  5. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (19)
  6. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  7. W32/Patched.UA, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in System 32
    Log-Analyse und Auswertung - 09.11.2012 (7)
  8. W32/Patched.UA roootkit zero access + TR/ATRAPS.Gen2 TR/Sirefef.
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (2)
  9. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  10. (2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2
    Mülltonne - 07.08.2012 (2)
  11. Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA
    Log-Analyse und Auswertung - 11.07.2012 (28)
  12. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  13. W32/Patched.UA, TR/ATRAPS.GEN und GEN2
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  14. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  15. Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
    Log-Analyse und Auswertung - 27.06.2012 (29)
  16. Atraps.gen2 und W32/patched.ub durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  17. Auch hier W32/Patched.UA, ATRAPS.Gen2 und weitere.
    Log-Analyse und Auswertung - 26.06.2012 (4)

Zum Thema TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 - Hey, ich hab das Log doch gepostet... Wollte nur fragen ob es okay war, dass ich den Virenscanner wieder eingeschaltet hab und, dass sonst alles beim alten ist ;-) - TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750...
Archiv
Du betrachtest: TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.