Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.12.2012, 22:20   #1
ollimojo
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Hallo,

mein Win7 Sicherheitscenter ist deaktiviert und deaktiviert sich nach aktivieren sofort wieder automatisch.
MS Security Essentials habe ich deainstalliert und ESET NOD installiert.
Es wurden keine Viren, etc. gefunden.

Habe im folgenden die OTL-LOGs, mit der Bitte um Hilfe:

Zitat:
OTL logfile created on: 11.12.2012 19:12:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mekle\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,92 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,59% Memory free
5,83 Gb Paging File | 4,65 Gb Available in Paging File | 79,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 903,21 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Y: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 669,07 Gb Free Space | 35,91% Space Free | Partition Type: NTFS

Computer Name: MEKLE-PC1 | User Name: Mekle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.11 18:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mekle\Downloads\OTL.exe
PRC - [2012.11.05 10:29:41 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:02 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.31 15:02:02 | 002,282,920 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012.08.31 14:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.22 10:46:00 | 000,814,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.11.22 10:45:36 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe
PRC - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\avmike.exe
PRC - [2007.08.03 11:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.03 11:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006.06.01 20:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2012.11.05 10:29:25 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.12.16 09:37:54 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2007.03.13 10:28:36 | 000,823,296 | ---- | M] () -- C:\Programme\Common Files\Nero\Lib\log4cxx.dll


========== Services (SafeList) ==========

SRV - [2012.11.22 09:57:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.05 10:29:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.22 10:49:34 | 000,033,584 | ---- | M] (ESET) [On_Demand | Unknown] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.11.22 10:46:00 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.12.20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.06.01 20:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2006.06.01 20:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.21 07:16:32 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.11.21 07:16:32 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.11.21 07:16:30 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.08 17:17:40 | 000,292,840 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2010.12.08 17:17:40 | 000,095,720 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.14 17:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.03.30 09:51:50 | 000,335,224 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 05 E5 78 EC 49 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searct Engine Components\UNS\UNS.exe
IE - HKCU\..\SearchScopes\{EA7847C3-C30D-4114-AEBE-A7B8801505CB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.05 10:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.05 10:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.12.11 17:32:13 | 000,000,000 | ---D | M]

[2012.12.11 18:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mekle\AppData\Roaming\mozilla\Extensions
[2012.11.05 10:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.05 10:29:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.06 16:42:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.08 08:32:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.06 16:42:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.06 16:42:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.06 16:42:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.06 16:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D3AA91-2B71-4EB8-9E8A-6E91481E4737}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.11 18:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.11 18:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.11 18:38:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.11 18:38:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.11 18:38:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.11 18:38:56 | 000,000,000 | --SD | C] -- C:\cofi
[2012.12.11 18:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.11 18:37:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.11 18:14:44 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\Malwarebytes
[2012.12.11 18:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.11 18:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.11 18:14:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.11 18:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.11 18:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\Mozilla
[2012.12.11 18:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Local\Mozilla
[2012.12.11 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.12.11 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.12.11 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.11 16:20:25 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\QuickScan
[2012.11.23 03:01:23 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.23 03:01:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.23 03:01:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.23 03:01:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.23 03:01:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.23 03:00:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.23 03:00:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.23 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.23 03:00:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.23 03:00:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.23 03:00:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.23 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.23 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.22 09:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.11.16 05:06:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 05:06:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 05:06:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 05:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 05:06:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.16 05:06:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 05:06:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

========== Files - Modified Within 30 Days ==========

[2012.12.11 18:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.11 18:14:28 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.11 17:27:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.11 17:27:08 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 17:27:08 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 17:13:08 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.12.11 16:21:17 | 000,672,062 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.11 16:21:17 | 000,623,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 16:21:17 | 000,135,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.11 16:21:17 | 000,111,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.11 16:14:48 | 000,000,512 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.12.11 16:14:21 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WIRIAJWLI.job
[2012.12.11 16:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 16:14:09 | 2347,687,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 13:43:20 | 000,005,632 | ---- | M] () -- C:\DTAUS1
[2012.12.07 15:19:59 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\bdeuii.dll
[2012.12.05 12:39:43 | 000,025,344 | ---- | M] () -- C:\Users\Mekle\Desktop\ED00001
[2012.12.05 12:39:43 | 000,000,256 | ---- | M] () -- C:\Users\Mekle\Desktop\EV01
[2012.11.23 03:22:07 | 000,407,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.22 09:57:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.22 09:57:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012.12.11 18:38:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.11 18:38:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.11 18:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.11 18:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.11 18:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.11 18:14:28 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.11 17:13:08 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.12.07 15:19:59 | 000,114,688 | RHS- | C] () -- C:\Windows\System32\bdeuii.dll
[2012.12.07 15:19:59 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\WIRIAJWLI.job
[2012.12.05 12:39:43 | 000,025,344 | ---- | C] () -- C:\Users\Mekle\Desktop\ED00001
[2012.12.05 12:39:43 | 000,000,256 | ---- | C] () -- C:\Users\Mekle\Desktop\EV01
[2012.11.23 03:01:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.23 03:01:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.04.26 16:13:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.12 19:22:20 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.08.12 17:50:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.12 17:49:56 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.08.12 17:49:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.08.12 17:49:52 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.08.12 17:49:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2011.08.12 17:49:17 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.07.24 17:10:16 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.07.24 12:38:29 | 000,000,512 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.24 10:39:14 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.07.24 10:39:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.07.24 10:39:14 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.07.24 10:34:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.07.24 10:31:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.24 10:31:35 | 000,024,168 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.12 02:30:05 | 000,672,062 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,135,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.03.26 00:10:22 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.26 00:10:20 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.25 23:33:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.09.20 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\AVM
[2011.07.24 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\GHISLER
[2012.12.11 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\QuickScan
[2012.01.05 13:03:51 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\TeamViewer
[2012.08.06 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\XnView

========== Purity Check ==========



< End of report >
Zitat:
OTL Extras logfile created on: 11.12.2012 19:12:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mekle\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,92 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,59% Memory free
5,83 Gb Paging File | 4,65 Gb Available in Paging File | 79,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 903,21 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Y: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 669,07 Gb Free Space | 35,91% Space Free | Partition Type: NTFS

Computer Name: MEKLE-PC1 | User Name: Mekle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F2ED780-869D-4D5E-94FA-7CE82437BD08}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36059ACD-2DC6-4A65-9111-261DF5BE5D0C}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{36735128-9FD0-4F7A-AB1D-40E3DC527DA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F4EBD40-4E00-4EE2-8C25-B662BC5EF2F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{43A945FD-F8A0-4C86-BB0D-CE090F6B46AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C97E992-28CC-4989-9ACD-BDDD4EADA4DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{60EECA66-D102-422F-89A8-4AC107851DA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF6FED3-1092-455C-B549-837EE56CD688}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78168E21-4903-4B1B-9711-6BE1F128479C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C1E7AE7-DB43-4ED0-8EB5-9DE04C6DCCD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{810130AC-AA4B-4643-9D4B-BC226E4763A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{892B93CC-21C2-43C3-A511-60D7E9C4B543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A61EF88-948D-4C4C-94B6-A41BBE476686}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E314E3D-8FB2-4206-BD24-AB3961C2BBD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A24640BE-A1CC-4024-A7CD-02480A0E4CB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6A3D918-CE47-4157-A89A-EB2C76092935}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE00A7FB-42D4-49D5-91DB-2E342BDB1F5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF95743D-1ED5-4A71-943A-BA7E1EBC8523}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{CEECAD2F-DE2F-4ECE-88B1-BE9869B189EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBD61792-39BA-4BB2-806A-279EC0FB7AC7}" = lport=137 | protocol=17 | dir=in | app=system |
"{E207E2B1-C7E9-47CD-9356-9DB40C6B6513}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E261DE5F-BBD7-4BC6-A7AF-AB38EBA0AC4F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EDF1689D-7043-40C7-9FE3-0593787A40C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE4DF942-255C-4F4D-9D82-8EFA94A9A6B0}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A5AB01-F951-4D11-A505-7A10314ED1DC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{309FF97B-99CD-4DC4-99B7-E0E8FB731048}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30EB57F1-CADC-4BF1-9C5B-F1E75D18A6C7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3A1BD43D-662C-4CCA-A6AA-4FB2D9317C6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A8A22E8-22C3-4912-B53E-8C24DD96C298}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{4E35B8D9-2FED-48D7-9464-2DA9DB6E003B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7B51EEE-BC1C-4AC0-898E-DD72E0C0C622}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D44A5FCE-753E-45A1-884F-245DBEFF5080}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3D755FB-D421-4991-B9D6-FAA233A5A8E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{B6E70F2C-8D73-4A29-984E-5C107FB513EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{201B6123-0EA1-48A8-8DA0-ECC46C4CCF7E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27431F11-1288-4ED1-BDBB-43A8E4C19BBE}" = ESET NOD32 Antivirus
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A13C30-44F7-4064-AC1A-AA79E2282DC9}" = Brother MFC-8380DN
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"XnView_is1" = XnView 1.99

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.10.2012 06:18:50 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

Error - 23.10.2012 08:55:35 | Computer Name = Mekle-PC1 | Source = VSS | ID = 8194
Description =

Error - 24.10.2012 10:47:17 | Computer Name = Mekle-PC1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b4b6d ID des fehlerhaften
Prozesses: 0xdb8 Startzeit der fehlerhaften Anwendung: 0x01cdb108114f1b45 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
b43998a3-1de9-11e2-a0eb-f46d0473a85a

Error - 22.11.2012 04:56:48 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

Error - 22.11.2012 22:23:35 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

Error - 23.11.2012 04:24:17 | Computer Name = Mekle-PC1 | Source = Application Hang | ID = 1002
Description = Programm VRNetWorld.exe, Version 4.4.0.20 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b78 Startzeit:
01cdc951bc757128 Endzeit: 0 Anwendungspfad: C:\Program Files\VR-NetWorld\VRNetWorld.exe

Berichts-ID:


Error - 23.11.2012 11:08:58 | Computer Name = Mekle-PC1 | Source = VSS | ID = 8194
Description =

Error - 28.11.2012 22:17:52 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2012 11:04:10 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2012 11:16:05 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 20.11.2012 07:32:03 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 21.11.2012 07:32:20 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 21.11.2012 07:32:20 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 22.11.2012 01:49:24 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.

Error - 22.11.2012 02:49:24 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Modules Installer konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error - 28.11.2012 22:15:35 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 28.11.2012 22:15:35 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069


< End of report >

Alt 12.12.2012, 06:44   #2
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.


Downloade dir bitte ServiceRepair.exe auf deinem Desktop.
Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes.
Das Tool wird einen Neustart verlangen, dies bitte zulassen.



Downloade dir bitte Farbar's Service Scanner
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
[*] Klicke auf Scan.[*] Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.[/list]Poste bitte den Inhalt hier.
__________________

__________________

Alt 12.12.2012, 08:06   #3
ollimojo
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Hallo,

Log FSS.txt
Zitat:
Farbar Service Scanner Version: 10-12-2012
Ran by Mekle (administrator) on 12-12-2012 at 09:02:57
Running from "C:\Users\Mekle\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-16 05:06] - [2012-10-03 17:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
__________________

Alt 12.12.2012, 14:12   #4
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.12.2012, 15:39   #5
ollimojo
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Hallo,

es wurde nicht gefunden:
Das Sicherheitscenter läuft auch wieder sowie auch google- Links wieder korrekt verlinkt werden. ggf. hat Ihr erster Schritt "Farbar's Service Scanner" das Problem beseitigt:

Inhalt der "TDSSKiller"-Log:

Zitat:
16:29:06.0712 1628 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:29:06.0899 1628 ============================================================
16:29:06.0899 1628 Current date / time: 2012/12/12 16:29:06.0899
16:29:06.0899 1628 SystemInfo:
16:29:06.0899 1628
16:29:06.0899 1628 OS Version: 6.1.7601 ServicePack: 1.0
16:29:06.0899 1628 Product type: Workstation
16:29:06.0899 1628 ComputerName: MEKLE-PC1
16:29:06.0899 1628 UserName: Mekle
16:29:06.0899 1628 Windows directory: C:\Windows
16:29:06.0899 1628 System windows directory: C:\Windows
16:29:06.0899 1628 Processor architecture: Intel x86
16:29:06.0899 1628 Number of processors: 4
16:29:06.0899 1628 Page size: 0x1000
16:29:06.0899 1628 Boot type: Normal boot
16:29:06.0899 1628 ============================================================
16:29:07.0711 1628 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:29:07.0726 1628 ============================================================
16:29:07.0726 1628 \Device\Harddisk0\DR0:
16:29:07.0726 1628 MBR partitions:
16:29:07.0726 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:29:07.0726 1628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:29:07.0726 1628 ============================================================
16:29:07.0742 1628 C: <-> \Device\Harddisk0\DR0\Partition2
16:29:07.0742 1628 ============================================================
16:29:07.0742 1628 Initialize success
16:29:07.0742 1628 ============================================================
16:29:13.0873 0616 ============================================================
16:29:13.0873 0616 Scan started
16:29:13.0873 0616 Mode: Manual;
16:29:13.0873 0616 ============================================================
16:29:14.0403 0616 ================ Scan system memory ========================
16:29:14.0403 0616 System memory - ok
16:29:14.0403 0616 ================ Scan services =============================
16:29:14.0512 0616 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:29:14.0512 0616 1394ohci - ok
16:29:14.0543 0616 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:29:14.0543 0616 ACPI - ok
16:29:14.0559 0616 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:29:14.0559 0616 AcpiPmi - ok
16:29:14.0621 0616 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:29:14.0621 0616 AdobeARMservice - ok
16:29:14.0668 0616 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:29:14.0684 0616 AdobeFlashPlayerUpdateSvc - ok
16:29:14.0699 0616 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:29:14.0699 0616 adp94xx - ok
16:29:14.0715 0616 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:29:14.0715 0616 adpahci - ok
16:29:14.0731 0616 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:29:14.0731 0616 adpu320 - ok
16:29:14.0762 0616 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:29:14.0762 0616 AeLookupSvc - ok
16:29:14.0793 0616 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:29:14.0793 0616 AFD - ok
16:29:14.0793 0616 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:29:14.0793 0616 agp440 - ok
16:29:14.0824 0616 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:29:14.0824 0616 aic78xx - ok
16:29:14.0824 0616 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:29:14.0840 0616 ALG - ok
16:29:14.0840 0616 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:29:14.0855 0616 aliide - ok
16:29:14.0871 0616 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:29:14.0871 0616 amdagp - ok
16:29:14.0887 0616 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:29:14.0887 0616 amdide - ok
16:29:14.0887 0616 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:29:14.0887 0616 AmdK8 - ok
16:29:14.0902 0616 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:29:14.0902 0616 AmdPPM - ok
16:29:14.0918 0616 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:29:14.0933 0616 amdsata - ok
16:29:14.0933 0616 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:29:14.0965 0616 amdsbs - ok
16:29:14.0980 0616 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:29:14.0980 0616 amdxata - ok
16:29:15.0011 0616 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:29:15.0011 0616 AppID - ok
16:29:15.0027 0616 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:29:15.0027 0616 AppIDSvc - ok
16:29:15.0043 0616 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:29:15.0043 0616 Appinfo - ok
16:29:15.0074 0616 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:29:15.0074 0616 AppMgmt - ok
16:29:15.0074 0616 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:29:15.0074 0616 arc - ok
16:29:15.0089 0616 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:29:15.0089 0616 arcsas - ok
16:29:15.0105 0616 [ 3413610C3956765DBB2EF656019929FB ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:29:15.0121 0616 asmthub3 - ok
16:29:15.0136 0616 [ F8074A66210ABBB28F855269B3C14CB2 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:29:15.0136 0616 asmtxhci - ok
16:29:15.0167 0616 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:29:15.0167 0616 AsyncMac - ok
16:29:15.0183 0616 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:29:15.0183 0616 atapi - ok
16:29:15.0199 0616 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:29:15.0199 0616 AudioEndpointBuilder - ok
16:29:15.0199 0616 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:29:15.0199 0616 Audiosrv - ok
16:29:15.0261 0616 [ E011CD533A4F67F194B43666AE05EDA9 ] avmike C:\Program Files\FRITZ!Fernzugang\avmike.exe
16:29:15.0261 0616 avmike - ok
16:29:15.0261 0616 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:29:15.0277 0616 AxInstSV - ok
16:29:15.0277 0616 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:29:15.0292 0616 b06bdrv - ok
16:29:15.0308 0616 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:29:15.0308 0616 b57nd60x - ok
16:29:15.0323 0616 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:29:15.0323 0616 BDESVC - ok
16:29:15.0323 0616 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:29:15.0339 0616 Beep - ok
16:29:15.0370 0616 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:29:15.0370 0616 BFE - ok
16:29:15.0401 0616 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:29:15.0401 0616 BITS - ok
16:29:15.0417 0616 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:29:15.0417 0616 blbdrive - ok
16:29:15.0433 0616 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:29:15.0433 0616 bowser - ok
16:29:15.0448 0616 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:29:15.0448 0616 BrFiltLo - ok
16:29:15.0448 0616 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:29:15.0448 0616 BrFiltUp - ok
16:29:15.0479 0616 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:29:15.0495 0616 BridgeMP - ok
16:29:15.0511 0616 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:29:15.0511 0616 Browser - ok
16:29:15.0526 0616 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:29:15.0526 0616 Brserid - ok
16:29:15.0542 0616 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:29:15.0542 0616 BrSerWdm - ok
16:29:15.0542 0616 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:29:15.0542 0616 BrUsbMdm - ok
16:29:15.0542 0616 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:29:15.0542 0616 BrUsbSer - ok
16:29:15.0557 0616 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:29:15.0557 0616 BTHMODEM - ok
16:29:15.0573 0616 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:29:15.0573 0616 bthserv - ok
16:29:15.0589 0616 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:29:15.0589 0616 cdfs - ok
16:29:15.0604 0616 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:29:15.0604 0616 cdrom - ok
16:29:15.0604 0616 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:29:15.0604 0616 CertPropSvc - ok
16:29:15.0667 0616 [ 32416A00199B83F3CB19A504A226A519 ] certsrv C:\Program Files\FRITZ!Fernzugang\certsrv.exe
16:29:15.0667 0616 certsrv - ok
16:29:15.0682 0616 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:29:15.0682 0616 circlass - ok
16:29:15.0698 0616 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:29:15.0698 0616 CLFS - ok
16:29:15.0745 0616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:29:15.0745 0616 clr_optimization_v2.0.50727_32 - ok
16:29:15.0776 0616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:29:15.0776 0616 clr_optimization_v4.0.30319_32 - ok
16:29:15.0791 0616 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:29:15.0791 0616 CmBatt - ok
16:29:15.0791 0616 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:29:15.0791 0616 cmdide - ok
16:29:15.0823 0616 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:29:15.0838 0616 CNG - ok
16:29:15.0838 0616 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:29:15.0838 0616 Compbatt - ok
16:29:15.0838 0616 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:29:15.0838 0616 CompositeBus - ok
16:29:15.0854 0616 COMSysApp - ok
16:29:15.0854 0616 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:29:15.0854 0616 crcdisk - ok
16:29:15.0885 0616 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:29:15.0885 0616 CryptSvc - ok
16:29:15.0901 0616 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:29:15.0916 0616 CSC - ok
16:29:15.0932 0616 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:29:15.0932 0616 CscService - ok
16:29:15.0947 0616 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:29:15.0963 0616 DcomLaunch - ok
16:29:15.0979 0616 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:29:15.0979 0616 defragsvc - ok
16:29:15.0979 0616 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:29:15.0979 0616 DfsC - ok
16:29:15.0994 0616 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:29:16.0010 0616 Dhcp - ok
16:29:16.0010 0616 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:29:16.0010 0616 discache - ok
16:29:16.0025 0616 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:29:16.0041 0616 Disk - ok
16:29:16.0057 0616 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:29:16.0057 0616 dmvsc - ok
16:29:16.0072 0616 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:29:16.0072 0616 Dnscache - ok
16:29:16.0088 0616 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:29:16.0103 0616 dot3svc - ok
16:29:16.0119 0616 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:29:16.0119 0616 DPS - ok
16:29:16.0135 0616 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:29:16.0135 0616 drmkaud - ok
16:29:16.0166 0616 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:29:16.0213 0616 DXGKrnl - ok
16:29:16.0244 0616 [ E2DB77D7D6CAED9500B270CE3798ADB6 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
16:29:16.0244 0616 eamonm - ok
16:29:16.0259 0616 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:29:16.0259 0616 EapHost - ok
16:29:16.0322 0616 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:29:16.0369 0616 ebdrv - ok
16:29:16.0384 0616 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:29:16.0384 0616 EFS - ok
16:29:16.0415 0616 [ A6C77EBB65D025B826222C6BE6D869F2 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
16:29:16.0415 0616 ehdrv - ok
16:29:16.0462 0616 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:29:16.0462 0616 ehRecvr - ok
16:29:16.0478 0616 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:29:16.0478 0616 ehSched - ok
16:29:16.0556 0616 [ 300367B6DFBEE655831B5AD7A9E3DA39 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:29:16.0556 0616 EhttpSrv - ok
16:29:16.0587 0616 [ 8471F4C783AA72D801A83309F3CBAA37 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
16:29:16.0603 0616 ekrn - ok
16:29:16.0603 0616 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:29:16.0618 0616 elxstor - ok
16:29:16.0618 0616 [ 05A200624310EA382EC8BBFD90330C45 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:29:16.0634 0616 epfwwfpr - ok
16:29:16.0649 0616 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:29:16.0649 0616 ErrDev - ok
16:29:16.0681 0616 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:29:16.0681 0616 EventSystem - ok
16:29:16.0696 0616 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:29:16.0712 0616 exfat - ok
16:29:16.0712 0616 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:29:16.0712 0616 fastfat - ok
16:29:16.0790 0616 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:29:16.0790 0616 Fax - ok
16:29:16.0805 0616 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:29:16.0837 0616 fdc - ok
16:29:16.0837 0616 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:29:16.0837 0616 fdPHost - ok
16:29:16.0852 0616 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:29:16.0852 0616 FDResPub - ok
16:29:16.0852 0616 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:29:16.0852 0616 FileInfo - ok
16:29:16.0868 0616 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:29:16.0868 0616 Filetrace - ok
16:29:16.0883 0616 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:29:16.0899 0616 flpydisk - ok
16:29:16.0899 0616 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:29:16.0899 0616 FltMgr - ok
16:29:16.0930 0616 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:29:16.0930 0616 FontCache - ok
16:29:16.0961 0616 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:29:16.0961 0616 FontCache3.0.0.0 - ok
16:29:16.0977 0616 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:29:16.0977 0616 FsDepends - ok
16:29:17.0008 0616 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:29:17.0024 0616 Fs_Rec - ok
16:29:17.0024 0616 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:29:17.0039 0616 fvevol - ok
16:29:17.0055 0616 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:29:17.0055 0616 gagp30kx - ok
16:29:17.0071 0616 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:29:17.0071 0616 gpsvc - ok
16:29:17.0102 0616 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:29:17.0117 0616 gusvc - ok
16:29:17.0117 0616 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:29:17.0117 0616 hcw85cir - ok
16:29:17.0149 0616 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:29:17.0149 0616 HdAudAddService - ok
16:29:17.0164 0616 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:29:17.0164 0616 HDAudBus - ok
16:29:17.0195 0616 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:29:17.0195 0616 HidBatt - ok
16:29:17.0211 0616 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:29:17.0227 0616 HidBth - ok
16:29:17.0242 0616 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:29:17.0258 0616 HidIr - ok
16:29:17.0273 0616 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:29:17.0273 0616 hidserv - ok
16:29:17.0289 0616 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:29:17.0289 0616 HidUsb - ok
16:29:17.0289 0616 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:29:17.0289 0616 hkmsvc - ok
16:29:17.0305 0616 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:29:17.0305 0616 HomeGroupListener - ok
16:29:17.0336 0616 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:29:17.0336 0616 HomeGroupProvider - ok
16:29:17.0351 0616 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:29:17.0351 0616 HpSAMD - ok
16:29:17.0367 0616 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:29:17.0367 0616 HTTP - ok
16:29:17.0383 0616 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:29:17.0383 0616 hwpolicy - ok
16:29:17.0398 0616 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:29:17.0398 0616 i8042prt - ok
16:29:17.0430 0616 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:29:17.0430 0616 iaStorV - ok
16:29:17.0476 0616 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:29:17.0476 0616 idsvc - ok
16:29:17.0648 0616 [ 60CC34AD19AF2716FF18EC756D55B9AB ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:29:17.0804 0616 igfx - ok
16:29:17.0820 0616 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:29:17.0820 0616 iirsp - ok
16:29:17.0851 0616 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:29:17.0851 0616 IKEEXT - ok
16:29:17.0882 0616 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:29:17.0882 0616 IntcDAud - ok
16:29:17.0898 0616 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:29:17.0913 0616 intelide - ok
16:29:17.0929 0616 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:29:17.0929 0616 intelppm - ok
16:29:17.0929 0616 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:29:17.0929 0616 IPBusEnum - ok
16:29:17.0944 0616 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:29:17.0960 0616 IpFilterDriver - ok
16:29:18.0007 0616 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:29:18.0007 0616 iphlpsvc - ok
16:29:18.0022 0616 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:29:18.0022 0616 IPMIDRV - ok
16:29:18.0022 0616 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:29:18.0022 0616 IPNAT - ok
16:29:18.0038 0616 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:29:18.0038 0616 IRENUM - ok
16:29:18.0054 0616 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:29:18.0085 0616 isapnp - ok
16:29:18.0100 0616 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:29:18.0100 0616 iScsiPrt - ok
16:29:18.0100 0616 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:29:18.0116 0616 kbdclass - ok
16:29:18.0132 0616 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:29:18.0132 0616 kbdhid - ok
16:29:18.0147 0616 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:29:18.0147 0616 KeyIso - ok
16:29:18.0178 0616 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:29:18.0178 0616 KSecDD - ok
16:29:18.0194 0616 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:29:18.0194 0616 KSecPkg - ok
16:29:18.0194 0616 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:29:18.0194 0616 KtmRm - ok
16:29:18.0225 0616 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:29:18.0225 0616 LanmanServer - ok
16:29:18.0241 0616 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:29:18.0241 0616 LanmanWorkstation - ok
16:29:18.0256 0616 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:29:18.0256 0616 lltdio - ok
16:29:18.0272 0616 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:29:18.0272 0616 lltdsvc - ok
16:29:18.0288 0616 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:29:18.0288 0616 lmhosts - ok
16:29:18.0350 0616 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:29:18.0350 0616 LMS - ok
16:29:18.0366 0616 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:29:18.0366 0616 LSI_FC - ok
16:29:18.0381 0616 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:29:18.0381 0616 LSI_SAS - ok
16:29:18.0381 0616 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:29:18.0381 0616 LSI_SAS2 - ok
16:29:18.0397 0616 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:29:18.0397 0616 LSI_SCSI - ok
16:29:18.0397 0616 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:29:18.0397 0616 luafv - ok
16:29:18.0428 0616 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:29:18.0428 0616 MBAMProtector - ok
16:29:18.0459 0616 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:29:18.0459 0616 MBAMScheduler - ok
16:29:18.0475 0616 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:29:18.0490 0616 MBAMService - ok
16:29:18.0490 0616 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:29:18.0506 0616 Mcx2Svc - ok
16:29:18.0568 0616 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:29:18.0568 0616 MDM - ok
16:29:18.0584 0616 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:29:18.0584 0616 megasas - ok
16:29:18.0600 0616 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:29:18.0615 0616 MegaSR - ok
16:29:18.0615 0616 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
16:29:18.0615 0616 MEI - ok
16:29:18.0631 0616 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:29:18.0631 0616 MMCSS - ok
16:29:18.0646 0616 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:29:18.0646 0616 Modem - ok
16:29:18.0678 0616 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:29:18.0693 0616 monitor - ok
16:29:18.0709 0616 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:29:18.0709 0616 mouclass - ok
16:29:18.0724 0616 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:29:18.0724 0616 mouhid - ok
16:29:18.0740 0616 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:29:18.0740 0616 mountmgr - ok
16:29:18.0787 0616 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:29:18.0787 0616 MozillaMaintenance - ok
16:29:18.0787 0616 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:29:18.0787 0616 mpio - ok
16:29:18.0802 0616 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:29:18.0802 0616 mpsdrv - ok
16:29:18.0818 0616 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:29:18.0818 0616 MpsSvc - ok
16:29:18.0834 0616 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:29:18.0834 0616 MRxDAV - ok
16:29:18.0865 0616 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:18.0865 0616 mrxsmb - ok
16:29:18.0865 0616 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:18.0880 0616 mrxsmb10 - ok
16:29:18.0896 0616 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:18.0896 0616 mrxsmb20 - ok
16:29:18.0912 0616 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:29:18.0927 0616 msahci - ok
16:29:18.0927 0616 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:29:18.0927 0616 msdsm - ok
16:29:18.0943 0616 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:29:18.0943 0616 MSDTC - ok
16:29:18.0958 0616 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:29:18.0958 0616 Msfs - ok
16:29:18.0974 0616 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:29:18.0974 0616 mshidkmdf - ok
16:29:18.0990 0616 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:29:18.0990 0616 msisadrv - ok
16:29:19.0005 0616 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:29:19.0005 0616 MSiSCSI - ok
16:29:19.0021 0616 msiserver - ok
16:29:19.0021 0616 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:29:19.0021 0616 MSKSSRV - ok
16:29:19.0036 0616 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:19.0036 0616 MSPCLOCK - ok
16:29:19.0036 0616 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:29:19.0036 0616 MSPQM - ok
16:29:19.0052 0616 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:29:19.0052 0616 MsRPC - ok
16:29:19.0052 0616 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:29:19.0068 0616 mssmbios - ok
16:29:19.0068 0616 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:29:19.0068 0616 MSTEE - ok
16:29:19.0068 0616 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:29:19.0068 0616 MTConfig - ok
16:29:19.0083 0616 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:29:19.0083 0616 Mup - ok
16:29:19.0114 0616 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:29:19.0114 0616 napagent - ok
16:29:19.0130 0616 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:29:19.0130 0616 NativeWifiP - ok
16:29:19.0161 0616 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:29:19.0161 0616 NDIS - ok
16:29:19.0177 0616 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:29:19.0177 0616 NdisCap - ok
16:29:19.0192 0616 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:19.0192 0616 NdisTapi - ok
16:29:19.0208 0616 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:19.0208 0616 Ndisuio - ok
16:29:19.0224 0616 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:19.0239 0616 NdisWan - ok
16:29:19.0255 0616 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:29:19.0270 0616 NDProxy - ok
16:29:19.0333 0616 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
16:29:19.0348 0616 Nero BackItUp Scheduler 3 - ok
16:29:19.0364 0616 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:29:19.0364 0616 NetBIOS - ok
16:29:19.0380 0616 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:29:19.0380 0616 NetBT - ok
16:29:19.0380 0616 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:29:19.0380 0616 Netlogon - ok
16:29:19.0395 0616 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:29:19.0395 0616 Netman - ok
16:29:19.0411 0616 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:29:19.0411 0616 netprofm - ok
16:29:19.0426 0616 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:29:19.0426 0616 NetTcpPortSharing - ok
16:29:19.0458 0616 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:29:19.0458 0616 nfrd960 - ok
16:29:19.0504 0616 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:29:19.0504 0616 NlaSvc - ok
16:29:19.0536 0616 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
16:29:19.0536 0616 NMIndexingService - ok
16:29:19.0551 0616 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:29:19.0551 0616 Npfs - ok
16:29:19.0551 0616 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:29:19.0551 0616 nsi - ok
16:29:19.0582 0616 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:29:19.0582 0616 nsiproxy - ok
16:29:19.0645 0616 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:29:19.0660 0616 Ntfs - ok
16:29:19.0676 0616 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:29:19.0692 0616 Null - ok
16:29:19.0707 0616 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:29:19.0707 0616 nvraid - ok
16:29:19.0723 0616 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:29:19.0723 0616 nvstor - ok
16:29:19.0738 0616 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:29:19.0754 0616 nv_agp - ok
16:29:19.0785 0616 [ 4A0ADB15B198A1222EB6B9D31BF818FC ] NWIM C:\Windows\system32\DRIVERS\avmnwim.sys
16:29:19.0801 0616 NWIM - ok
16:29:19.0848 0616 [ 93996AC3A64FB550506E1EA80DD334EB ] nwtsrv C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
16:29:19.0848 0616 nwtsrv - ok
16:29:19.0863 0616 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:29:19.0863 0616 ohci1394 - ok
16:29:19.0894 0616 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:29:19.0894 0616 ose - ok
16:29:19.0894 0616 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:29:19.0910 0616 p2pimsvc - ok
16:29:19.0910 0616 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:29:19.0910 0616 p2psvc - ok
16:29:19.0926 0616 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:29:19.0926 0616 Parport - ok
16:29:19.0957 0616 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:29:19.0957 0616 partmgr - ok
16:29:19.0972 0616 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:29:19.0972 0616 Parvdm - ok
16:29:19.0972 0616 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:29:19.0988 0616 PcaSvc - ok
16:29:19.0988 0616 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:29:20.0004 0616 pci - ok
16:29:20.0004 0616 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:29:20.0004 0616 pciide - ok
16:29:20.0019 0616 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:29:20.0019 0616 pcmcia - ok
16:29:20.0035 0616 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:29:20.0035 0616 pcw - ok
16:29:20.0050 0616 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:29:20.0066 0616 PEAUTH - ok
16:29:20.0097 0616 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:29:20.0097 0616 PeerDistSvc - ok
16:29:20.0144 0616 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:29:20.0175 0616 pla - ok
16:29:20.0206 0616 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:29:20.0206 0616 PlugPlay - ok
16:29:20.0222 0616 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:29:20.0222 0616 PNRPAutoReg - ok
16:29:20.0222 0616 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:29:20.0222 0616 PNRPsvc - ok
16:29:20.0253 0616 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:29:20.0253 0616 PolicyAgent - ok
16:29:20.0269 0616 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:29:20.0269 0616 Power - ok
16:29:20.0284 0616 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:29:20.0284 0616 PptpMiniport - ok
16:29:20.0300 0616 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:29:20.0300 0616 Processor - ok
16:29:20.0331 0616 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:29:20.0331 0616 ProfSvc - ok
16:29:20.0347 0616 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:29:20.0347 0616 ProtectedStorage - ok
16:29:20.0362 0616 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:29:20.0378 0616 Psched - ok
16:29:20.0394 0616 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:29:20.0425 0616 ql2300 - ok
16:29:20.0440 0616 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:29:20.0440 0616 ql40xx - ok
16:29:20.0440 0616 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:29:20.0440 0616 QWAVE - ok
16:29:20.0456 0616 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:29:20.0456 0616 QWAVEdrv - ok
16:29:20.0456 0616 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:29:20.0456 0616 RasAcd - ok
16:29:20.0472 0616 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:29:20.0472 0616 RasAgileVpn - ok
16:29:20.0487 0616 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:29:20.0487 0616 RasAuto - ok
16:29:20.0503 0616 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:29:20.0503 0616 Rasl2tp - ok
16:29:20.0518 0616 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:29:20.0518 0616 RasMan - ok
16:29:20.0534 0616 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:29:20.0534 0616 RasPppoe - ok
16:29:20.0550 0616 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:29:20.0565 0616 RasSstp - ok
16:29:20.0581 0616 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:29:20.0581 0616 rdbss - ok
16:29:20.0596 0616 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:29:20.0596 0616 rdpbus - ok
16:29:20.0596 0616 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:29:20.0596 0616 RDPCDD - ok
16:29:20.0628 0616 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:29:20.0628 0616 RDPDR - ok
16:29:20.0643 0616 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:29:20.0643 0616 RDPENCDD - ok
16:29:20.0643 0616 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:29:20.0659 0616 RDPREFMP - ok
16:29:20.0690 0616 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:29:20.0690 0616 RDPWD - ok
16:29:20.0706 0616 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:29:20.0706 0616 rdyboost - ok
16:29:20.0737 0616 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:29:20.0737 0616 RemoteAccess - ok
16:29:20.0737 0616 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:29:20.0752 0616 RemoteRegistry - ok
16:29:20.0752 0616 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:29:20.0768 0616 RpcEptMapper - ok
16:29:20.0768 0616 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:29:20.0768 0616 RpcLocator - ok
16:29:20.0784 0616 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:29:20.0784 0616 RpcSs - ok
16:29:20.0799 0616 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:29:20.0799 0616 rspndr - ok
16:29:20.0830 0616 [ 9C5DA0BC3301DFCA399056FD9ADCA413 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:29:20.0862 0616 RTL8167 - ok
16:29:20.0877 0616 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:29:20.0877 0616 s3cap - ok
16:29:20.0877 0616 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:29:20.0877 0616 SamSs - ok
16:29:20.0908 0616 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:29:20.0924 0616 sbp2port - ok
16:29:20.0940 0616 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:29:20.0940 0616 SCardSvr - ok
16:29:20.0955 0616 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:29:20.0955 0616 scfilter - ok
16:29:20.0971 0616 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:29:20.0971 0616 Schedule - ok
16:29:20.0986 0616 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:29:20.0986 0616 SCPolicySvc - ok
16:29:21.0002 0616 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:29:21.0002 0616 SDRSVC - ok
16:29:21.0018 0616 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:29:21.0033 0616 secdrv - ok
16:29:21.0049 0616 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:29:21.0049 0616 seclogon - ok
16:29:21.0064 0616 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:29:21.0064 0616 SENS - ok
16:29:21.0080 0616 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:29:21.0080 0616 SensrSvc - ok
16:29:21.0080 0616 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:29:21.0080 0616 Serenum - ok
16:29:21.0096 0616 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:29:21.0096 0616 Serial - ok
16:29:21.0111 0616 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:29:21.0111 0616 sermouse - ok
16:29:21.0111 0616 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:29:21.0127 0616 SessionEnv - ok
16:29:21.0127 0616 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:29:21.0127 0616 sffdisk - ok
16:29:21.0127 0616 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:29:21.0127 0616 sffp_mmc - ok
16:29:21.0142 0616 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:29:21.0142 0616 sffp_sd - ok
16:29:21.0142 0616 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:29:21.0158 0616 sfloppy - ok
16:29:21.0174 0616 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:29:21.0189 0616 SharedAccess - ok
16:29:21.0205 0616 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:29:21.0205 0616 ShellHWDetection - ok
16:29:21.0220 0616 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:29:21.0236 0616 sisagp - ok
16:29:21.0252 0616 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:29:21.0252 0616 SiSRaid2 - ok
16:29:21.0252 0616 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:29:21.0252 0616 SiSRaid4 - ok
16:29:21.0267 0616 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:29:21.0267 0616 Smb - ok
16:29:21.0267 0616 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:29:21.0267 0616 SNMPTRAP - ok
16:29:21.0283 0616 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:29:21.0283 0616 spldr - ok
16:29:21.0298 0616 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:29:21.0298 0616 Spooler - ok
16:29:21.0345 0616 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:29:21.0361 0616 sppsvc - ok
16:29:21.0392 0616 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:29:21.0392 0616 sppuinotify - ok
16:29:21.0408 0616 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:29:21.0408 0616 srv - ok
16:29:21.0423 0616 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:29:21.0423 0616 srv2 - ok
16:29:21.0439 0616 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:29:21.0439 0616 srvnet - ok
16:29:21.0454 0616 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:29:21.0454 0616 SSDPSRV - ok
16:29:21.0454 0616 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:29:21.0470 0616 SstpSvc - ok
16:29:21.0470 0616 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:29:21.0486 0616 stexstor - ok
16:29:21.0517 0616 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:29:21.0517 0616 StiSvc - ok
16:29:21.0548 0616 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:29:21.0548 0616 storflt - ok
16:29:21.0564 0616 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:29:21.0564 0616 StorSvc - ok
16:29:21.0579 0616 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:29:21.0579 0616 storvsc - ok
16:29:21.0579 0616 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:29:21.0579 0616 swenum - ok
16:29:21.0595 0616 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:29:21.0610 0616 swprv - ok
16:29:21.0626 0616 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:29:21.0642 0616 SysMain - ok
16:29:21.0673 0616 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:29:21.0673 0616 TabletInputService - ok
16:29:21.0673 0616 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:29:21.0673 0616 TapiSrv - ok
16:29:21.0688 0616 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:29:21.0688 0616 TBS - ok
16:29:21.0751 0616 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:29:21.0798 0616 Tcpip - ok
16:29:21.0829 0616 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:29:21.0829 0616 TCPIP6 - ok
16:29:21.0844 0616 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:29:21.0860 0616 tcpipreg - ok
16:29:21.0860 0616 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:29:21.0876 0616 TDPIPE - ok
16:29:21.0907 0616 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:29:21.0907 0616 TDTCP - ok
16:29:21.0907 0616 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:29:21.0907 0616 tdx - ok
16:29:22.0016 0616 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:29:22.0032 0616 TeamViewer7 - ok
16:29:22.0063 0616 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:29:22.0063 0616 TermDD - ok
16:29:22.0078 0616 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:29:22.0094 0616 TermService - ok
16:29:22.0110 0616 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:29:22.0110 0616 Themes - ok
16:29:22.0125 0616 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:29:22.0125 0616 THREADORDER - ok
16:29:22.0125 0616 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:29:22.0141 0616 TrkWks - ok
16:29:22.0156 0616 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:29:22.0156 0616 TrustedInstaller - ok
16:29:22.0172 0616 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:22.0172 0616 tssecsrv - ok
16:29:22.0172 0616 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:29:22.0188 0616 TsUsbFlt - ok
16:29:22.0188 0616 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:29:22.0188 0616 TsUsbGD - ok
16:29:22.0203 0616 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:29:22.0203 0616 tunnel - ok
16:29:22.0203 0616 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:29:22.0219 0616 uagp35 - ok
16:29:22.0234 0616 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:29:22.0250 0616 udfs - ok
16:29:22.0281 0616 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:29:22.0281 0616 UI0Detect - ok
16:29:22.0297 0616 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:29:22.0312 0616 uliagpkx - ok
16:29:22.0328 0616 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:29:22.0328 0616 umbus - ok
16:29:22.0344 0616 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:29:22.0344 0616 UmPass - ok
16:29:22.0359 0616 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:29:22.0359 0616 UmRdpService - ok
16:29:22.0437 0616 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:29:22.0453 0616 UNS - ok
16:29:22.0484 0616 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:29:22.0484 0616 upnphost - ok
16:29:22.0515 0616 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:29:22.0515 0616 usbccgp - ok
16:29:22.0531 0616 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:29:22.0531 0616 usbcir - ok
16:29:22.0546 0616 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:29:22.0546 0616 usbehci - ok
16:29:22.0562 0616 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:29:22.0578 0616 usbhub - ok
16:29:22.0593 0616 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:29:22.0593 0616 usbohci - ok
16:29:22.0609 0616 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:29:22.0609 0616 usbprint - ok
16:29:22.0624 0616 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:22.0624 0616 USBSTOR - ok
16:29:22.0640 0616 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:29:22.0640 0616 usbuhci - ok
16:29:22.0640 0616 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:29:22.0640 0616 UxSms - ok
16:29:22.0656 0616 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:29:22.0656 0616 VaultSvc - ok
16:29:22.0656 0616 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:29:22.0671 0616 vdrvroot - ok
16:29:22.0687 0616 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:29:22.0687 0616 vds - ok
16:29:22.0702 0616 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:22.0702 0616 vga - ok
16:29:22.0718 0616 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:29:22.0718 0616 VgaSave - ok
16:29:22.0718 0616 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:29:22.0718 0616 vhdmp - ok
16:29:22.0734 0616 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:29:22.0734 0616 viaagp - ok
16:29:22.0734 0616 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:29:22.0749 0616 ViaC7 - ok
16:29:22.0749 0616 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:29:22.0749 0616 viaide - ok
16:29:22.0765 0616 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:29:22.0765 0616 vmbus - ok
16:29:22.0780 0616 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:29:22.0780 0616 VMBusHID - ok
16:29:22.0796 0616 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:29:22.0812 0616 volmgr - ok
16:29:22.0812 0616 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:29:22.0827 0616 volmgrx - ok
16:29:22.0827 0616 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:29:22.0827 0616 volsnap - ok
16:29:22.0858 0616 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:29:22.0858 0616 vsmraid - ok
16:29:22.0890 0616 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:29:22.0890 0616 VSS - ok
16:29:22.0905 0616 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:29:22.0921 0616 vwifibus - ok
16:29:22.0936 0616 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:29:22.0936 0616 W32Time - ok
16:29:22.0952 0616 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:29:22.0952 0616 WacomPen - ok
16:29:22.0952 0616 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:29:22.0952 0616 WANARP - ok
16:29:22.0952 0616 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:29:22.0952 0616 Wanarpv6 - ok
16:29:22.0983 0616 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:29:22.0999 0616 wbengine - ok
16:29:23.0014 0616 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:29:23.0014 0616 WbioSrvc - ok
16:29:23.0030 0616 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:29:23.0030 0616 wcncsvc - ok
16:29:23.0030 0616 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:29:23.0030 0616 WcsPlugInService - ok
16:29:23.0030 0616 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:29:23.0046 0616 Wd - ok
16:29:23.0077 0616 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:29:23.0077 0616 Wdf01000 - ok
16:29:23.0077 0616 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:29:23.0092 0616 WdiServiceHost - ok
16:29:23.0092 0616 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:29:23.0092 0616 WdiSystemHost - ok
16:29:23.0092 0616 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:29:23.0108 0616 WebClient - ok
16:29:23.0108 0616 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:29:23.0108 0616 Wecsvc - ok
16:29:23.0108 0616 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:29:23.0124 0616 wercplsupport - ok
16:29:23.0124 0616 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:29:23.0139 0616 WerSvc - ok
16:29:23.0139 0616 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:23.0139 0616 WfpLwf - ok
16:29:23.0155 0616 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:29:23.0155 0616 WIMMount - ok
16:29:23.0202 0616 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:29:23.0217 0616 WinDefend - ok
16:29:23.0217 0616 WinHttpAutoProxySvc - ok
16:29:23.0264 0616 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:29:23.0264 0616 Winmgmt - ok
16:29:23.0311 0616 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:29:23.0326 0616 WinRM - ok
16:29:23.0373 0616 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:29:23.0389 0616 Wlansvc - ok
16:29:23.0420 0616 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:29:23.0420 0616 WmiAcpi - ok
16:29:23.0420 0616 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:29:23.0436 0616 wmiApSrv - ok
16:29:23.0467 0616 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:29:23.0467 0616 WMPNetworkSvc - ok
16:29:23.0482 0616 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:29:23.0482 0616 WPCSvc - ok
16:29:23.0498 0616 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:29:23.0498 0616 WPDBusEnum - ok
16:29:23.0514 0616 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:29:23.0514 0616 ws2ifsl - ok
16:29:23.0529 0616 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:29:23.0529 0616 wscsvc - ok
16:29:23.0560 0616 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:29:23.0560 0616 WSDPrintDevice - ok
16:29:23.0560 0616 WSearch - ok
16:29:23.0623 0616 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:29:23.0638 0616 wuauserv - ok
16:29:23.0638 0616 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:29:23.0654 0616 WudfPf - ok
16:29:23.0670 0616 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:23.0670 0616 WUDFRd - ok
16:29:23.0685 0616 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:29:23.0685 0616 wudfsvc - ok
16:29:23.0701 0616 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:29:23.0701 0616 WwanSvc - ok
16:29:23.0701 0616 ================ Scan global ===============================
16:29:23.0716 0616 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:29:23.0732 0616 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:29:23.0748 0616 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:29:23.0763 0616 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:29:23.0763 0616 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:29:23.0779 0616 [Global] - ok
16:29:23.0779 0616 ================ Scan MBR ==================================
16:29:23.0779 0616 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:29:23.0919 0616 \Device\Harddisk0\DR0 - ok
16:29:23.0919 0616 ================ Scan VBR ==================================
16:29:23.0935 0616 [ 7447CE207D2D7A6A27619331176F0CAE ] \Device\Harddisk0\DR0\Partition1
16:29:23.0935 0616 \Device\Harddisk0\DR0\Partition1 - ok
16:29:23.0950 0616 [ 8CB480DE8A62D37D5290F148783E4363 ] \Device\Harddisk0\DR0\Partition2
16:29:23.0950 0616 \Device\Harddisk0\DR0\Partition2 - ok
16:29:23.0950 0616 ============================================================
16:29:23.0950 0616 Scan finished
16:29:23.0950 0616 ============================================================
16:29:23.0950 3644 Detected object count: 0
16:29:23.0950 3644 Actual detected object count: 0
16:29:54.0121 3808 Deinitialize success


Alt 12.12.2012, 20:52   #6
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Warum hast du Combofix ohne Anweisung laufen lassen ?

Poste mir bitte die C:\Combofix.txt
__________________
--> Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert

Alt 12.12.2012, 21:36   #7
ollimojo
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Hallo,

was ist combofix?

Ich bin Ihrer Anleitung gefolgt:
1. ServiceRepair.exe + NEUSTART
2. Farbar's Service Scanner
3. TDSSKiller.exe

Irgend wann zwischen den Punkte 1-3 lief das Sicherheitscenter, etc. wieder...
ggf. war es auch die "ServiceRepair.exe", jene das Problem beseitigt hat?

"Combofix" kenne ich nicht und war nicht in Ihrer Anleitung...

Alt 13.12.2012, 06:32   #8
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Erklärst du mir dann, warum ich Combofix relevante Einträge vom 11.12 in deinen Logfiles sehe ?
Zitat:
[2012.12.11 18:38:56 | 000,000,000 | --SD | C] -- C:\cofi


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 13.12.2012, 08:25   #9
ollimojo
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Hallo,

ah sry.
Bevor ich mich an dieses Forum angemeldet habe um kompetente Hilfe für mein Problem zu finden, habe ich selbst versucht dem Problem Herr zu werden.


Alt 13.12.2012, 21:02   #10
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



und ich warte immer noch auf die Logfile
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 16.12.2012, 17:14   #11
Larusso
/// Selecta Jahrusso
 
Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Standard

Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
adobe, antivirus, bho, deaktiviert, defender, error, eset nod32, excel, explorer, firefox, flash player, format, google, helper, install.exe, keine viren, logfile, mozilla, realtek, redirect, registry, rundll, scan, security, sicherheitscenter, software, svchost.exe, udp, usb 3.0, viren, windows



Ähnliche Themen: Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
    Log-Analyse und Auswertung - 07.08.2013 (25)
  3. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  4. Google Redirect ? Suchergebnisse werden auf andere Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (7)
  5. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  6. Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 20.01.2013 (21)
  7. Google Suchergebnisse führen auf Werbeseiten, sowie dauerhafte Deaktivierung Windows Sicherheitscenter
    Log-Analyse und Auswertung - 10.01.2013 (5)
  8. Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen
    Log-Analyse und Auswertung - 26.12.2012 (32)
  9. Redirect bei Google-Suchergebnissen und kein Einschalten von Windows-Sicherheitscenter möglich
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  10. Google Redirect, Windows Sicherheitscenter inaktiv
    Log-Analyse und Auswertung - 20.04.2012 (22)
  11. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  12. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  13. Windows Sicherheitscenter gesperrt/ Google redirect Trojaner
    Log-Analyse und Auswertung - 24.06.2011 (19)
  14. goingonearth Redirect & Windows Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 21.06.2011 (24)
  15. Google redirect / Sicherheitscenter nicht aktivierbar
    Log-Analyse und Auswertung - 14.04.2011 (20)
  16. Sicherheitscenter deaktiviert sich von selbst (Win7), Wiederherstellung nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (4)
  17. Sicherheitscenter und Defender werden deaktiviert win7
    Log-Analyse und Auswertung - 08.04.2011 (20)

Zum Thema Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert - Hallo, mein Win7 Sicherheitscenter ist deaktiviert und deaktiviert sich nach aktivieren sofort wieder automatisch. MS Security Essentials habe ich deainstalliert und ESET NOD installiert. Es wurden keine Viren, etc. gefunden. - Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert...
Archiv
Du betrachtest: Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.