Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.12.2012, 16:08   #1
maxzZ
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hallo zusammen,

wie der Titel schon sagt, ist im Taskmanager mehrfach (ca. 10mal) eine Update.exe vorhanden, die sich immer wieder selbst beendet und neu startet. Habe also keine Möglichkeit die Programme selbst zu beenden. Die CPU Leistung liegt dementsprechend bei durchgehend 99%. Neben dem Mauszeiger "dreht" sich auch andauernd das "Laderädchen". Außerdem kann ich avira nicht mehr updaten, es kommt die Fehlermeldung "Zugriff verweigert". Wenn ich den Virenscanner komplett neu installieren möchte, wirft er folgende Fehlermeldung aus "Die Installation des Microsoft Runtime Redistributable Kit ist fehlgeschlagen"

Beim Windows Update gibt es das selbe Problem, er versucht zu installieren, bricht dann aber mit Fehlermeldung ab. "Unbekannter Fehler; Code 80070490, 80004005 und 641"

Der Online Scan von Bitdefender fand keinen Virus!

Habe das Problem auch schon gegoogelt und in einem anderen Forum (hxxp://www.windows-seven-forum.de/pc-laedt-ohne-pause-update-exe-windows-task-manager-um-15mal-hilfe-5441.html) das gleiche Problem gefunden. Nachdem dort aber damals nach kurzem hin und her eine Formatierung empfohlen wurde, wollte ich mein Problem lieber hier schildern.

Im voraus schonmal Besten Dank!

Mfg

Anbei das OTL und Extras Ergebnis


OTL.exe:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/26/2012 3:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.00% Memory free
7.59 Gb Paging File | 5.37 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 124.41 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 113.20 Gb Total Space | 113.11 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
 
Computer Name: ***-MSI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/12/26 15:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/12/26 14:35:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/15 07:16:48 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
PRC - [2012/08/08 18:43:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 16:14:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 16:14:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/09 20:20:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/05 01:00:28 | 002,486,272 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2010/05/16 22:40:00 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010/05/05 15:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/26 14:35:32 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/08/31 11:59:23 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 11:59:19 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/04/23 23:35:09 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 23:32:36 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/03/09 20:20:31 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/11 00:31:42 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/11 00:31:41 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/11 00:31:40 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/12/25 21:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/05 02:58:10 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/05 02:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/05 02:57:46 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2010/06/12 02:25:21 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/06/12 02:25:21 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010/06/12 02:24:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/05/17 20:56:42 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
MOD - [2010/05/04 18:59:00 | 000,182,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 22:14:46 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 22:14:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 22:14:43 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/01/19 16:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/01/19 16:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/12/26 14:35:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/10 16:14:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 16:14:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/05 15:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl)
DRV:64bit: - [2012/05/10 16:14:58 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/10 16:14:58 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 00:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 13:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/01/13 01:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/12/05 02:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR)
DRV:64bit: - [2009/11/18 15:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 22:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/10/13 07:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS -- (usbscan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {380034B8-F238-4333-838A-E5EB888D7533}
IE:64bit: - HKLM\..\SearchScopes\{380034B8-F238-4333-838A-E5EB888D7533}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{A5E7E3BF-B635-4287-B993-8A2C67E952C1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 EF 73 49 03 43 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC831CAF-00EE-4109-BEEA-2593CC49DCD8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8w92edoG&i=26
IE - HKCU\..\SearchScopes\{D88FF337-8AF0-47F3-BD11-B36AFE66BC1C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=017A45B1-70F8-426D-B6A5-CDA740A8E25D&apn_sauid=396BD4B1-C133-4303-A974-27C8FA1D8EC9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/26 15:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 06:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/26 15:23:16 | 000,000,000 | ---D | M]
 
[2011/04/07 19:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012/12/26 14:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkqkoh5v.default\extensions
[2012/12/26 14:38:50 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkqkoh5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/01/14 09:04:32 | 002,203,212 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\extensions\glowyblue-ff3-30@glowplug.bitasylum.net.xpi
[2012/12/12 08:05:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/12/15 09:21:16 | 000,002,403 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\askcom.xml
[2012/06/16 06:52:23 | 000,002,203 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\MyStart Search.xml
[2012/10/03 16:56:21 | 000,002,385 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\Web Search.xml
[2012/11/29 16:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/01 04:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/29 16:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/03/09 20:20:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 19:39:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/05 19:39:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/05 19:39:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/05 19:39:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EPSON SX130 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\windows\TEMP\E_S9D67.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D15FE74-8863-40C7-813D-A2571063F8F2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B772ABA1-532A-45F9-8F2E-7CC27989F827}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/26 15:26:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/12/26 15:10:23 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/12/26 15:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/12/26 15:08:51 | 010,560,184 | ---- | C] (McAfee Inc.) -- C:\Users\***\Desktop\stinger.exe
[2012/12/26 14:56:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups
[2012/12/26 14:52:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012/12/26 14:38:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2012/12/26 14:32:16 | 000,000,000 | ---D | C] -- C:\783e0b3541d7555f36
[2012/12/26 14:07:00 | 000,000,000 | ---D | C] -- C:\b8468f5195f3d8a1b1
[2012/12/26 08:33:54 | 029,304,496 | ---- | C] (Skype Technologies S.A.) -- C:\Users\***\Documents\Skype126SetupFull.exe
[2012/12/15 20:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/15 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/29 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/29 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/11/29 09:09:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DATEN
[2012/11/29 09:08:54 | 000,225,280 | ---- | C] (SC-Soft Stuttgart) -- C:\Users\***\Desktop\Systole.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/26 15:27:43 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/12/26 15:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/12/26 15:26:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012/12/26 15:19:58 | 000,000,038 | RH-- | M] () -- C:\Users\***\Desktop\stinger.opt
[2012/12/26 15:15:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/26 15:10:23 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/12/26 15:08:55 | 010,560,184 | ---- | M] (McAfee Inc.) -- C:\Users\***\Desktop\stinger.exe
[2012/12/26 15:02:19 | 000,009,812 | ---- | M] () -- C:\Users\***\Desktop\hijackthis2
[2012/12/26 14:56:54 | 000,009,787 | ---- | M] () -- C:\Users\***\Desktop\hijackthis1
[2012/12/26 14:52:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012/12/26 14:27:07 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:27:05 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:18:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/26 14:18:37 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/26 13:19:07 | 105,661,272 | ---- | M] () -- C:\Users\***\Desktop\avira_free_antivirus_2890de.exe
[2012/12/26 08:34:00 | 029,304,496 | ---- | M] (Skype Technologies S.A.) -- C:\Users\***\Documents\Skype126SetupFull.exe
[2012/12/24 10:36:20 | 004,026,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/24 10:36:20 | 000,699,570 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2012/12/24 10:36:20 | 000,698,594 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2012/12/24 10:36:20 | 000,694,248 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2012/12/24 10:36:20 | 000,669,636 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/12/24 10:36:20 | 000,621,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/24 10:36:20 | 000,141,752 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2012/12/24 10:36:20 | 000,135,162 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/12/24 10:36:20 | 000,134,830 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2012/12/24 10:36:20 | 000,131,834 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2012/12/24 10:36:20 | 000,111,078 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/23 08:01:20 | 000,272,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/15 20:30:14 | 000,002,507 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/09 19:44:46 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/11/28 16:37:59 | 000,252,459 | ---- | M] () -- C:\Users\***\Documents\telekomrechnung  Nov 12.eml
[2012/11/28 16:37:57 | 000,001,942 | ---- | M] () -- C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml
 
========== Files Created - No Company Name ==========
 
[2012/12/26 15:27:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/12/26 15:26:07 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012/12/26 15:19:58 | 000,000,038 | RH-- | C] () -- C:\Users\***\Desktop\stinger.opt
[2012/12/26 15:02:19 | 000,009,812 | ---- | C] () -- C:\Users\***\Desktop\hijackthis2
[2012/12/26 14:56:54 | 000,009,787 | ---- | C] () -- C:\Users\***\Desktop\hijackthis1
[2012/12/26 12:08:10 | 105,661,272 | ---- | C] () -- C:\Users\***\Desktop\avira_free_antivirus_2890de.exe
[2012/12/15 20:30:14 | 000,002,507 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/09 19:44:46 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/11/28 16:37:56 | 000,252,459 | ---- | C] () -- C:\Users\***\Documents\telekomrechnung  Nov 12.eml
[2012/11/28 16:37:56 | 000,001,942 | ---- | C] () -- C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml
[2012/06/14 14:31:19 | 000,007,441 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012/03/31 11:33:20 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/28 15:54:58 | 000,155,648 | ---- | C] () -- C:\windows\SysWow64\daspi32u.dll
[2012/01/28 15:54:58 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\PF1800LC.Dll
[2012/01/28 15:54:58 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\IO_PORT.DLL
[2012/01/28 15:54:58 | 000,102,400 | ---- | C] () -- C:\windows\SysWow64\FVC.DLL
[2012/01/28 15:54:58 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\PWiaExt.dll
[2012/01/28 15:54:58 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\SQ1394.DLL
[2012/01/28 15:54:58 | 000,010,624 | ---- | C] () -- C:\windows\SysWow64\GENEUSB.SYS
[2012/01/28 15:54:58 | 000,010,624 | ---- | C] () -- C:\windows\SysWow64\drivers\GENEUSB.SYS
[2012/01/28 15:54:57 | 000,000,234 | ---- | C] () -- C:\windows\Scanner.ini
[2011/10/23 17:43:54 | 004,020,924 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/14 19:41:28 | 000,000,288 | ---- | C] () -- C:\Users\***\AppData\Roaming\.backup.dm
[2011/07/30 13:55:27 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/30 13:55:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5515461936.sys
[2011/07/19 19:57:28 | 000,001,480 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011/05/14 15:51:31 | 000,000,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\devices.xml
[2011/05/14 15:51:31 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\settings.xml
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/05/04 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012/03/24 10:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011/11/28 20:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/12/22 15:19:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dp3d
[2012/09/16 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012/09/16 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/29 21:02:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2011/10/29 20:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2012/03/25 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011/05/14 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ordner HP Share-to-Web
[2012/01/28 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PIE
[2012/03/17 20:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrintCreations
[2012/12/26 14:38:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011/04/26 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012/08/05 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/10/29 08:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/10/23 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 857 bytes -> C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml:OECustomProperty
@Alternate Data Stream - 1141 bytes -> C:\Users\***\Documents\telekomrechnung  Nov 12.eml:OECustomProperty

< End of report >
         
--- --- ---


Extras.exe:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/26/2012 3:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.00% Memory free
7.59 Gb Paging File | 5.37 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 124.41 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 113.20 Gb Total Space | 113.11 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
 
Computer Name: ***-MSI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064CD3E-B2B4-43A3-B74B-39A7FD2CFF73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0B6AA3D3-AE79-4DBF-9486-CB30A503D9CB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0D4D6273-48BA-4D88-AEF4-FCBEE1D32E0F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{10BD7699-003E-4DB4-902A-4DF30380A2F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11D430CA-F8FE-4CD1-B258-E16D75AAF975}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{24FAC532-B9F4-49BB-975C-E548A0B302C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24FBD992-1B91-4A7B-80CA-EA3209A1D54D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47E659A9-7888-43B4-A7A4-E6BF484BA0B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{483D378B-203B-4F72-8A8B-45930E08F2A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59AD3907-36C9-481C-BE23-312F35116ABC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5D0F7A77-1B74-4F21-99F1-17E3F4DEEE37}" = rport=139 | protocol=6 | dir=out | app=system | 
"{62D7EE38-EA9E-4968-B427-3CB3987B0E6F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63FCFB03-B951-4FC3-BC91-2C7D26B98867}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E59E708-7391-4EE4-BF06-CEBDA9569E62}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7991D8DC-B3D3-4967-8047-48B90F5BA100}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8C43CE20-774C-497D-AD02-6FE0160C5A7A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{924733FE-4A91-4F54-BB71-1E62057BB747}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A1135D0A-62CE-4307-95D9-8212D95F797C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A9A2127E-73AD-4A34-ADEA-D375613854C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DE4FF665-62B9-4EFB-84CE-82492DFD1A71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E2A14242-D391-4422-AB7C-06232E492D8A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EFF2D896-0C67-47C9-86DA-617F1774136B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7B631D6-8BD7-42C9-B32B-65939D37D933}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F239C9-921F-463D-BDCE-8789067F5EC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{277BB23E-ACC7-44D6-8A1A-707951EF885F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FB9CA31-3652-4BD6-AFBC-862DBD84A701}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3D74E3A7-E561-4D21-A707-D134B2605F21}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{4212B709-FAB2-4D0B-AB7C-27A7B8658A72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{589E34E2-42F4-403A-9306-FF27CBA51DD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C71BBE2-50B9-4D8A-9E64-13410C30019D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D91941B-3B0B-49CD-A99A-5A1E33D8229F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74BB3EEE-A32A-45EC-B03E-04D85521FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{752FA36D-8D7A-4FDB-B07D-2C823282FFF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{99602368-BA70-4909-A170-CD5F1855A2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DC296F2-DB15-4AD6-9074-14AC361A679F}" = protocol=6 | dir=out | app=system | 
"{AA508B36-8F65-4C8D-84B1-04FB60C9C8E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B3C4D85D-C8E6-4863-A250-AA382664A20F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4DA8010-CE01-4A57-B7EF-7828A0AF7C11}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CD70671A-07D3-4ED6-A696-C85C276846B3}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{D4795359-97A3-439A-9FE7-98AE70307C04}" = protocol=17 | dir=in | app=c:\users\***\downloads\phone\skype.exe | 
"{DB9C5BA7-821E-4818-B69D-A9FA26816970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DC66107E-65A6-4C2E-BFF8-15B76CA641D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DD23D6E7-8C4B-4C66-BEB9-75E27033A29E}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{E16B00AD-0A95-4B9E-94E5-2EE1533CEB03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE70D7CD-9357-4679-B1F1-98AE8298CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEC3BCED-7033-443D-80DD-69C33CA78AD9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F083592C-5897-4C14-89F6-CD58E66BA16A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F5A96CC5-7EE7-4A8F-8171-BBB933AA1320}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F8AEF11F-1C94-423F-8032-658BBB965C8D}" = protocol=6 | dir=in | app=c:\users\***\downloads\phone\skype.exe | 
"TCP Query User{BA3B41E2-BFEA-4D69-9342-612B886CB718}C:\users\***\downloads\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\phone\skype.exe | 
"UDP Query User{E1068DEC-003B-46C0-87A9-F1F394979C56}C:\users\***\downloads\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64)
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}" = ArcSoft Print Creations
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9F0B814-4CBE-4DE2-83B2-C0D770CF9CA6}" = ArcSoft MediaImpression
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68427C2-8322-8ACC-99B8-55615C2FB450}" = simfy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup" = DivX-Setup
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA.Updatus" = NVIDIA Updatus
"Picasa 3" = Picasa 3
"Simfy" = simfy
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
 ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
 DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
 während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
 enthalten.
 
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
 ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
 DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
 während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
 enthalten.
 
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
 ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
 DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
 während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
 enthalten.
 
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
 ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
 DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
 während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
 enthalten.
 
Error - 12/24/2012 2:54:36 AM | Computer Name = ***-msi | Source = Customer Experience Improvement Program | ID = 1006
Description = 
 
Error - 12/24/2012 3:51:56 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
Error - 12/24/2012 3:52:13 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
Error - 12/24/2012 3:52:15 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
Error - 12/24/2012 3:52:22 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
Error - 12/24/2012 3:52:31 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
Error - 12/24/2012 3:52:39 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description = 
 
[ System Events ]
Error - 12/26/2012 9:27:51 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80004005 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
 
Error - 12/26/2012 9:28:21 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656351)
 
Error - 12/26/2012 9:28:37 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2604121)
 
Error - 12/26/2012 9:28:48 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
 x64-basierte Systeme
 
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2686827)
 
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2667402)
 
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80004005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2603229)
 
Error - 12/26/2012 9:29:39 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2468871)
 
Error - 12/26/2012 9:31:33 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 12/26/2012 10:10:26 AM | Computer Name = ***-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---

Geändert von maxzZ (26.12.2012 um 16:17 Uhr)

Alt 27.12.2012, 13:33   #2
markusg
/// Malware-holic
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,
hatt der stinger, oder eines der anderen Programme was gefunden?
bitte unter Win7 bzw Vista kein HijackThis nutzen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 27.12.2012, 15:48   #3
maxzZ
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,

der stinger hatte nichts gefunden.

Beim posten hat gerade der Akku versagt, obwohl er noch 60% Ladung hatte. Habe das Notebook jetzt nur am Strom --> Keine Update.exe, keine 99% CPU Auslastung. Gibts sowas?

tdss killer hat anscheinend was gefunden.

Code:
ATTFilter
15:43:36.0655 5772  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:43:36.0951 5772  ============================================================
15:43:36.0951 5772  Current date / time: 2012/12/27 15:43:36.0951
15:43:36.0951 5772  SystemInfo:
15:43:36.0951 5772  
15:43:36.0951 5772  OS Version: 6.1.7601 ServicePack: 0.0
15:43:36.0951 5772  Product type: Workstation
15:43:36.0951 5772  ComputerName: DAUM-MSI
15:43:36.0951 5772  UserName: daum
15:43:36.0951 5772  Windows directory: C:\windows
15:43:36.0951 5772  System windows directory: C:\windows
15:43:36.0951 5772  Running under WOW64
15:43:36.0951 5772  Processor architecture: Intel x64
15:43:36.0951 5772  Number of processors: 4
15:43:36.0951 5772  Page size: 0x1000
15:43:36.0951 5772  Boot type: Normal boot
15:43:36.0951 5772  ============================================================
15:43:37.0762 5772  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:37.0778 5772  ============================================================
15:43:37.0778 5772  \Device\Harddisk0\DR0:
15:43:37.0794 5772  MBR partitions:
15:43:37.0794 5772  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000
15:43:37.0794 5772  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x171C9800, BlocksNum 0xE264800
15:43:37.0794 5772  ============================================================
15:43:37.0981 5772  C: <-> \Device\Harddisk0\DR0\Partition1
15:43:38.0106 5772  D: <-> \Device\Harddisk0\DR0\Partition2
15:43:38.0106 5772  ============================================================
15:43:38.0106 5772  Initialize success
15:43:38.0106 5772  ============================================================
15:44:07.0434 4444  ============================================================
15:44:07.0434 4444  Scan started
15:44:07.0434 4444  Mode: Manual; SigCheck; TDLFS; 
15:44:07.0434 4444  ============================================================
15:44:15.0858 4444  ================ Scan system memory ========================
15:44:15.0858 4444  System memory - ok
15:44:15.0858 4444  ================ Scan services =============================
15:44:16.0170 4444  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
15:44:16.0326 4444  1394ohci - ok
15:44:16.0887 4444  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:44:17.0106 4444  ACDaemon - ok
15:44:17.0168 4444  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
15:44:17.0199 4444  ACPI - ok
15:44:17.0293 4444  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
15:44:17.0558 4444  AcpiPmi - ok
15:44:17.0854 4444  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:17.0901 4444  AdobeFlashPlayerUpdateSvc - ok
15:44:18.0026 4444  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
15:44:18.0276 4444  adp94xx - ok
15:44:18.0666 4444  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
15:44:18.0697 4444  adpahci - ok
15:44:18.0697 4444  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
15:44:18.0759 4444  adpu320 - ok
15:44:18.0837 4444  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:44:18.0978 4444  AeLookupSvc - ok
15:44:19.0087 4444  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\windows\syswow64\drivers\Afc.sys
15:44:19.0102 4444  Afc - ok
15:44:19.0227 4444  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
15:44:19.0336 4444  AFD - ok
15:44:19.0368 4444  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\DRIVERS\agp440.sys
15:44:19.0399 4444  agp440 - ok
15:44:19.0430 4444  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
15:44:19.0508 4444  ALG - ok
15:44:19.0586 4444  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
15:44:19.0617 4444  aliide - ok
15:44:19.0648 4444  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\DRIVERS\amdide.sys
15:44:19.0648 4444  amdide - ok
15:44:19.0711 4444  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
15:44:19.0758 4444  AmdK8 - ok
15:44:19.0758 4444  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
15:44:19.0804 4444  AmdPPM - ok
15:44:19.0867 4444  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:44:19.0882 4444  amdsata - ok
15:44:19.0898 4444  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
15:44:19.0914 4444  amdsbs - ok
15:44:19.0945 4444  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:44:19.0960 4444  amdxata - ok
15:44:21.0786 4444  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:44:21.0832 4444  AntiVirSchedulerService - ok
15:44:21.0879 4444  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:44:21.0895 4444  AntiVirService - ok
15:44:22.0347 4444  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
15:44:23.0923 4444  AppID - ok
15:44:23.0954 4444  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:44:24.0126 4444  AppIDSvc - ok
15:44:24.0344 4444  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
15:44:24.0640 4444  Appinfo - ok
15:44:24.0687 4444  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
15:44:24.0718 4444  arc - ok
15:44:24.0750 4444  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
15:44:24.0796 4444  arcsas - ok
15:44:24.0874 4444  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:44:24.0906 4444  ArcSoftKsUFilter - ok
15:44:24.0921 4444  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:44:25.0030 4444  AsyncMac - ok
15:44:25.0077 4444  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\DRIVERS\atapi.sys
15:44:25.0093 4444  atapi - ok
15:44:25.0155 4444  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:44:25.0280 4444  AudioEndpointBuilder - ok
15:44:25.0296 4444  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:44:25.0452 4444  AudioSrv - ok
15:44:25.0483 4444  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
15:44:25.0514 4444  avgntflt - ok
15:44:25.0561 4444  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
15:44:25.0608 4444  avipbb - ok
15:44:25.0654 4444  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:44:25.0764 4444  AxInstSV - ok
15:44:25.0842 4444  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
15:44:25.0920 4444  b06bdrv - ok
15:44:26.0200 4444  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:44:26.0356 4444  b57nd60a - ok
15:44:26.0403 4444  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
15:44:26.0512 4444  BDESVC - ok
15:44:26.0544 4444  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
15:44:26.0637 4444  Beep - ok
15:44:26.0715 4444  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
15:44:26.0809 4444  BFE - ok
15:44:26.0871 4444  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
15:44:27.0012 4444  BITS - ok
15:44:27.0043 4444  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:44:27.0121 4444  blbdrive - ok
15:44:27.0230 4444  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:44:27.0355 4444  bowser - ok
15:44:27.0402 4444  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
15:44:27.0667 4444  BrFiltLo - ok
15:44:27.0714 4444  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
15:44:27.0792 4444  BrFiltUp - ok
15:44:27.0870 4444  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
15:44:28.0228 4444  Browser - ok
15:44:28.0431 4444  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:44:28.0946 4444  Brserid - ok
15:44:28.0977 4444  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:44:29.0055 4444  BrSerWdm - ok
15:44:29.0086 4444  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:44:29.0180 4444  BrUsbMdm - ok
15:44:29.0196 4444  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:44:29.0445 4444  BrUsbSer - ok
15:44:29.0539 4444  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
15:44:29.0617 4444  BTHMODEM - ok
15:44:29.0679 4444  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
15:44:29.0882 4444  bthserv - ok
15:44:29.0913 4444  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:44:30.0085 4444  cdfs - ok
15:44:30.0506 4444  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:44:30.0584 4444  cdrom - ok
15:44:30.0662 4444  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
15:44:30.0818 4444  CertPropSvc - ok
15:44:31.0114 4444  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
15:44:31.0270 4444  circlass - ok
15:44:31.0458 4444  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
15:44:31.0489 4444  CLFS - ok
15:44:31.0567 4444  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:31.0582 4444  clr_optimization_v2.0.50727_32 - ok
15:44:31.0629 4444  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:31.0645 4444  clr_optimization_v2.0.50727_64 - ok
15:44:31.0832 4444  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:31.0848 4444  clr_optimization_v4.0.30319_32 - ok
15:44:31.0894 4444  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:31.0910 4444  clr_optimization_v4.0.30319_64 - ok
15:44:31.0941 4444  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:44:32.0035 4444  CmBatt - ok
15:44:32.0097 4444  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
15:44:32.0113 4444  cmdide - ok
15:44:32.0316 4444  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
15:44:32.0394 4444  CNG - ok
15:44:32.0456 4444  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:44:32.0472 4444  Compbatt - ok
15:44:32.0518 4444  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
15:44:32.0581 4444  CompositeBus - ok
15:44:32.0612 4444  COMSysApp - ok
15:44:32.0612 4444  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
15:44:32.0628 4444  crcdisk - ok
15:44:32.0674 4444  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:44:32.0830 4444  CryptSvc - ok
15:44:32.0893 4444  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:44:33.0049 4444  DcomLaunch - ok
15:44:33.0080 4444  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
15:44:33.0205 4444  defragsvc - ok
15:44:33.0236 4444  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:44:33.0454 4444  DfsC - ok
15:44:33.0532 4444  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
15:44:33.0876 4444  Dhcp - ok
15:44:33.0922 4444  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
15:44:34.0219 4444  discache - ok
15:44:34.0234 4444  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:44:34.0250 4444  Disk - ok
15:44:34.0312 4444  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:44:34.0406 4444  Dnscache - ok
15:44:34.0453 4444  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
15:44:34.0562 4444  dot3svc - ok
15:44:34.0640 4444  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
15:44:34.0765 4444  DPS - ok
15:44:34.0827 4444  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:44:34.0874 4444  drmkaud - ok
15:44:34.0999 4444  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:44:35.0030 4444  DXGKrnl - ok
15:44:35.0077 4444  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
15:44:35.0170 4444  EapHost - ok
15:44:35.0311 4444  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
15:44:35.0545 4444  ebdrv - ok
15:44:35.0576 4444  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
15:44:35.0654 4444  EFS - ok
15:44:35.0810 4444  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
15:44:35.0904 4444  ehRecvr - ok
15:44:35.0950 4444  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
15:44:36.0153 4444  ehSched - ok
15:44:36.0216 4444  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
15:44:36.0262 4444  elxstor - ok
15:44:36.0356 4444  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
15:44:36.0668 4444  ErrDev - ok
15:44:36.0715 4444  [ 06C94BE9D9E1E6411429433A64A76936 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
15:44:36.0824 4444  ETD - ok
15:44:36.0902 4444  [ 89D11159B361DD1EAC5DD4E9895C04A4 ] EUCR            C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:44:36.0918 4444  EUCR - ok
15:44:37.0011 4444  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
15:44:37.0448 4444  EventSystem - ok
15:44:37.0900 4444  [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:44:37.0994 4444  EvtEng - ok
15:44:38.0056 4444  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
15:44:38.0212 4444  exfat - ok
15:44:38.0290 4444  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:44:38.0353 4444  fastfat - ok
15:44:38.0415 4444  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
15:44:38.0509 4444  Fax - ok
15:44:38.0540 4444  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
15:44:38.0571 4444  fdc - ok
15:44:38.0634 4444  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
15:44:38.0774 4444  fdPHost - ok
15:44:38.0790 4444  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
15:44:38.0899 4444  FDResPub - ok
15:44:38.0930 4444  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:44:38.0946 4444  FileInfo - ok
15:44:38.0961 4444  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:44:39.0055 4444  Filetrace - ok
15:44:39.0102 4444  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:44:39.0148 4444  flpydisk - ok
15:44:39.0195 4444  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:44:39.0242 4444  FltMgr - ok
15:44:39.0336 4444  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
15:44:39.0414 4444  FontCache - ok
15:44:39.0523 4444  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:39.0538 4444  FontCache3.0.0.0 - ok
15:44:39.0570 4444  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:44:39.0585 4444  FsDepends - ok
15:44:39.0616 4444  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:44:39.0648 4444  Fs_Rec - ok
15:44:39.0694 4444  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:44:39.0726 4444  fvevol - ok
15:44:39.0741 4444  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
15:44:39.0757 4444  gagp30kx - ok
15:44:39.0835 4444  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
15:44:39.0975 4444  gpsvc - ok
15:44:40.0069 4444  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:44:40.0116 4444  gusvc - ok
15:44:40.0131 4444  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:44:40.0272 4444  hcw85cir - ok
15:44:40.0350 4444  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:44:40.0428 4444  HdAudAddService - ok
15:44:40.0459 4444  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
15:44:40.0615 4444  HDAudBus - ok
15:44:40.0677 4444  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
15:44:40.0708 4444  HECIx64 - ok
15:44:40.0724 4444  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
15:44:40.0974 4444  HidBatt - ok
15:44:40.0989 4444  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
15:44:41.0052 4444  HidBth - ok
15:44:41.0083 4444  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
15:44:41.0114 4444  HidIr - ok
15:44:41.0145 4444  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
15:44:41.0254 4444  hidserv - ok
15:44:41.0332 4444  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:44:41.0457 4444  HidUsb - ok
15:44:41.0473 4444  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:44:41.0582 4444  hkmsvc - ok
15:44:41.0660 4444  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:44:41.0769 4444  HomeGroupListener - ok
15:44:41.0816 4444  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:44:41.0988 4444  HomeGroupProvider - ok
15:44:42.0034 4444  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
15:44:42.0066 4444  HpSAMD - ok
15:44:42.0144 4444  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:44:42.0424 4444  HTTP - ok
15:44:42.0518 4444  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:44:42.0534 4444  hwpolicy - ok
15:44:42.0596 4444  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:44:42.0658 4444  i8042prt - ok
15:44:42.0705 4444  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:44:42.0736 4444  iaStor - ok
15:44:42.0861 4444  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:44:42.0877 4444  IAStorDataMgrSvc - ok
15:44:42.0939 4444  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:44:42.0970 4444  iaStorV - ok
15:44:43.0064 4444  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:43.0126 4444  idsvc - ok
15:44:43.0610 4444  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
15:44:44.0203 4444  igfx - ok
15:44:44.0250 4444  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
15:44:44.0281 4444  iirsp - ok
15:44:44.0374 4444  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
15:44:44.0499 4444  IKEEXT - ok
15:44:44.0530 4444  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
15:44:44.0764 4444  Impcd - ok
15:44:44.0905 4444  [ B88E24BD77A0CE2CFFEE2FACF1151BE0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:44:44.0983 4444  IntcAzAudAddService - ok
15:44:45.0076 4444  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
15:44:45.0154 4444  IntcDAud - ok
15:44:45.0170 4444  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\DRIVERS\intelide.sys
15:44:45.0186 4444  intelide - ok
15:44:45.0232 4444  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:44:45.0326 4444  intelppm - ok
15:44:45.0373 4444  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:44:45.0482 4444  IPBusEnum - ok
15:44:45.0560 4444  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:44:45.0622 4444  IpFilterDriver - ok
15:44:45.0685 4444  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:44:46.0090 4444  iphlpsvc - ok
15:44:46.0137 4444  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
15:44:46.0340 4444  IPMIDRV - ok
15:44:46.0371 4444  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:44:46.0527 4444  IPNAT - ok
15:44:46.0574 4444  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:44:46.0683 4444  IRENUM - ok
15:44:46.0730 4444  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
15:44:46.0746 4444  isapnp - ok
15:44:46.0777 4444  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
15:44:46.0808 4444  iScsiPrt - ok
15:44:46.0824 4444  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:44:46.0839 4444  kbdclass - ok
15:44:46.0902 4444  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
15:44:46.0948 4444  kbdhid - ok
15:44:46.0964 4444  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
15:44:46.0980 4444  KeyIso - ok
15:44:47.0026 4444  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:44:47.0042 4444  KSecDD - ok
15:44:47.0089 4444  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:44:47.0104 4444  KSecPkg - ok
15:44:47.0136 4444  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:44:47.0245 4444  ksthunk - ok
15:44:47.0323 4444  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
15:44:47.0510 4444  KtmRm - ok
15:44:47.0557 4444  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
15:44:47.0666 4444  LanmanServer - ok
15:44:47.0728 4444  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:44:47.0869 4444  LanmanWorkstation - ok
15:44:47.0916 4444  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:44:47.0994 4444  lltdio - ok
15:44:48.0056 4444  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:44:48.0118 4444  lltdsvc - ok
15:44:48.0150 4444  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:44:48.0212 4444  lmhosts - ok
15:44:48.0306 4444  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:44:48.0352 4444  LMS - ok
15:44:48.0430 4444  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
15:44:48.0446 4444  LSI_FC - ok
15:44:48.0446 4444  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
15:44:48.0477 4444  LSI_SAS - ok
15:44:48.0508 4444  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
15:44:48.0524 4444  LSI_SAS2 - ok
15:44:48.0524 4444  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
15:44:48.0540 4444  LSI_SCSI - ok
15:44:48.0571 4444  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
15:44:48.0727 4444  luafv - ok
15:44:48.0758 4444  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\windows\system32\drivers\MBfilt64.sys
15:44:48.0774 4444  MBfilt - ok
15:44:48.0805 4444  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
15:44:48.0852 4444  Mcx2Svc - ok
15:44:48.0883 4444  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
15:44:48.0898 4444  megasas - ok
15:44:48.0945 4444  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
15:44:48.0976 4444  MegaSR - ok
15:44:49.0039 4444  MGHwCtrl - ok
15:44:49.0148 4444  [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM  C:\Program Files (x86)\System Control Manager\MSIService.exe
15:44:49.0273 4444  Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:44:49.0273 4444  Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:44:49.0335 4444  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
15:44:49.0554 4444  MMCSS - ok
15:44:49.0585 4444  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
15:44:49.0725 4444  Modem - ok
15:44:49.0756 4444  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:44:49.0834 4444  monitor - ok
15:44:49.0881 4444  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:44:49.0897 4444  mouclass - ok
15:44:49.0912 4444  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:44:50.0037 4444  mouhid - ok
15:44:50.0084 4444  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:44:50.0100 4444  mountmgr - ok
15:44:50.0146 4444  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
15:44:50.0162 4444  mpio - ok
15:44:50.0209 4444  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:44:50.0287 4444  mpsdrv - ok
15:44:50.0536 4444  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:44:50.0677 4444  MpsSvc - ok
15:44:50.0724 4444  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:44:50.0833 4444  MRxDAV - ok
15:44:50.0880 4444  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:44:50.0958 4444  mrxsmb - ok
15:44:51.0004 4444  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:44:51.0098 4444  mrxsmb10 - ok
15:44:51.0114 4444  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:44:51.0176 4444  mrxsmb20 - ok
15:44:51.0223 4444  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
15:44:51.0254 4444  msahci - ok
15:44:51.0301 4444  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
15:44:51.0332 4444  msdsm - ok
15:44:51.0379 4444  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
15:44:51.0441 4444  MSDTC - ok
15:44:51.0519 4444  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:44:51.0597 4444  Msfs - ok
15:44:51.0628 4444  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:44:51.0722 4444  mshidkmdf - ok
15:44:51.0800 4444  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
15:44:51.0816 4444  msisadrv - ok
15:44:51.0862 4444  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:44:51.0956 4444  MSiSCSI - ok
15:44:51.0956 4444  msiserver - ok
15:44:52.0034 4444  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:44:52.0143 4444  MSKSSRV - ok
15:44:52.0143 4444  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:44:52.0315 4444  MSPCLOCK - ok
15:44:52.0362 4444  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:44:52.0486 4444  MSPQM - ok
15:44:52.0518 4444  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:44:52.0533 4444  MsRPC - ok
15:44:52.0580 4444  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
15:44:52.0596 4444  mssmbios - ok
15:44:52.0611 4444  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:44:52.0767 4444  MSTEE - ok
15:44:52.0814 4444  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
15:44:52.0861 4444  MTConfig - ok
15:44:52.0908 4444  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
15:44:52.0923 4444  Mup - ok
15:44:53.0032 4444  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
15:44:53.0126 4444  napagent - ok
15:44:53.0220 4444  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:44:53.0266 4444  NativeWifiP - ok
15:44:53.0329 4444  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:44:53.0376 4444  NDIS - ok
15:44:53.0454 4444  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:44:53.0672 4444  NdisCap - ok
15:44:53.0719 4444  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:44:53.0953 4444  NdisTapi - ok
15:44:54.0327 4444  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:44:54.0702 4444  Ndisuio - ok
15:44:55.0154 4444  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:44:55.0513 4444  NdisWan - ok
15:44:55.0794 4444  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:44:56.0152 4444  NDProxy - ok
15:44:58.0867 4444  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:44:59.0881 4444  NetBIOS - ok
15:45:00.0364 4444  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:45:00.0676 4444  NetBT - ok
15:45:00.0801 4444  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
15:45:00.0832 4444  Netlogon - ok
15:45:01.0550 4444  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
15:45:01.0706 4444  Netman - ok
15:45:01.0737 4444  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
15:45:01.0831 4444  netprofm - ok
15:45:01.0862 4444  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:45:01.0878 4444  NetTcpPortSharing - ok
15:45:02.0907 4444  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\windows\system32\DRIVERS\NETw5s64.sys
15:45:03.0219 4444  NETw5s64 - ok
15:45:03.0250 4444  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
15:45:03.0282 4444  nfrd960 - ok
15:45:03.0328 4444  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:45:03.0375 4444  NlaSvc - ok
15:45:03.0391 4444  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:45:03.0453 4444  Npfs - ok
15:45:03.0500 4444  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
15:45:03.0547 4444  nsi - ok
15:45:03.0578 4444  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:45:03.0812 4444  nsiproxy - ok
15:45:04.0264 4444  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:45:04.0327 4444  Ntfs - ok
15:45:04.0420 4444  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
15:45:04.0530 4444  Null - ok
15:45:05.0715 4444  [ 56743D7B668A19BD83BCDFB1F2136738 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
15:45:06.0199 4444  nvlddmkm - ok
15:45:06.0261 4444  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:45:06.0277 4444  nvraid - ok
15:45:06.0324 4444  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:45:06.0339 4444  nvstor - ok
15:45:06.0402 4444  [ 1D462154C746161683EBB7D95D0C0AF1 ] nvsvc           C:\windows\system32\nvvsvc.exe
15:45:06.0417 4444  nvsvc - ok
15:45:06.0511 4444  [ 18F1906BFE993EAD51200E3195B3D6E2 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:45:06.0620 4444  nvUpdatusService - ok
15:45:06.0636 4444  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
15:45:06.0667 4444  nv_agp - ok
15:45:06.0729 4444  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
15:45:06.0807 4444  ohci1394 - ok
15:45:06.0963 4444  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:45:07.0072 4444  p2pimsvc - ok
15:45:07.0104 4444  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
15:45:07.0166 4444  p2psvc - ok
15:45:07.0244 4444  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
15:45:07.0322 4444  Parport - ok
15:45:07.0369 4444  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:45:07.0400 4444  partmgr - ok
15:45:07.0431 4444  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:45:07.0525 4444  PcaSvc - ok
15:45:07.0587 4444  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\DRIVERS\pci.sys
15:45:07.0634 4444  pci - ok
15:45:07.0650 4444  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
15:45:07.0681 4444  pciide - ok
15:45:07.0696 4444  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
15:45:07.0728 4444  pcmcia - ok
15:45:07.0728 4444  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
15:45:07.0743 4444  pcw - ok
15:45:07.0774 4444  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:45:07.0915 4444  PEAUTH - ok
15:45:08.0180 4444  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:45:08.0383 4444  PerfHost - ok
15:45:08.0757 4444  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
15:45:08.0929 4444  pla - ok
15:45:09.0007 4444  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:45:09.0085 4444  PlugPlay - ok
15:45:09.0116 4444  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:45:09.0210 4444  PNRPAutoReg - ok
15:45:09.0303 4444  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:45:09.0366 4444  PNRPsvc - ok
15:45:09.0475 4444  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:45:09.0646 4444  PolicyAgent - ok
15:45:09.0756 4444  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
15:45:09.0896 4444  Power - ok
15:45:09.0958 4444  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:45:10.0146 4444  PptpMiniport - ok
15:45:10.0224 4444  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
15:45:10.0286 4444  Processor - ok
15:45:10.0348 4444  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
15:45:10.0442 4444  ProfSvc - ok
15:45:10.0489 4444  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:45:10.0504 4444  ProtectedStorage - ok
15:45:10.0582 4444  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:45:10.0692 4444  Psched - ok
15:45:10.0926 4444  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
15:45:11.0035 4444  ql2300 - ok
15:45:11.0144 4444  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
15:45:11.0160 4444  ql40xx - ok
15:45:11.0191 4444  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
15:45:11.0269 4444  QWAVE - ok
15:45:11.0300 4444  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:45:11.0425 4444  QWAVEdrv - ok
15:45:11.0487 4444  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:45:11.0596 4444  RasAcd - ok
15:45:11.0659 4444  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:45:11.0830 4444  RasAgileVpn - ok
15:45:11.0862 4444  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
15:45:12.0158 4444  RasAuto - ok
15:45:12.0205 4444  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:45:12.0423 4444  Rasl2tp - ok
15:45:12.0454 4444  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
15:45:12.0532 4444  RasMan - ok
15:45:12.0673 4444  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:45:12.0798 4444  RasPppoe - ok
15:45:12.0829 4444  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:45:12.0938 4444  RasSstp - ok
15:45:12.0985 4444  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:45:13.0110 4444  rdbss - ok
15:45:13.0141 4444  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
15:45:13.0219 4444  rdpbus - ok
15:45:13.0234 4444  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:45:13.0344 4444  RDPCDD - ok
15:45:13.0359 4444  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:45:13.0531 4444  RDPENCDD - ok
15:45:13.0546 4444  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:45:13.0687 4444  RDPREFMP - ok
15:45:13.0780 4444  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:45:14.0061 4444  RDPWD - ok
15:45:14.0108 4444  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:45:14.0139 4444  rdyboost - ok
15:45:14.0342 4444  [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:45:14.0373 4444  RegSrvc - ok
15:45:14.0451 4444  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:45:14.0560 4444  RemoteAccess - ok
15:45:14.0592 4444  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:45:14.0732 4444  RemoteRegistry - ok
15:45:14.0763 4444  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:45:14.0966 4444  RpcEptMapper - ok
15:45:15.0028 4444  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
15:45:15.0138 4444  RpcLocator - ok
15:45:15.0278 4444  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
15:45:15.0403 4444  RpcSs - ok
15:45:15.0481 4444  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:45:15.0637 4444  rspndr - ok
15:45:15.0699 4444  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
15:45:15.0730 4444  RTL8167 - ok
15:45:15.0746 4444  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
15:45:15.0855 4444  SamSs - ok
15:45:15.0933 4444  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
15:45:15.0964 4444  sbp2port - ok
15:45:16.0058 4444  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:45:16.0230 4444  SCardSvr - ok
15:45:16.0261 4444  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:45:16.0401 4444  scfilter - ok
15:45:16.0464 4444  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
15:45:16.0604 4444  Schedule - ok
15:45:16.0666 4444  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
15:45:16.0729 4444  SCPolicySvc - ok
15:45:16.0760 4444  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
15:45:16.0854 4444  sdbus - ok
15:45:16.0900 4444  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:45:16.0994 4444  SDRSVC - ok
15:45:17.0072 4444  SeaPort - ok
15:45:17.0103 4444  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:45:17.0212 4444  secdrv - ok
15:45:17.0306 4444  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
15:45:17.0400 4444  seclogon - ok
15:45:17.0462 4444  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
15:45:17.0571 4444  SENS - ok
15:45:17.0602 4444  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:45:17.0696 4444  SensrSvc - ok
15:45:17.0774 4444  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
15:45:17.0852 4444  Serenum - ok
15:45:17.0914 4444  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:45:18.0008 4444  Serial - ok
15:45:18.0148 4444  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:45:18.0258 4444  sermouse - ok
15:45:18.0320 4444  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
15:45:18.0429 4444  SessionEnv - ok
15:45:18.0476 4444  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\DRIVERS\sffdisk.sys
15:45:18.0538 4444  sffdisk - ok
15:45:18.0570 4444  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\DRIVERS\sffp_mmc.sys
15:45:18.0679 4444  sffp_mmc - ok
15:45:18.0694 4444  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\DRIVERS\sffp_sd.sys
15:45:18.0835 4444  sffp_sd - ok
15:45:18.0866 4444  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
15:45:18.0944 4444  sfloppy - ok
15:45:19.0084 4444  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:45:19.0178 4444  SharedAccess - ok
15:45:19.0334 4444  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:45:19.0490 4444  ShellHWDetection - ok
15:45:19.0521 4444  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
15:45:19.0552 4444  SiSRaid2 - ok
15:45:19.0677 4444  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
15:45:19.0708 4444  SiSRaid4 - ok
15:45:19.0724 4444  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:45:19.0818 4444  Smb - ok
15:45:19.0911 4444  [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial        C:\windows\system32\DRIVERS\SmSerl64.sys
15:45:20.0020 4444  smserial - ok
15:45:20.0067 4444  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:45:20.0145 4444  SNMPTRAP - ok
15:45:20.0161 4444  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
15:45:20.0192 4444  spldr - ok
15:45:20.0348 4444  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
15:45:20.0442 4444  Spooler - ok
15:45:21.0066 4444  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
15:45:21.0268 4444  sppsvc - ok
15:45:21.0300 4444  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:45:21.0378 4444  sppuinotify - ok
15:45:21.0440 4444  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
15:45:21.0487 4444  srv - ok
15:45:21.0596 4444  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:45:21.0721 4444  srv2 - ok
15:45:21.0752 4444  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:45:21.0814 4444  srvnet - ok
15:45:22.0017 4444  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:45:22.0204 4444  SSDPSRV - ok
15:45:22.0407 4444  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:45:22.0485 4444  SstpSvc - ok
15:45:22.0548 4444  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
15:45:22.0579 4444  stexstor - ok
15:45:22.0875 4444  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
15:45:22.0969 4444  stisvc - ok
15:45:23.0031 4444  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
15:45:23.0078 4444  swenum - ok
15:45:23.0265 4444  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
15:45:23.0452 4444  swprv - ok
15:45:23.0952 4444  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
15:45:24.0092 4444  SysMain - ok
15:45:24.0451 4444  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:45:24.0513 4444  TabletInputService - ok
15:45:24.0966 4444  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
15:45:25.0449 4444  TapiSrv - ok
15:45:25.0730 4444  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
15:45:25.0839 4444  TBS - ok
15:45:28.0913 4444  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:45:31.0284 4444  Tcpip - ok
15:45:32.0828 4444  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:45:32.0891 4444  TCPIP6 - ok
15:45:33.0156 4444  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:45:33.0655 4444  tcpipreg - ok
15:45:34.0107 4444  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:45:34.0341 4444  TDPIPE - ok
15:45:34.0763 4444  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:45:34.0841 4444  TDTCP - ok
15:45:34.0934 4444  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:45:35.0059 4444  tdx - ok
15:45:35.0433 4444  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
15:45:35.0480 4444  TermDD - ok
15:45:35.0761 4444  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
15:45:35.0917 4444  TermService - ok
15:45:36.0042 4444  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
15:45:36.0135 4444  Themes - ok
15:45:36.0151 4444  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
15:45:36.0229 4444  THREADORDER - ok
15:45:36.0291 4444  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
15:45:36.0557 4444  TrkWks - ok
15:45:36.0744 4444  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:45:36.0978 4444  TrustedInstaller - ok
15:45:37.0040 4444  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:45:37.0196 4444  tssecsrv - ok
15:45:37.0305 4444  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:45:37.0493 4444  tunnel - ok
15:45:37.0555 4444  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
15:45:37.0633 4444  uagp35 - ok
15:45:37.0773 4444  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:45:37.0867 4444  udfs - ok
15:45:37.0945 4444  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:45:38.0054 4444  UI0Detect - ok
15:45:38.0085 4444  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
15:45:38.0132 4444  uliagpkx - ok
15:45:38.0179 4444  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
15:45:38.0288 4444  umbus - ok
15:45:38.0351 4444  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
15:45:38.0538 4444  UmPass - ok
15:45:39.0489 4444  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:45:39.0661 4444  UNS - ok
15:45:39.0786 4444  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
15:45:39.0973 4444  upnphost - ok
15:45:40.0035 4444  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:45:40.0191 4444  usbccgp - ok
15:45:40.0223 4444  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
15:45:40.0394 4444  usbcir - ok
15:45:40.0441 4444  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
15:45:40.0597 4444  usbehci - ok
15:45:40.0644 4444  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:45:40.0769 4444  usbhub - ok
15:45:40.0847 4444  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:45:40.0987 4444  usbohci - ok
15:45:41.0034 4444  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:45:41.0065 4444  usbprint - ok
15:45:41.0159 4444  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:45:41.0283 4444  usbscan - ok
15:45:41.0299 4444  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:45:41.0393 4444  USBSTOR - ok
15:45:41.0439 4444  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
15:45:41.0455 4444  usbuhci - ok
15:45:41.0533 4444  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
15:45:41.0611 4444  usbvideo - ok
15:45:41.0658 4444  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
15:45:41.0798 4444  UxSms - ok
15:45:41.0845 4444  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
15:45:41.0907 4444  VaultSvc - ok
15:45:41.0954 4444  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
15:45:41.0970 4444  vdrvroot - ok
15:45:42.0001 4444  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
15:45:42.0157 4444  vds - ok
15:45:42.0204 4444  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:45:42.0235 4444  vga - ok
15:45:42.0251 4444  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
15:45:42.0344 4444  VgaSave - ok
15:45:42.0407 4444  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
15:45:42.0422 4444  vhdmp - ok
15:45:42.0453 4444  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\DRIVERS\viaide.sys
15:45:42.0469 4444  viaide - ok
15:45:42.0500 4444  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
15:45:42.0516 4444  volmgr - ok
15:45:42.0609 4444  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:45:42.0656 4444  volmgrx - ok
15:45:42.0672 4444  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\DRIVERS\volsnap.sys
15:45:42.0719 4444  volsnap - ok
15:45:42.0750 4444  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
15:45:42.0828 4444  vsmraid - ok
15:45:42.0921 4444  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
15:45:43.0077 4444  VSS - ok
15:45:43.0155 4444  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:45:43.0265 4444  vwifibus - ok
15:45:43.0327 4444  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:45:43.0639 4444  vwififlt - ok
15:45:43.0686 4444  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
15:45:43.0748 4444  vwifimp - ok
15:45:43.0826 4444  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
15:45:43.0920 4444  W32Time - ok
15:45:43.0982 4444  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
15:45:44.0045 4444  WacomPen - ok
15:45:44.0076 4444  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:45:44.0185 4444  WANARP - ok
15:45:44.0216 4444  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:45:44.0325 4444  Wanarpv6 - ok
15:45:44.0388 4444  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
15:45:44.0481 4444  wbengine - ok
15:45:44.0528 4444  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:45:44.0669 4444  WbioSrvc - ok
15:45:44.0747 4444  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:45:44.0903 4444  wcncsvc - ok
15:45:44.0934 4444  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:45:45.0199 4444  WcsPlugInService - ok
15:45:45.0277 4444  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
15:45:45.0293 4444  Wd - ok
15:45:45.0355 4444  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:45:45.0386 4444  Wdf01000 - ok
15:45:45.0464 4444  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:45:45.0620 4444  WdiServiceHost - ok
15:45:45.0620 4444  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:45:45.0651 4444  WdiSystemHost - ok
15:45:45.0683 4444  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
15:45:45.0792 4444  WebClient - ok
15:45:45.0839 4444  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:45:45.0948 4444  Wecsvc - ok
15:45:45.0995 4444  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:45:46.0104 4444  wercplsupport - ok
15:45:46.0104 4444  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
15:45:46.0229 4444  WerSvc - ok
15:45:46.0275 4444  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:45:46.0338 4444  WfpLwf - ok
15:45:46.0369 4444  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:45:46.0385 4444  WIMMount - ok
15:45:46.0416 4444  WinDefend - ok
15:45:46.0478 4444  WinHttpAutoProxySvc - ok
15:45:46.0619 4444  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:45:46.0712 4444  Winmgmt - ok
15:45:46.0853 4444  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
15:45:47.0055 4444  WinRM - ok
15:45:47.0445 4444  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
15:45:47.0679 4444  Wlansvc - ok
15:45:47.0726 4444  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
15:45:47.0960 4444  WmiAcpi - ok
15:45:48.0085 4444  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:45:48.0366 4444  wmiApSrv - ok
15:45:48.0413 4444  WMPNetworkSvc - ok
15:45:48.0662 4444  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:45:48.0709 4444  WPCSvc - ok
15:45:48.0756 4444  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:45:48.0818 4444  WPDBusEnum - ok
15:45:48.0881 4444  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:45:49.0083 4444  ws2ifsl - ok
15:45:49.0208 4444  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
15:45:49.0567 4444  wscsvc - ok
15:45:49.0583 4444  WSearch - ok
15:45:50.0394 4444  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
15:45:50.0690 4444  wuauserv - ok
15:45:50.0846 4444  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:45:51.0158 4444  WudfPf - ok
15:45:51.0517 4444  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:45:51.0642 4444  WUDFRd - ok
15:45:51.0704 4444  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:45:51.0954 4444  wudfsvc - ok
15:45:52.0406 4444  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
15:45:52.0547 4444  WwanSvc - ok
15:45:52.0578 4444  ================ Scan global ===============================
15:45:52.0625 4444  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:45:52.0656 4444  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:45:52.0656 4444  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:45:52.0687 4444  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:45:52.0734 4444  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:45:52.0749 4444  [Global] - ok
15:45:52.0749 4444  ================ Scan MBR ==================================
15:45:52.0765 4444  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:45:54.0387 4444  \Device\Harddisk0\DR0 - ok
15:45:54.0387 4444  ================ Scan VBR ==================================
15:45:54.0403 4444  [ A13DE69D4AFCC593E4EB91CD3E2EE5FF ] \Device\Harddisk0\DR0\Partition1
15:45:54.0403 4444  \Device\Harddisk0\DR0\Partition1 - ok
15:45:54.0434 4444  [ 48BBB580535D6A5C76544E6AA218D4CE ] \Device\Harddisk0\DR0\Partition2
15:45:54.0450 4444  \Device\Harddisk0\DR0\Partition2 - ok
15:45:54.0450 4444  ============================================================
15:45:54.0450 4444  Scan finished
15:45:54.0450 4444  ============================================================
15:45:54.0465 3696  Detected object count: 1
15:45:54.0465 3696  Actual detected object count: 1
15:46:39.0253 3696  Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:46:39.0253 3696  Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Geändert von maxzZ (27.12.2012 um 15:56 Uhr)

Alt 27.12.2012, 16:19   #4
markusg
/// Malware-holic
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi
man sollte sowieso, wenn man mit dem Laptop arbeitet, und den Akku nicht braucht, diesen draußen lassen, dann hält er länger.
wir schaun mal weiter:
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 18:17   #5
maxzZ
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,

anbei die Log file

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-27.03 - *** 27.12.2012  16:48:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.0.1252.49.1031.18.3886.2040 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5515461936.sys
c:\users\***\AppData\Local\Temp\nsvF7D.tmp\System.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 16:58 . 2012-12-27 16:58	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 16:58 . 2012-12-27 16:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-26 14:10 . 2012-12-26 14:10	16200	----a-w-	c:\windows\stinger.sys
2012-12-26 14:09 . 2012-12-26 14:19	--------	d-----w-	c:\program files (x86)\stinger
2012-12-26 13:38 . 2012-12-26 15:16	--------	d-----w-	c:\users\***\AppData\Roaming\QuickScan
2012-12-26 13:07 . 2012-12-26 13:07	--------	d-----w-	C:\b8468f5195f3d8a1b1
2012-12-21 09:17 . 2012-12-21 09:17	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A0F597-2220-4BC0-91EF-EAF07AAF81AF}\offreg.dll
2012-12-21 07:12 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A0F597-2220-4BC0-91EF-EAF07AAF81AF}\mpengine.dll
2012-12-15 19:30 . 2012-12-15 19:30	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-12 07:14 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 07:12 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 07:12 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-11-29 15:15 . 2012-11-29 15:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-29 15:15 . 2012-11-29 15:15	--------	d-----w-	c:\programdata\Ask
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 13:35 . 2012-04-01 13:17	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-26 13:35 . 2011-06-10 16:29	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:29 . 2011-05-02 08:05	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-10-30 18:39 . 2012-10-30 18:39	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 11:03	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:03	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:03	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-20 12:38	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-20 12:38	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-20 12:38	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-20 12:38	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:45 . 2012-12-12 07:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-20 12:38	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-20 12:38	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-20 12:38	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-20 12:38	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-20 12:38	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-20 12:38	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-20 12:38	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-20 12:38	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-20 12:38	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-20 12:38	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-20 12:38	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-06-05 2486272]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-05-16 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-26 10816544]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkqkoh5v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q=
FF - ExtSQL: 2012-11-29 16:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-26 14:38; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkqkoh5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8w92edoG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 34abe40b000000000000001e6461afff
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8w92edoG
FF - user.js: extensions.incredibar_i.upn2n - 92824543676105406
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{634F79E1-2A41-4C40-9E8D-89EC740AC9D6} - c:\program files (x86)\InstallShield Installation Information\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-27  18:07:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-27 17:07
.
Vor Suchlauf: 13 Verzeichnis(se), 132.827.443.200 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 133.614.186.496 Bytes frei
.
- - End Of File - - E528FB14684640B116E14249E7EA4F7C
         
--- --- ---


Alt 27.12.2012, 19:44   #6
markusg
/// Malware-holic
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%

Alt 28.12.2012, 12:55   #7
maxzZ
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,

Malewarebytes hat nichts gefunden.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
daum :: DAUM-MSI [Administrator]

27.12.2012 23:01:14
mbam-log-2012-12-27 (23-01-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435807
Laufzeit: 2 Stunde(n), 1 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 28.12.2012, 14:32   #8
markusg
/// Malware-holic
 
Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Standard

Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%



Hi,
sieht alles soweit ok aus.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%
0x80004005, antivir, antivirus, avira, bho, converter, error, fehler 0x80004005, firefox, flash player, hijack, hijackthis, home, install.exe, logfile, mozilla, mp3, msiinstaller, problem, realtek, registry, scan, security, software, svchost.exe, taskmanager, unter windows xp, windows, windows internet, windows xp, zugriff verweigert



Ähnliche Themen: Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%


  1. PC fährt mehrfach hoch und runter (Update-Problem)
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (19)
  2. Win7 (x86) - Maus klickt mehrfach
    Log-Analyse und Auswertung - 07.01.2015 (21)
  3. Zip Anhang in E-Bay Mahnung mehrfach angeklickt
    Log-Analyse und Auswertung - 19.08.2014 (11)
  4. Taskmanager geht nicht mehr Windows 7 Taskmanager trojaner 2014
    Alles rund um Windows - 18.06.2014 (48)
  5. TR/BProtector.Gen mehrfach auf Windows /
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (7)
  6. Mehrfach iexplorer.exe in den Prozessen
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (12)
  7. Firefox öffnet sich mehrfach
    Antiviren-, Firewall- und andere Schutzprogramme - 17.08.2012 (3)
  8. ('TR/Dldr.Karagany.I.106') mehrfach gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (3)
  9. TR/ATRAPS.Gen mehrfach von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (3)
  10. Audio HD Driver und mehrfach Explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (11)
  11. firefox.exe mehrfach im Taskmanager & Internetprobleme
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (11)
  12. Trojaner mit TAN-Abfrage wie mehrfach beschrieben
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (7)
  13. weder Zugriff auf die Registry, den Taskmanager, noch online update
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (20)
  14. TR/Agent.ruo mehrfach aufgefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (23)
  15. !!! mehrfach (4-6) iexploer.exe im taskmanager + lahmer systemstart
    Log-Analyse und Auswertung - 19.08.2009 (1)
  16. wie erstelle ich eine mehrfach cdrom
    Alles rund um Windows - 30.03.2007 (8)
  17. icons in systemsteuerung mehrfach
    Alles rund um Windows - 15.09.2006 (5)

Zum Thema Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% - Hallo zusammen, wie der Titel schon sagt, ist im Taskmanager mehrfach (ca. 10mal) eine Update.exe vorhanden, die sich immer wieder selbst beendet und neu startet. Habe also keine Möglichkeit die - Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%...
Archiv
Du betrachtest: Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.