Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer ist gesperrt - GVU

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2012, 17:07   #1
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo liebe Community,

wie scheinbar viele andere, habe auch ich das Problem GVU-Trojaner am Hals.
Vielleicht kann mir jemand helfen, diesen Schädling zu entfernen.
Vielen Dank!


Nachtrag:
Was ich noch vergessen habe zu sagen: In meiner ersten Verzweiflung habe ich den Computer runtergefahren, im abgesicherten Modus gestartet und Malwarebytes drüberlaufen lassen. Er fand 3 infizierte Dateien (Exploit.Drop.GS, Expolit.Drop.GSA und Trojan.Ransom.SUGen).

Geändert von Andi_LA (28.12.2012 um 17:19 Uhr)

Alt 28.12.2012, 17:22   #2
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hi
das nächste Mal nicht einfach wild drauf los löschen.
poste mMalwarebytes Logs mit Funden:
http://www.trojaner-board.de/125889-...en-posten.html
Danach:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 28.12.2012, 17:28   #3
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

danke für die schnelle Antwort. Nach dem Fund von Malwarebytes habe ich nichts weiter unternommen. Ich hab dann schnellstens die Finger von meinem infizierten Laptop genommen.

Das Logfile von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.28.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Andreas :: AL [Administrator]

28.12.2012 17:41:37
MBAM-log-2012-12-28 (18-23-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336529
Laufzeit: 15 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Andreas\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt.

(Ende)
         

OTL werde ich nun gleich erledigen.
__________________

Alt 28.12.2012, 17:31   #4
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hi
die Funde kannst du löschen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 17:53   #5
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

anbei die OTL Inhalte:

Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 28.12.2012 18:31:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,48% Memory free
4,00 Gb Paging File | 3,57 Gb Available in Paging File | 89,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 24,02 Gb Free Space | 43,04% Space Free | Partition Type: NTFS
 
Computer Name: AL | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9370DA-3BC1-40C5-8969-A28668FE16EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B09C1E0-6C2D-44C9-B2AD-CF16B602EEB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28F8EAA9-B98F-4925-8450-F16B1EF8B427}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2E42D866-EF6D-4511-B445-3C8F71229B5E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{34077668-C2CD-434E-8D4C-EBF6BD6A544B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4AAF7001-86B5-46A5-996F-BB07E2100275}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5B366C53-FE52-43CF-90FC-9FE8CB26F2E4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{631F06CD-32A9-419C-8B5B-981FBAF9ACAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{657AD9F7-B513-4E83-82E0-A32212AD8AB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C10D2AB-3D63-4CBC-A5EE-F4AF2C78A103}" = lport=445 | protocol=6 | dir=in | app=system | 
"{87A336DB-8131-4453-9932-8B783D3DAA2D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8861A9C7-21F1-491F-8042-BE869CA3CC1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9877E05A-0600-43B4-96CE-75E096F9F1FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B0F23B2E-3181-40EC-AF5A-B6B666EB3B06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B21985B6-6F2A-4DA8-B440-45CEE51B94A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B47B36CE-6EF7-4DFB-8B45-B8069FB9DDCA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C0CBA233-E1AC-44B1-8260-9E7B03EFD645}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C427A65F-5F3D-4348-9C22-B3C555E6569A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D23FAFCC-3009-495A-B428-7E02004EF7B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6845991-F5C0-4E82-9E2C-2D441F974092}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9082A4D-978F-47A0-8991-DE3620317E50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE78E36B-8EF7-4DAC-8EC9-4EB9B48F741B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFD145D6-5D32-4D06-9AB2-CA45FC97F8F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E17B30F4-3B28-4575-80E6-D9548542C078}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ED0F3F32-6B34-4DA7-A996-35E85A623BAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F32D7792-F2DA-4D5F-906E-0D7DC6D62E32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6E26891-60A1-43C3-9464-11FBDA6B88D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FA876EB6-7993-4DA5-9B9B-8A5C050A5421}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FAF5D81D-73EF-4D09-8F9A-AE1D85464CE9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FDD743A2-EEB1-44D7-A855-4EEEF42E092E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FFE0307F-1B31-4E1A-BE69-667616351362}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1765C9E0-231A-4AD0-9E84-EC50DE7A6A26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2290F40A-CC88-4F89-8CB4-21EC07A92607}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31D8BB1B-0FF8-4199-A655-683BB1C9FF6A}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{439F218A-C5DB-4B87-BA92-4B7D703AD91C}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{535ABD48-CACA-4351-AE68-6867E7FED8A5}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{585E0EFB-230F-42A3-ADB9-18FB45EEACE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7273BC92-0651-43AA-87C0-7D6C6738F8F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72908349-AACD-4FE6-BBFE-A1BD347B4387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DB520EC-275A-44FA-9CEA-5A8F78EE0BEC}" = protocol=17 | dir=in | app=c:\users\andreas\desktop\download\sweetimsetup.exe | 
"{856B0EB2-1502-427C-A845-92E30B639CD2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{85E26858-F2F8-40F5-8EAC-972D7C8F98A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D24BDED-2548-43DE-8941-DEC183583D95}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{92B18330-2AA3-4B6A-9C50-FF42BBB8BE0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3F1E8ED-1B03-4EE6-A322-7A34FAD7327C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B942B47F-958F-4F14-8580-11DC9C4F25DF}" = protocol=6 | dir=out | app=system | 
"{C713C8C3-4542-4636-9BE5-8994C9214D4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9FE0060-0A23-44CD-93BC-A0CFBF912B77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4142614-AC4A-4BCA-AB89-DDE44C296F20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC2E54E5-E38B-48A7-8299-D69DE91849D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E11B6610-A5B0-44B5-8669-D9591AE16EF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F22BF934-8CDE-4FDB-BE36-179A962051CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC6BCFC2-1246-454B-ABDD-A2940EF93AB1}" = protocol=6 | dir=in | app=c:\users\andreas\desktop\download\sweetimsetup.exe | 
"{FC7C9AD1-E79F-447B-B9B7-9F24EB1AD423}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{F4543487-3F3B-4AD8-A04F-38918AD21FE4}C:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
"UDP Query User{D1F7A37A-234F-40E7-B5CA-EE6BFBF3D0DD}C:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0150040}" = J2SE Development Kit 5.0 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader_is1" = Foxit Reader 5.1
"GetSolar_is1" = GetSolar 8.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20110822 code)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Sweet Home 3D_is1" = Sweet Home 3D version 3.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WinSchafkopf XP" = WinSchafkopf XP
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"5006ead68dbe7de2" = EnEV-Rechner
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2012 05:51:58 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.12.2012 05:51:58 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2012 16:19:25 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075dd0  ID des fehlerhaften Prozesses:
 0x950  Startzeit der fehlerhaften Anwendung: 0x01cdd7126d19b7f4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\gnubg\gnubg.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\gnubg\gnubg.exe  Berichtskennung: e3a8f45e-4306-11e2-8559-001a6bbcc305
 
Error - 10.12.2012 17:47:39 | Computer Name = AL | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.48 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d80    Startzeit: 
01cdd71c14230c8e    Endzeit: 1779    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID:
 2b94c9de-4313-11e2-b1b9-001a6bbcc305  
 
Error - 15.12.2012 04:47:00 | Computer Name = AL | Source = System Restore | ID = 8193
Description = 
 
Error - 17.12.2012 15:59:56 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075dd0  ID des fehlerhaften Prozesses:
 0xe78  Startzeit der fehlerhaften Anwendung: 0x01cddc90c49008f5  Pfad der fehlerhaften
 Anwendung: C:\Program Files\gnubg\gnubg.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\gnubg\gnubg.exe  Berichtskennung: 53cb6457-4884-11e2-a36c-001a6bbcc305
 
Error - 23.12.2012 05:57:37 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e51d89c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075dd0  ID des fehlerhaften Prozesses:
 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01cde0f2eb98b4cf  Pfad der fehlerhaften
 Anwendung: C:\Program Files\gnubg\gnubg.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\gnubg\gnubg.exe  Berichtskennung: 2dafb95d-4ce7-11e2-a36c-001a6bbcc305
 
Error - 24.12.2012 08:09:47 | Computer Name = AL | Source = System Restore | ID = 8193
Description = 
 
Error - 28.12.2012 12:38:14 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2012 12:38:14 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 17.11.2012 12:21:31 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 23.11.2012 08:42:45 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 25.11.2012 05:47:53 | Computer Name = AL | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 26.11.2012 12:10:37 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 01.12.2012 05:15:06 | Computer Name = AL | Source = volsnap | ID = 393283
Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert
 werden.
 
Error - 02.12.2012 05:05:26 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 04.12.2012 14:51:02 | Computer Name = AL | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.108  registriert werden. Der Computer mit IP-Adresse 192.168.2.10
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 08.12.2012 07:29:19 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 09.12.2012 16:41:27 | Computer Name = AL | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?12.?2012 um 21:40:09 unerwartet heruntergefahren.
 
Error - 10.12.2012 17:14:56 | Computer Name = AL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147014874
 
 
< End of report >
         

OTL.Txt:

Code:
ATTFilter
OTL logfile created on: 28.12.2012 18:31:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,48% Memory free
4,00 Gb Paging File | 3,57 Gb Available in Paging File | 89,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 24,02 Gb Free Space | 43,04% Space Free | Partition Type: NTFS
 
Computer Name: AL | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.28 18:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.01 10:48:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.12 08:27:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.12 08:27:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.12 08:27:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.12 08:27:49 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.12 08:27:49 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.11.22 14:20:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.13 23:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 63 F7 EF 19 02 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3C5A2A44-2396-4015-A903-159399DD95EE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: status4evar@caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_ptnrs=%5EABT&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 10:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.03 09:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.07 18:45:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 10:49:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 10:48:58 | 000,000,000 | ---D | M]
 
[2011.09.24 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2012.11.05 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions
[2012.10.25 22:04:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions\firefox@ghostery.com
[2012.09.15 07:58:11 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions\toolbar@ask.com
[2012.06.29 14:04:48 | 000,811,915 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\ffe_ff3ff4@game-point.net.xpi
[2012.07.10 20:48:03 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\status4evar@caligonstudios.com.xpi
[2012.11.05 17:36:43 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.09.15 07:58:10 | 000,002,344 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\searchplugins\askcom.xml
[2012.08.15 09:46:19 | 000,003,915 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\searchplugins\sweetim.xml
[2012.11.01 10:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 10:49:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 20:51:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} hxxp://www.mediapromote.de/download/o2cplayerAC/o2cplayerac.cab (O2C-Player - area constructor view (ELECO Software GmbH))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 18:30:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2012.12.28 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Programs
[2012.12.28 17:32:53 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll
[2012.12.23 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\IsolatedStorage
[2012.12.23 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bundesverband Leichtbeton e.V
[2012.12.23 16:24:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Deployment
[2012.12.10 22:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.10 21:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 18:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2012.12.28 17:43:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.28 17:43:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.28 17:43:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.28 17:43:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.28 17:41:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 17:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 17:38:07 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 17:34:23 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 17:32:54 | 000,002,939 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 17:32:54 | 000,001,053 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.28 17:32:53 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll
[2012.12.25 10:57:52 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 10:57:52 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.24 13:28:24 | 000,294,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.23 16:24:59 | 000,000,418 | ---- | M] () -- C:\Users\Andreas\Desktop\EnEV-Rechner.appref-ms
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.10 22:14:38 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.06 20:08:50 | 000,953,897 | ---- | M] () -- C:\Users\Andreas\Desktop\4. Vorentwurf-5.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.28 17:32:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 17:32:54 | 000,002,939 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 17:32:54 | 000,001,053 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.23 16:24:59 | 000,000,418 | ---- | C] () -- C:\Users\Andreas\Desktop\EnEV-Rechner.appref-ms
[2012.12.07 13:38:58 | 000,953,897 | ---- | C] () -- C:\Users\Andreas\Desktop\4. Vorentwurf-5.pdf
[2012.10.05 17:10:51 | 000,000,218 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2011.11.15 19:22:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.10.16 20:02:44 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.09.25 19:58:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.01.19 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software
[2012.07.24 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.10.16 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.11.15 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.09.24 10:53:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.20 21:41:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.28 17:32:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.28 14:30:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.24 10:53:11 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.28 17:38:07 | 000,000,000 | ---D | M] -- C:\Windows
[2011.09.24 11:16:28 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,024,064 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.10.05 17:10:51 | 000,000,218 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.12.28 18:33:51 | 001,835,008 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT
[2012.12.28 18:33:51 | 000,262,144 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG1
[2011.09.24 10:53:14 | 000,000,000 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG2
[2011.09.24 12:00:41 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.09.24 12:00:41 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.09.24 12:00:41 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.09.24 10:53:14 | 000,000,020 | -HS- | M] () -- C:\Users\Andreas\ntuser.ini
[2012.12.28 17:32:53 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         


Alt 28.12.2012, 18:07   #6
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.28 17:32:54 | 000,002,939 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________
--> Computer ist gesperrt - GVU

Alt 28.12.2012, 18:14   #7
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

Neustart hat geklappt, nur wegen Malwarebytes hat er gleich rumgemeckert, dass er da was nicht ausführen kann.

Hier die Txt Datei von OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Andreas
->Flash cache emptied: 515 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Andreas
->Temp folder emptied: 335133309 bytes
->Temporary Internet Files folder emptied: 200078302 bytes
->Java cache emptied: 15602039 bytes
->FireFox cache emptied: 392794506 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88775379 bytes
RecycleBin emptied: 11322786 bytes
 
Total Files Cleaned = 995,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_190947

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Nachtrag:

Der Flash Player will aktualisiert werden. Darf ich das jetzt schon machen?

Rein aus Interesse gleich noch ne Frage: reicht avira als Schutz oder sollten noch weitere Maßnahmen ergriffen werden?

Geändert von Andi_LA (28.12.2012 um 18:36 Uhr)

Alt 30.12.2012, 13:14   #8
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

ich weiß es ist erst der zweite Tag nach deiner letzten Antwort, aber ich wollte schon mal kurz nachfragen, wie es nun aussieht mit meinem System

Alt 02.01.2013, 19:52   #9
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



War im Urlaub, steht eig ja auch in meiner Signatur...
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 20:02   #10
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

danke für die Antwort.

Funde tauchten keine auf.
Hier der Report vom TDSSKiller:

Code:
ATTFilter
20:58:11.0871 5564  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:58:12.0230 5564  ============================================================
20:58:12.0230 5564  Current date / time: 2013/01/02 20:58:12.0230
20:58:12.0230 5564  SystemInfo:
20:58:12.0230 5564  
20:58:12.0230 5564  OS Version: 6.1.7601 ServicePack: 1.0
20:58:12.0230 5564  Product type: Workstation
20:58:12.0230 5564  ComputerName: AL
20:58:12.0230 5564  UserName: Andreas
20:58:12.0230 5564  Windows directory: C:\Windows
20:58:12.0230 5564  System windows directory: C:\Windows
20:58:12.0230 5564  Processor architecture: Intel x86
20:58:12.0230 5564  Number of processors: 2
20:58:12.0230 5564  Page size: 0x1000
20:58:12.0230 5564  Boot type: Normal boot
20:58:12.0230 5564  ============================================================
20:58:12.0589 5564  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:58:12.0589 5564  ============================================================
20:58:12.0589 5564  \Device\Harddisk0\DR0:
20:58:12.0589 5564  MBR partitions:
20:58:12.0589 5564  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:58:12.0589 5564  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
20:58:12.0589 5564  ============================================================
20:58:12.0589 5564  C: <-> \Device\Harddisk0\DR0\Partition2
20:58:12.0589 5564  ============================================================
20:58:12.0589 5564  Initialize success
20:58:12.0589 5564  ============================================================
20:58:36.0785 5664  ============================================================
20:58:36.0785 5664  Scan started
20:58:36.0785 5664  Mode: Manual; SigCheck; TDLFS; 
20:58:36.0785 5664  ============================================================
20:58:36.0894 5664  ================ Scan system memory ========================
20:58:36.0894 5664  System memory - ok
20:58:36.0894 5664  ================ Scan services =============================
20:58:36.0956 5664  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:58:37.0003 5664  1394ohci - ok
20:58:37.0019 5664  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:58:37.0034 5664  ACPI - ok
20:58:37.0050 5664  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:58:37.0066 5664  AcpiPmi - ok
20:58:37.0081 5664  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:58:37.0112 5664  adp94xx - ok
20:58:37.0112 5664  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:58:37.0144 5664  adpahci - ok
20:58:37.0159 5664  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:58:37.0175 5664  adpu320 - ok
20:58:37.0190 5664  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:58:37.0206 5664  AeLookupSvc - ok
20:58:37.0222 5664  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
20:58:37.0237 5664  AFD - ok
20:58:37.0237 5664  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:58:37.0268 5664  agp440 - ok
20:58:37.0268 5664  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:58:37.0284 5664  aic78xx - ok
20:58:37.0300 5664  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
20:58:37.0315 5664  ALG - ok
20:58:37.0331 5664  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:58:37.0346 5664  aliide - ok
20:58:37.0346 5664  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:58:37.0362 5664  amdagp - ok
20:58:37.0378 5664  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:58:37.0393 5664  amdide - ok
20:58:37.0393 5664  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:58:37.0424 5664  AmdK8 - ok
20:58:37.0424 5664  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:58:37.0456 5664  AmdPPM - ok
20:58:37.0456 5664  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:58:37.0471 5664  amdsata - ok
20:58:37.0487 5664  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:58:37.0502 5664  amdsbs - ok
20:58:37.0502 5664  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:58:37.0534 5664  amdxata - ok
20:58:37.0534 5664  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:58:37.0549 5664  AntiVirSchedulerService - ok
20:58:37.0565 5664  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:58:37.0565 5664  AntiVirService - ok
20:58:37.0580 5664  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:58:37.0596 5664  AntiVirWebService - ok
20:58:37.0612 5664  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
20:58:37.0658 5664  AppID - ok
20:58:37.0658 5664  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:58:37.0690 5664  AppIDSvc - ok
20:58:37.0705 5664  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
20:58:37.0736 5664  Appinfo - ok
20:58:37.0736 5664  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:58:37.0768 5664  AppMgmt - ok
20:58:37.0768 5664  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:58:37.0783 5664  arc - ok
20:58:37.0799 5664  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:58:37.0814 5664  arcsas - ok
20:58:37.0814 5664  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:37.0877 5664  AsyncMac - ok
20:58:37.0877 5664  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
20:58:37.0892 5664  atapi - ok
20:58:37.0908 5664  [ BEFE54E9BC648A3C79C917A63B6EE7DA ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
20:58:37.0939 5664  ATSwpWDF - ok
20:58:37.0955 5664  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:38.0002 5664  AudioEndpointBuilder - ok
20:58:38.0017 5664  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:58:38.0048 5664  Audiosrv - ok
20:58:38.0048 5664  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:58:38.0064 5664  avgntflt - ok
20:58:38.0080 5664  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:58:38.0095 5664  avipbb - ok
20:58:38.0111 5664  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:58:38.0126 5664  avkmgr - ok
20:58:38.0126 5664  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:58:38.0173 5664  AxInstSV - ok
20:58:38.0173 5664  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:58:38.0204 5664  b06bdrv - ok
20:58:38.0220 5664  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:58:38.0236 5664  b57nd60x - ok
20:58:38.0251 5664  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:58:38.0267 5664  BDESVC - ok
20:58:38.0282 5664  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:58:38.0314 5664  Beep - ok
20:58:38.0314 5664  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
20:58:38.0360 5664  BFE - ok
20:58:38.0376 5664  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
20:58:38.0423 5664  BITS - ok
20:58:38.0423 5664  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:38.0438 5664  blbdrive - ok
20:58:38.0454 5664  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:58:38.0470 5664  bowser - ok
20:58:38.0470 5664  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:58:38.0501 5664  BrFiltLo - ok
20:58:38.0501 5664  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:58:38.0532 5664  BrFiltUp - ok
20:58:38.0532 5664  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
20:58:38.0563 5664  Browser - ok
20:58:38.0563 5664  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:58:38.0594 5664  Brserid - ok
20:58:38.0594 5664  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:38.0626 5664  BrSerWdm - ok
20:58:38.0626 5664  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:38.0657 5664  BrUsbMdm - ok
20:58:38.0657 5664  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:38.0672 5664  BrUsbSer - ok
20:58:38.0688 5664  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:58:38.0704 5664  BthEnum - ok
20:58:38.0704 5664  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:58:38.0735 5664  BTHMODEM - ok
20:58:38.0735 5664  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:58:38.0750 5664  BthPan - ok
20:58:38.0766 5664  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:58:38.0797 5664  BTHPORT - ok
20:58:38.0797 5664  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
20:58:38.0906 5664  bthserv - ok
20:58:38.0906 5664  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:58:38.0922 5664  BTHUSB - ok
20:58:38.0938 5664  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:58:38.0969 5664  cdfs - ok
20:58:38.0969 5664  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:58:39.0000 5664  cdrom - ok
20:58:39.0000 5664  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:58:39.0031 5664  CertPropSvc - ok
20:58:39.0047 5664  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:58:39.0062 5664  circlass - ok
20:58:39.0062 5664  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
20:58:39.0094 5664  CLFS - ok
20:58:39.0094 5664  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:39.0109 5664  clr_optimization_v2.0.50727_32 - ok
20:58:39.0125 5664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:39.0140 5664  clr_optimization_v4.0.30319_32 - ok
20:58:39.0140 5664  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:58:39.0172 5664  CmBatt - ok
20:58:39.0172 5664  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:58:39.0187 5664  cmdide - ok
20:58:39.0203 5664  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:58:39.0234 5664  CNG - ok
20:58:39.0250 5664  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:58:39.0250 5664  Com4QLBEx - ok
20:58:39.0265 5664  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:58:39.0281 5664  Compbatt - ok
20:58:39.0281 5664  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:58:39.0312 5664  CompositeBus - ok
20:58:39.0312 5664  COMSysApp - ok
20:58:39.0312 5664  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:58:39.0343 5664  crcdisk - ok
20:58:39.0343 5664  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:58:39.0374 5664  CryptSvc - ok
20:58:39.0390 5664  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
20:58:39.0421 5664  CSC - ok
20:58:39.0421 5664  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
20:58:39.0452 5664  CscService - ok
20:58:39.0468 5664  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:58:39.0499 5664  DcomLaunch - ok
20:58:39.0499 5664  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:58:39.0546 5664  defragsvc - ok
20:58:39.0562 5664  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:58:39.0593 5664  DfsC - ok
20:58:39.0593 5664  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:58:39.0624 5664  Dhcp - ok
20:58:39.0640 5664  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
20:58:39.0671 5664  discache - ok
20:58:39.0671 5664  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:58:39.0686 5664  Disk - ok
20:58:39.0702 5664  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:58:39.0718 5664  Dnscache - ok
20:58:39.0733 5664  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:58:39.0764 5664  dot3svc - ok
20:58:39.0780 5664  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
20:58:39.0811 5664  DPS - ok
20:58:39.0811 5664  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:58:39.0827 5664  drmkaud - ok
20:58:39.0842 5664  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:58:39.0889 5664  DXGKrnl - ok
20:58:39.0889 5664  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
20:58:39.0936 5664  EapHost - ok
20:58:39.0967 5664  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:58:40.0061 5664  ebdrv - ok
20:58:40.0061 5664  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
20:58:40.0092 5664  EFS - ok
20:58:40.0108 5664  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:58:40.0139 5664  ehRecvr - ok
20:58:40.0139 5664  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
20:58:40.0170 5664  ehSched - ok
20:58:40.0186 5664  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:58:40.0217 5664  elxstor - ok
20:58:40.0217 5664  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:58:40.0232 5664  ErrDev - ok
20:58:40.0248 5664  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
20:58:40.0279 5664  EventSystem - ok
20:58:40.0295 5664  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
20:58:40.0326 5664  exfat - ok
20:58:40.0342 5664  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:58:40.0373 5664  fastfat - ok
20:58:40.0388 5664  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
20:58:40.0420 5664  Fax - ok
20:58:40.0435 5664  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:58:40.0451 5664  fdc - ok
20:58:40.0451 5664  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
20:58:40.0482 5664  fdPHost - ok
20:58:40.0498 5664  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
20:58:40.0529 5664  FDResPub - ok
20:58:40.0529 5664  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:58:40.0560 5664  FileInfo - ok
20:58:40.0560 5664  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:58:40.0591 5664  Filetrace - ok
20:58:40.0591 5664  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:40.0622 5664  flpydisk - ok
20:58:40.0622 5664  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:58:40.0654 5664  FltMgr - ok
20:58:40.0669 5664  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
20:58:40.0700 5664  FontCache - ok
20:58:40.0716 5664  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:58:40.0732 5664  FontCache3.0.0.0 - ok
20:58:40.0732 5664  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:58:40.0747 5664  FsDepends - ok
20:58:40.0763 5664  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:58:40.0778 5664  Fs_Rec - ok
20:58:40.0778 5664  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:58:40.0810 5664  fvevol - ok
20:58:40.0810 5664  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:58:40.0825 5664  gagp30kx - ok
20:58:40.0841 5664  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:58:40.0888 5664  gpsvc - ok
20:58:40.0903 5664  [ C172F0D0329E46513B09E1FC60A27B9D ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
20:58:40.0919 5664  HBtnKey - ok
20:58:40.0919 5664  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:58:40.0934 5664  hcw85cir - ok
20:58:40.0950 5664  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:58:40.0981 5664  HdAudAddService - ok
20:58:40.0981 5664  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:58:40.0997 5664  HDAudBus - ok
20:58:41.0012 5664  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:58:41.0028 5664  HidBatt - ok
20:58:41.0028 5664  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:58:41.0059 5664  HidBth - ok
20:58:41.0059 5664  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:58:41.0075 5664  HidIr - ok
20:58:41.0090 5664  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
20:58:41.0122 5664  hidserv - ok
20:58:41.0122 5664  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:58:41.0153 5664  HidUsb - ok
20:58:41.0153 5664  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:58:41.0184 5664  hkmsvc - ok
20:58:41.0200 5664  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:41.0231 5664  HomeGroupListener - ok
20:58:41.0231 5664  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:41.0246 5664  HomeGroupProvider - ok
20:58:41.0262 5664  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:58:41.0278 5664  HpqKbFiltr - ok
20:58:41.0278 5664  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:58:41.0293 5664  hpqwmiex - ok
20:58:41.0309 5664  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:58:41.0324 5664  HpSAMD - ok
20:58:41.0340 5664  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:58:41.0371 5664  HTTP - ok
20:58:41.0371 5664  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:58:41.0387 5664  hwpolicy - ok
20:58:41.0387 5664  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:58:41.0418 5664  i8042prt - ok
20:58:41.0418 5664  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:58:41.0449 5664  iaStorV - ok
20:58:41.0465 5664  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:58:41.0527 5664  idsvc - ok
20:58:41.0527 5664  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:58:41.0558 5664  iirsp - ok
20:58:41.0574 5664  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:58:41.0621 5664  IKEEXT - ok
20:58:41.0621 5664  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:58:41.0652 5664  intelide - ok
20:58:41.0652 5664  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:58:41.0668 5664  intelppm - ok
20:58:41.0668 5664  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:58:41.0714 5664  IPBusEnum - ok
20:58:41.0714 5664  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:41.0746 5664  IpFilterDriver - ok
20:58:41.0761 5664  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:58:41.0777 5664  iphlpsvc - ok
20:58:41.0792 5664  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:58:41.0808 5664  IPMIDRV - ok
20:58:41.0824 5664  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:58:41.0855 5664  IPNAT - ok
20:58:41.0855 5664  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:58:41.0886 5664  IRENUM - ok
20:58:41.0886 5664  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:58:41.0902 5664  isapnp - ok
20:58:41.0917 5664  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:58:41.0948 5664  iScsiPrt - ok
20:58:41.0948 5664  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:58:41.0964 5664  kbdclass - ok
20:58:41.0980 5664  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:58:41.0995 5664  kbdhid - ok
20:58:41.0995 5664  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
20:58:42.0011 5664  KeyIso - ok
20:58:42.0011 5664  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:58:42.0042 5664  KSecDD - ok
20:58:42.0042 5664  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:58:42.0073 5664  KSecPkg - ok
20:58:42.0073 5664  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:58:42.0120 5664  KtmRm - ok
20:58:42.0136 5664  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:58:42.0182 5664  LanmanServer - ok
20:58:42.0182 5664  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:42.0229 5664  LanmanWorkstation - ok
20:58:42.0229 5664  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:58:42.0260 5664  lltdio - ok
20:58:42.0276 5664  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:58:42.0307 5664  lltdsvc - ok
20:58:42.0307 5664  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:58:42.0354 5664  lmhosts - ok
20:58:42.0354 5664  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:58:42.0385 5664  LSI_FC - ok
20:58:42.0385 5664  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:58:42.0401 5664  LSI_SAS - ok
20:58:42.0416 5664  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:58:42.0432 5664  LSI_SAS2 - ok
20:58:42.0432 5664  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:58:42.0463 5664  LSI_SCSI - ok
20:58:42.0463 5664  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
20:58:42.0494 5664  luafv - ok
20:58:42.0494 5664  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:58:42.0526 5664  Mcx2Svc - ok
20:58:42.0526 5664  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:58:42.0557 5664  megasas - ok
20:58:42.0557 5664  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:58:42.0588 5664  MegaSR - ok
20:58:42.0588 5664  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
20:58:42.0619 5664  MMCSS - ok
20:58:42.0635 5664  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
20:58:42.0666 5664  Modem - ok
20:58:42.0666 5664  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:58:42.0697 5664  monitor - ok
20:58:42.0697 5664  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:58:42.0713 5664  mouclass - ok
20:58:42.0728 5664  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:58:42.0744 5664  mouhid - ok
20:58:42.0744 5664  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:58:42.0760 5664  mountmgr - ok
20:58:42.0775 5664  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:58:42.0791 5664  MozillaMaintenance - ok
20:58:42.0791 5664  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:58:42.0822 5664  mpio - ok
20:58:42.0822 5664  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:58:42.0853 5664  mpsdrv - ok
20:58:42.0869 5664  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:58:42.0916 5664  MpsSvc - ok
20:58:42.0916 5664  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:58:42.0947 5664  MRxDAV - ok
20:58:42.0947 5664  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:42.0978 5664  mrxsmb - ok
20:58:42.0978 5664  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:43.0009 5664  mrxsmb10 - ok
20:58:43.0009 5664  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:43.0025 5664  mrxsmb20 - ok
20:58:43.0040 5664  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
20:58:43.0056 5664  msahci - ok
20:58:43.0056 5664  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:58:43.0087 5664  msdsm - ok
20:58:43.0087 5664  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
20:58:43.0118 5664  MSDTC - ok
20:58:43.0134 5664  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:58:43.0165 5664  Msfs - ok
20:58:43.0165 5664  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:58:43.0196 5664  mshidkmdf - ok
20:58:43.0196 5664  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:58:43.0212 5664  msisadrv - ok
20:58:43.0228 5664  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:58:43.0259 5664  MSiSCSI - ok
20:58:43.0274 5664  msiserver - ok
20:58:43.0274 5664  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:58:43.0306 5664  MSKSSRV - ok
20:58:43.0321 5664  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:43.0352 5664  MSPCLOCK - ok
20:58:43.0352 5664  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:58:43.0384 5664  MSPQM - ok
20:58:43.0384 5664  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:58:43.0415 5664  MsRPC - ok
20:58:43.0415 5664  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:58:43.0430 5664  mssmbios - ok
20:58:43.0446 5664  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:58:43.0477 5664  MSTEE - ok
20:58:43.0477 5664  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:58:43.0493 5664  MTConfig - ok
20:58:43.0493 5664  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:58:43.0524 5664  Mup - ok
20:58:43.0524 5664  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
20:58:43.0555 5664  napagent - ok
20:58:43.0571 5664  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:58:43.0602 5664  NativeWifiP - ok
20:58:43.0618 5664  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:58:43.0633 5664  NDIS - ok
20:58:43.0649 5664  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:43.0680 5664  NdisCap - ok
20:58:43.0680 5664  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:43.0711 5664  NdisTapi - ok
20:58:43.0727 5664  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:43.0758 5664  Ndisuio - ok
20:58:43.0758 5664  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:43.0805 5664  NdisWan - ok
20:58:43.0805 5664  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:58:43.0836 5664  NDProxy - ok
20:58:43.0836 5664  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:58:43.0883 5664  NetBIOS - ok
20:58:43.0883 5664  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:58:43.0914 5664  NetBT - ok
20:58:43.0914 5664  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
20:58:43.0930 5664  Netlogon - ok
20:58:43.0945 5664  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
20:58:43.0976 5664  Netman - ok
20:58:43.0976 5664  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
20:58:44.0023 5664  netprofm - ok
20:58:44.0023 5664  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:58:44.0039 5664  NetTcpPortSharing - ok
20:58:44.0101 5664  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
20:58:44.0210 5664  netw5v32 - ok
20:58:44.0226 5664  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:58:44.0242 5664  nfrd960 - ok
20:58:44.0242 5664  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:58:44.0273 5664  NlaSvc - ok
20:58:44.0288 5664  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:58:44.0320 5664  Npfs - ok
20:58:44.0320 5664  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
20:58:44.0351 5664  nsi - ok
20:58:44.0366 5664  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:58:44.0382 5664  nsiproxy - ok
20:58:44.0413 5664  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:58:44.0460 5664  Ntfs - ok
20:58:44.0476 5664  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
20:58:44.0507 5664  Null - ok
20:58:44.0678 5664  [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:58:44.0912 5664  nvlddmkm - ok
20:58:44.0928 5664  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:58:44.0944 5664  nvraid - ok
20:58:44.0959 5664  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:58:44.0975 5664  nvstor - ok
20:58:44.0990 5664  [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:58:45.0006 5664  nvsvc - ok
20:58:45.0006 5664  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:58:45.0037 5664  nv_agp - ok
20:58:45.0037 5664  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:58:45.0053 5664  ohci1394 - ok
20:58:45.0068 5664  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:58:45.0084 5664  p2pimsvc - ok
20:58:45.0100 5664  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:58:45.0115 5664  p2psvc - ok
20:58:45.0131 5664  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:58:45.0146 5664  Parport - ok
20:58:45.0146 5664  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:58:45.0178 5664  partmgr - ok
20:58:45.0178 5664  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:58:45.0193 5664  Parvdm - ok
20:58:45.0209 5664  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:58:45.0224 5664  PcaSvc - ok
20:58:45.0240 5664  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
20:58:45.0256 5664  pci - ok
20:58:45.0256 5664  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
20:58:45.0287 5664  pciide - ok
20:58:45.0287 5664  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:58:45.0318 5664  pcmcia - ok
20:58:45.0318 5664  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
20:58:45.0334 5664  pcw - ok
20:58:45.0349 5664  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:58:45.0396 5664  PEAUTH - ok
20:58:45.0412 5664  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:58:45.0443 5664  PeerDistSvc - ok
20:58:45.0490 5664  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
20:58:45.0552 5664  pla - ok
20:58:45.0568 5664  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:58:45.0599 5664  PlugPlay - ok
20:58:45.0599 5664  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:58:45.0630 5664  PNRPAutoReg - ok
20:58:45.0630 5664  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:58:45.0646 5664  PNRPsvc - ok
20:58:45.0661 5664  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:58:45.0708 5664  PolicyAgent - ok
20:58:45.0724 5664  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
20:58:45.0739 5664  Power - ok
20:58:45.0755 5664  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:58:45.0786 5664  PptpMiniport - ok
20:58:45.0786 5664  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:58:45.0817 5664  Processor - ok
20:58:45.0817 5664  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
20:58:45.0848 5664  ProfSvc - ok
20:58:45.0848 5664  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:45.0864 5664  ProtectedStorage - ok
20:58:45.0880 5664  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:58:45.0911 5664  Psched - ok
20:58:45.0926 5664  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:58:45.0973 5664  ql2300 - ok
20:58:45.0989 5664  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:58:46.0004 5664  ql40xx - ok
20:58:46.0004 5664  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
20:58:46.0036 5664  QWAVE - ok
20:58:46.0051 5664  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:58:46.0067 5664  QWAVEdrv - ok
20:58:46.0067 5664  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:58:46.0114 5664  RasAcd - ok
20:58:46.0114 5664  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:46.0145 5664  RasAgileVpn - ok
20:58:46.0145 5664  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
20:58:46.0192 5664  RasAuto - ok
20:58:46.0192 5664  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:46.0238 5664  Rasl2tp - ok
20:58:46.0238 5664  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
20:58:46.0285 5664  RasMan - ok
20:58:46.0285 5664  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:46.0332 5664  RasPppoe - ok
20:58:46.0332 5664  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:58:46.0363 5664  RasSstp - ok
20:58:46.0379 5664  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:58:46.0410 5664  rdbss - ok
20:58:46.0410 5664  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:58:46.0441 5664  rdpbus - ok
20:58:46.0441 5664  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:46.0472 5664  RDPCDD - ok
20:58:46.0472 5664  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:58:46.0504 5664  RDPDR - ok
20:58:46.0504 5664  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:58:46.0535 5664  RDPENCDD - ok
20:58:46.0535 5664  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:58:46.0566 5664  RDPREFMP - ok
20:58:46.0566 5664  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:58:46.0597 5664  RDPWD - ok
20:58:46.0597 5664  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:58:46.0628 5664  rdyboost - ok
20:58:46.0628 5664  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:58:46.0675 5664  RemoteAccess - ok
20:58:46.0675 5664  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:58:46.0722 5664  RemoteRegistry - ok
20:58:46.0722 5664  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:58:46.0753 5664  RFCOMM - ok
20:58:46.0753 5664  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
20:58:46.0769 5664  rismxdp - ok
20:58:46.0769 5664  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:58:46.0816 5664  RpcEptMapper - ok
20:58:46.0816 5664  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
20:58:46.0831 5664  RpcLocator - ok
20:58:46.0847 5664  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
20:58:46.0878 5664  RpcSs - ok
20:58:46.0878 5664  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:58:46.0909 5664  rspndr - ok
20:58:46.0925 5664  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:58:46.0940 5664  RTL8167 - ok
20:58:46.0940 5664  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:58:46.0972 5664  s3cap - ok
20:58:46.0972 5664  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
20:58:46.0987 5664  SamSs - ok
20:58:46.0987 5664  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:58:47.0003 5664  sbp2port - ok
20:58:47.0018 5664  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:58:47.0050 5664  SCardSvr - ok
20:58:47.0065 5664  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:58:47.0096 5664  scfilter - ok
20:58:47.0112 5664  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
20:58:47.0174 5664  Schedule - ok
20:58:47.0174 5664  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:58:47.0206 5664  SCPolicySvc - ok
20:58:47.0206 5664  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:58:47.0221 5664  sdbus - ok
20:58:47.0237 5664  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:58:47.0268 5664  SDRSVC - ok
20:58:47.0268 5664  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:58:47.0299 5664  secdrv - ok
20:58:47.0299 5664  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:58:47.0346 5664  seclogon - ok
20:58:47.0346 5664  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
20:58:47.0377 5664  SENS - ok
20:58:47.0377 5664  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:58:47.0408 5664  SensrSvc - ok
20:58:47.0408 5664  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:58:47.0424 5664  Serenum - ok
20:58:47.0440 5664  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:58:47.0455 5664  Serial - ok
20:58:47.0455 5664  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:58:47.0486 5664  sermouse - ok
20:58:47.0502 5664  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:58:47.0533 5664  SessionEnv - ok
20:58:47.0549 5664  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:58:47.0564 5664  sffdisk - ok
20:58:47.0564 5664  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:58:47.0580 5664  sffp_mmc - ok
20:58:47.0596 5664  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:58:47.0611 5664  sffp_sd - ok
20:58:47.0611 5664  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:58:47.0627 5664  sfloppy - ok
20:58:47.0642 5664  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:58:47.0689 5664  SharedAccess - ok
20:58:47.0689 5664  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:47.0736 5664  ShellHWDetection - ok
20:58:47.0752 5664  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:58:47.0767 5664  sisagp - ok
20:58:47.0767 5664  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:58:47.0798 5664  SiSRaid2 - ok
20:58:47.0798 5664  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:58:47.0814 5664  SiSRaid4 - ok
20:58:47.0814 5664  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:58:47.0861 5664  Smb - ok
20:58:47.0876 5664  [ 19301C27F3425DC39F6C599F527E507D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
20:58:47.0923 5664  smserial - ok
20:58:47.0939 5664  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:58:47.0954 5664  SNMPTRAP - ok
20:58:47.0954 5664  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:58:47.0970 5664  spldr - ok
20:58:47.0986 5664  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
20:58:48.0017 5664  Spooler - ok
20:58:48.0079 5664  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:58:48.0157 5664  sppsvc - ok
20:58:48.0157 5664  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:58:48.0188 5664  sppuinotify - ok
20:58:48.0204 5664  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:58:48.0235 5664  srv - ok
20:58:48.0235 5664  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:58:48.0266 5664  srv2 - ok
20:58:48.0282 5664  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:58:48.0298 5664  srvnet - ok
20:58:48.0298 5664  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:58:48.0344 5664  SSDPSRV - ok
20:58:48.0344 5664  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:58:48.0360 5664  ssmdrv - ok
20:58:48.0376 5664  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:58:48.0422 5664  SstpSvc - ok
20:58:48.0422 5664  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:58:48.0438 5664  stexstor - ok
20:58:48.0454 5664  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:58:48.0500 5664  StiSvc - ok
20:58:48.0500 5664  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:58:48.0516 5664  storflt - ok
20:58:48.0532 5664  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
20:58:48.0547 5664  StorSvc - ok
20:58:48.0547 5664  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:58:48.0563 5664  storvsc - ok
20:58:48.0578 5664  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:58:48.0594 5664  swenum - ok
20:58:48.0610 5664  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:58:48.0641 5664  swprv - ok
20:58:48.0656 5664  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
20:58:48.0688 5664  SysMain - ok
20:58:48.0703 5664  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:58:48.0734 5664  TabletInputService - ok
20:58:48.0734 5664  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:58:48.0781 5664  TapiSrv - ok
20:58:48.0781 5664  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:58:48.0812 5664  TBS - ok
20:58:48.0828 5664  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:58:48.0890 5664  Tcpip - ok
20:58:48.0906 5664  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:58:48.0937 5664  TCPIP6 - ok
20:58:48.0953 5664  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:58:48.0968 5664  tcpipreg - ok
20:58:48.0984 5664  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:58:49.0000 5664  TDPIPE - ok
20:58:49.0000 5664  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:58:49.0015 5664  TDTCP - ok
20:58:49.0031 5664  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:58:49.0062 5664  tdx - ok
20:58:49.0062 5664  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:58:49.0093 5664  TermDD - ok
20:58:49.0093 5664  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
20:58:49.0156 5664  TermService - ok
20:58:49.0156 5664  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:58:49.0187 5664  Themes - ok
20:58:49.0187 5664  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:58:49.0218 5664  THREADORDER - ok
20:58:49.0218 5664  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:58:49.0265 5664  TrkWks - ok
20:58:49.0265 5664  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:58:49.0296 5664  TrustedInstaller - ok
20:58:49.0312 5664  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:49.0343 5664  tssecsrv - ok
20:58:49.0343 5664  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:58:49.0358 5664  TsUsbFlt - ok
20:58:49.0374 5664  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:58:49.0405 5664  tunnel - ok
20:58:49.0405 5664  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:58:49.0436 5664  uagp35 - ok
20:58:49.0436 5664  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:58:49.0483 5664  udfs - ok
20:58:49.0483 5664  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:58:49.0514 5664  UI0Detect - ok
20:58:49.0514 5664  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:58:49.0546 5664  uliagpkx - ok
20:58:49.0546 5664  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
20:58:49.0561 5664  umbus - ok
20:58:49.0577 5664  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:58:49.0592 5664  UmPass - ok
20:58:49.0592 5664  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:58:49.0624 5664  UmRdpService - ok
20:58:49.0639 5664  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:58:49.0670 5664  upnphost - ok
20:58:49.0686 5664  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:58:49.0702 5664  usbccgp - ok
20:58:49.0702 5664  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:58:49.0733 5664  usbcir - ok
20:58:49.0733 5664  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:58:49.0748 5664  usbehci - ok
20:58:49.0764 5664  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:58:49.0795 5664  usbhub - ok
20:58:49.0795 5664  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:58:49.0811 5664  usbohci - ok
20:58:49.0826 5664  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:58:49.0842 5664  usbprint - ok
20:58:49.0842 5664  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:58:49.0858 5664  USBSTOR - ok
20:58:49.0873 5664  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:58:49.0889 5664  usbuhci - ok
20:58:49.0889 5664  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:58:49.0920 5664  usbvideo - ok
20:58:49.0920 5664  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:58:49.0951 5664  UxSms - ok
20:58:49.0967 5664  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
20:58:49.0982 5664  VaultSvc - ok
20:58:49.0982 5664  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:58:49.0998 5664  vdrvroot - ok
20:58:50.0014 5664  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
20:58:50.0076 5664  vds - ok
20:58:50.0076 5664  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:58:50.0092 5664  vga - ok
20:58:50.0107 5664  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:58:50.0138 5664  VgaSave - ok
20:58:50.0138 5664  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:58:50.0170 5664  vhdmp - ok
20:58:50.0170 5664  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:58:50.0201 5664  viaagp - ok
20:58:50.0201 5664  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:58:50.0216 5664  ViaC7 - ok
20:58:50.0232 5664  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
20:58:50.0248 5664  viaide - ok
20:58:50.0248 5664  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:58:50.0279 5664  vmbus - ok
20:58:50.0279 5664  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:58:50.0294 5664  VMBusHID - ok
20:58:50.0294 5664  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:58:50.0326 5664  volmgr - ok
20:58:50.0326 5664  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:58:50.0341 5664  volmgrx - ok
20:58:50.0357 5664  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:58:50.0388 5664  volsnap - ok
20:58:50.0388 5664  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:58:50.0419 5664  vsmraid - ok
20:58:50.0435 5664  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
20:58:50.0482 5664  VSS - ok
20:58:50.0497 5664  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:58:50.0513 5664  vwifibus - ok
20:58:50.0513 5664  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:58:50.0560 5664  W32Time - ok
20:58:50.0575 5664  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:58:50.0591 5664  WacomPen - ok
20:58:50.0591 5664  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:58:50.0638 5664  WANARP - ok
20:58:50.0638 5664  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:58:50.0669 5664  Wanarpv6 - ok
20:58:50.0684 5664  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
20:58:50.0731 5664  wbengine - ok
20:58:50.0747 5664  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:58:50.0778 5664  WbioSrvc - ok
20:58:50.0778 5664  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:58:50.0809 5664  wcncsvc - ok
20:58:50.0809 5664  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:58:50.0840 5664  WcsPlugInService - ok
20:58:50.0840 5664  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:58:50.0856 5664  Wd - ok
20:58:50.0872 5664  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:58:50.0903 5664  Wdf01000 - ok
20:58:50.0918 5664  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:58:50.0950 5664  WdiServiceHost - ok
20:58:50.0950 5664  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:58:50.0981 5664  WdiSystemHost - ok
20:58:50.0981 5664  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
20:58:51.0012 5664  WebClient - ok
20:58:51.0028 5664  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:58:51.0059 5664  Wecsvc - ok
20:58:51.0059 5664  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:58:51.0106 5664  wercplsupport - ok
20:58:51.0106 5664  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:58:51.0152 5664  WerSvc - ok
20:58:51.0152 5664  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:58:51.0184 5664  WfpLwf - ok
20:58:51.0184 5664  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:58:51.0199 5664  WIMMount - ok
20:58:51.0215 5664  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:58:51.0246 5664  WinDefend - ok
20:58:51.0262 5664  WinHttpAutoProxySvc - ok
20:58:51.0277 5664  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:58:51.0308 5664  Winmgmt - ok
20:58:51.0340 5664  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:58:51.0386 5664  WinRM - ok
20:58:51.0418 5664  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:58:51.0449 5664  Wlansvc - ok
20:58:51.0449 5664  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:58:51.0464 5664  WmiAcpi - ok
20:58:51.0480 5664  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:58:51.0496 5664  wmiApSrv - ok
20:58:51.0511 5664  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:58:51.0542 5664  WMPNetworkSvc - ok
20:58:51.0558 5664  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:58:51.0574 5664  WPCSvc - ok
20:58:51.0589 5664  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:58:51.0605 5664  WPDBusEnum - ok
20:58:51.0620 5664  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:58:51.0652 5664  ws2ifsl - ok
20:58:51.0652 5664  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:58:51.0683 5664  wscsvc - ok
20:58:51.0683 5664  WSearch - ok
20:58:51.0714 5664  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:58:51.0761 5664  wuauserv - ok
20:58:51.0776 5664  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:58:51.0792 5664  WudfPf - ok
20:58:51.0808 5664  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:58:51.0823 5664  WUDFRd - ok
20:58:51.0823 5664  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:58:51.0854 5664  wudfsvc - ok
20:58:51.0854 5664  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:58:51.0886 5664  WwanSvc - ok
20:58:51.0901 5664  ================ Scan global ===============================
20:58:51.0901 5664  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:58:51.0917 5664  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:58:51.0932 5664  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:58:51.0948 5664  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:58:51.0964 5664  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:58:51.0964 5664  [Global] - ok
20:58:51.0964 5664  ================ Scan MBR ==================================
20:58:51.0964 5664  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:58:52.0104 5664  \Device\Harddisk0\DR0 - ok
20:58:52.0104 5664  ================ Scan VBR ==================================
20:58:52.0104 5664  [ 672C82FFC3E383D8030F4F30483A10C7 ] \Device\Harddisk0\DR0\Partition1
20:58:52.0104 5664  \Device\Harddisk0\DR0\Partition1 - ok
20:58:52.0104 5664  [ AC5AB30E019751666E0B7E1E43201C45 ] \Device\Harddisk0\DR0\Partition2
20:58:52.0104 5664  \Device\Harddisk0\DR0\Partition2 - ok
20:58:52.0104 5664  ============================================================
20:58:52.0104 5664  Scan finished
20:58:52.0104 5664  ============================================================
20:58:52.0120 5656  Detected object count: 0
20:58:52.0120 5656  Actual detected object count: 0
         

Alt 03.01.2013, 17:59   #11
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 18:28   #12
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

anbei die Log Datei von ComboFix:

Code:
ATTFilter
ComboFix 13-01-03.05 - Andreas 03.01.2013  19:19:20.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1219 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\Public\sdelevURL.tmp
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 18:23 . 2013-01-03 18:24	--------	d-----w-	c:\users\Andreas\AppData\Local\temp
2013-01-03 18:23 . 2013-01-03 18:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-02 19:57 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{318EAB13-BEB6-4EF5-9B26-C20BC0E7487D}\mpengine.dll
2012-12-28 18:09 . 2012-12-28 18:09	--------	d-----w-	C:\_OTL
2012-12-28 16:40 . 2012-12-28 16:40	--------	d-----w-	c:\users\Andreas\AppData\Local\Programs
2012-12-24 12:10 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-24 12:10 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-23 15:25 . 2012-12-23 15:25	--------	d-----w-	c:\users\Andreas\AppData\Local\IsolatedStorage
2012-12-23 15:24 . 2012-12-23 15:25	--------	d-----w-	c:\users\Andreas\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-02-18 22:10	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-10 20:59 . 2012-05-15 06:50	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-10 20:59 . 2011-10-03 19:19	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 16:32	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 18:05	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 18:05	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-01 09:49 . 2012-11-01 09:48	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71062013
*Deregistered* - 71062013
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\246535: DhcpNameServer = 195.30.0.1 195.30.0.2
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\64259445A51224F6870275C414E40233237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\64C4: DhcpNameServer = 192.168.2.1
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.mediapromote.de/download/o2cplayerAC/o2cplayerac.cab
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\7la9zzwz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_ptnrs=%5EABT&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-WinSchafkopf XP - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03  19:25:29
ComboFix-quarantined-files.txt  2013-01-03 18:25
.
Vor Suchlauf: 7 Verzeichnis(se), 26.373.394.432 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 26.441.109.504 Bytes frei
.
- - End Of File - - 2382C6D9A662EA184F07E1F329434757
         

Alt 03.01.2013, 18:40   #13
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 19:44   #14
Andi_LA
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



Hallo Markus,

es wurden keine Funde entdeckt.

Hier die log Datei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Andreas :: AL [Administrator]

03.01.2013 20:02:39
mbam-log-2013-01-03 (20-02-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329250
Laufzeit: 18 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 03.01.2013, 19:46   #15
markusg
/// Malware-holic
 
Computer ist gesperrt - GVU - Standard

Computer ist gesperrt - GVU



sehr gut.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Computer ist gesperrt - GVU
andere, community, compu, computer, entferne, gesperrt, gvu-trojaner, liebe, problem, schei, schädling



Ähnliche Themen: Computer ist gesperrt - GVU


  1. ihr computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  2. Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (18)
  3. computer gesperrt von GVU
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (2)
  4. GVU - Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (14)
  5. Ihr Computer ist gesperrt - OTLPE Log - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (11)
  6. GVU Computer gesperrt Trojaner
    Log-Analyse und Auswertung - 19.02.2013 (10)
  7. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  8. Ihr Computer ist gesperrt GVU
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (17)
  9. Ihr Computer ist gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (1)
  10. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  11. BKA Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (8)
  12. GVU Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (21)
  13. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (6)
  14. GVU Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (17)
  15. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2012 (1)
  16. Pop-up Computer sei gesperrt vom Bundeskriminalamt
    Log-Analyse und Auswertung - 26.07.2012 (15)
  17. Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 08.02.2012 (9)

Zum Thema Computer ist gesperrt - GVU - Hallo liebe Community, wie scheinbar viele andere, habe auch ich das Problem GVU-Trojaner am Hals. Vielleicht kann mir jemand helfen, diesen Schädling zu entfernen. Vielen Dank! Nachtrag: Was ich noch - Computer ist gesperrt - GVU...
Archiv
Du betrachtest: Computer ist gesperrt - GVU auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.