Virus / unzählige Fenster öffnen sich

markusg · 11.01.2013, 17:22

na laut deinem log liegt windows auf c: also musst du das laufwerk wiederherstellen.

herbcyy · 13.01.2013, 12:15

OKey, habs probiert aber jzt fehlt wieder die bootmgr :/ werde nochmal alles neu machen. Aber ist es überhaupt sicher dass der Virus auf jeden fall weg war ?

markusg · 13.01.2013, 17:06

Ja laut tdss killer ist nichts zu sehen.
erstelle das Image immer mit dem Masterboot sektor, gibts als Option anzuhaken.
du kannst ja noch mal mit fixmbr und fixboot vor der Instalation arbeiten.

herbcyy · 14.01.2013, 16:43

mh des is komisch. Habe wieder alles neu gemacht festplatte formatiert usw. aber der Virus is wieder da :/

markusg · 14.01.2013, 16:49

sind deine instalationsdateien aus legalen quellen? nutzt du streamingseiten? file hoster etc?
hast du ne externe platte oder sticks angeschlossen? war autorun deaktiviert?
trat das Problem direkt nach neu install auf?

herbcyy · 14.01.2013, 16:55

Nein benutze nur legale Sachen. Nur die externe Festplatte auf der paragon war. Nein tritt erst jzt wieder auf so 2 tage später. Hier tdds killer:

Zitat:

16:52:31.0620 4076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:52:31.0680 4076 ============================================================
16:52:31.0680 4076 Current date / time: 2013/01/14 16:52:31.0680
16:52:31.0680 4076 SystemInfo:
16:52:31.0680 4076
16:52:31.0680 4076 OS Version: 6.1.7601 ServicePack: 1.0
16:52:31.0680 4076 Product type: Workstation
16:52:31.0680 4076 ComputerName: JONAS-PC
16:52:31.0680 4076 UserName: Jonas
16:52:31.0680 4076 Windows directory: C:\Windows
16:52:31.0680 4076 System windows directory: C:\Windows
16:52:31.0680 4076 Running under WOW64
16:52:31.0680 4076 Processor architecture: Intel x64
16:52:31.0680 4076 Number of processors: 6
16:52:31.0680 4076 Page size: 0x1000
16:52:31.0680 4076 Boot type: Normal boot
16:52:31.0680 4076 ============================================================
16:52:31.0891 4076 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:39.0219 4076 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:39.0229 4076 ============================================================
16:52:39.0229 4076 \Device\Harddisk0\DR0:
16:52:39.0229 4076 MBR partitions:
16:52:39.0229 4076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D000
16:52:39.0229 4076 \Device\Harddisk1\DR1:
16:52:39.0230 4076 MBR partitions:
16:52:39.0230 4076 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:52:39.0230 4076 ============================================================
16:52:39.0230 4076 C: <-> \Device\Harddisk0\DR0\Partition1
16:52:39.0524 4076 D: <-> \Device\Harddisk1\DR1\Partition1
16:52:39.0524 4076 ============================================================
16:52:39.0524 4076 Initialize success
16:52:39.0525 4076 ============================================================
16:52:45.0720 4792 ============================================================
16:52:45.0720 4792 Scan started
16:52:45.0720 4792 Mode: Manual; SigCheck; TDLFS;
16:52:45.0720 4792 ============================================================
16:52:45.0782 4792 ================ Scan system memory ========================
16:52:45.0782 4792 System memory - ok
16:52:45.0783 4792 ================ Scan services =============================
16:52:45.0809 4792 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:52:45.0858 4792 1394ohci - ok
16:52:45.0863 4792 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:52:45.0877 4792 ACPI - ok
16:52:45.0881 4792 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:52:45.0893 4792 AcpiPmi - ok
16:52:45.0907 4792 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:45.0918 4792 AdobeFlashPlayerUpdateSvc - ok
16:52:45.0925 4792 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:45.0940 4792 adp94xx - ok
16:52:45.0946 4792 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:52:45.0959 4792 adpahci - ok
16:52:45.0964 4792 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:52:45.0975 4792 adpu320 - ok
16:52:45.0982 4792 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:52:46.0010 4792 AeLookupSvc - ok
16:52:46.0017 4792 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:52:46.0033 4792 AFD - ok
16:52:46.0038 4792 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:52:46.0049 4792 agp440 - ok
16:52:46.0053 4792 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:52:46.0065 4792 ALG - ok
16:52:46.0069 4792 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:52:46.0078 4792 aliide - ok
16:52:46.0084 4792 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:52:46.0100 4792 AMD External Events Utility - ok
16:52:46.0104 4792 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:52:46.0114 4792 amdide - ok
16:52:46.0118 4792 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:52:46.0129 4792 AmdK8 - ok
16:52:46.0196 4792 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:46.0297 4792 amdkmdag - ok
16:52:46.0305 4792 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:52:46.0320 4792 amdkmdap - ok
16:52:46.0324 4792 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:52:46.0335 4792 AmdPPM - ok
16:52:46.0339 4792 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:52:46.0349 4792 amdsata - ok
16:52:46.0354 4792 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:46.0365 4792 amdsbs - ok
16:52:46.0369 4792 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:52:46.0378 4792 amdxata - ok
16:52:46.0382 4792 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:52:46.0407 4792 AppID - ok
16:52:46.0411 4792 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:52:46.0437 4792 AppIDSvc - ok
16:52:46.0441 4792 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:52:46.0466 4792 Appinfo - ok
16:52:46.0470 4792 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:52:46.0480 4792 arc - ok
16:52:46.0484 4792 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:52:46.0494 4792 arcsas - ok
16:52:46.0498 4792 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:52:46.0510 4792 aswFsBlk - ok
16:52:46.0514 4792 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:52:46.0523 4792 aswMonFlt - ok
16:52:46.0527 4792 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:52:46.0535 4792 aswRdr - ok
16:52:46.0546 4792 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:52:46.0567 4792 aswSnx - ok
16:52:46.0573 4792 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:52:46.0586 4792 aswSP - ok
16:52:46.0590 4792 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:52:46.0599 4792 aswTdi - ok
16:52:46.0603 4792 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:46.0631 4792 AsyncMac - ok
16:52:46.0634 4792 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:52:46.0644 4792 atapi - ok
16:52:46.0650 4792 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:52:46.0660 4792 AtiHDAudioService - ok
16:52:46.0668 4792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:52:46.0699 4792 AudioEndpointBuilder - ok
16:52:46.0706 4792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:52:46.0735 4792 AudioSrv - ok
16:52:46.0739 4792 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:52:46.0747 4792 avast! Antivirus - ok
16:52:46.0751 4792 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:52:46.0766 4792 AxInstSV - ok
16:52:46.0773 4792 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:52:46.0787 4792 b06bdrv - ok
16:52:46.0793 4792 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:52:46.0806 4792 b57nd60a - ok
16:52:46.0812 4792 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:52:46.0823 4792 BDESVC - ok
16:52:46.0827 4792 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:52:46.0852 4792 Beep - ok
16:52:46.0860 4792 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:52:46.0892 4792 BFE - ok
16:52:46.0894 4792 BioNTDrv - ok
16:52:46.0907 4792 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:52:46.0948 4792 BITS - ok
16:52:46.0952 4792 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:46.0964 4792 blbdrive - ok
16:52:46.0969 4792 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:52:46.0981 4792 bowser - ok
16:52:46.0985 4792 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:52:46.0999 4792 BrFiltLo - ok
16:52:47.0003 4792 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:52:47.0017 4792 BrFiltUp - ok
16:52:47.0022 4792 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:52:47.0035 4792 Browser - ok
16:52:47.0040 4792 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:52:47.0054 4792 Brserid - ok
16:52:47.0059 4792 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:47.0073 4792 BrSerWdm - ok
16:52:47.0079 4792 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:47.0092 4792 BrUsbMdm - ok
16:52:47.0096 4792 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:47.0112 4792 BrUsbSer - ok
16:52:47.0116 4792 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:52:47.0131 4792 BTHMODEM - ok
16:52:47.0137 4792 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:52:47.0164 4792 bthserv - ok
16:52:47.0168 4792 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:52:47.0202 4792 cdfs - ok
16:52:47.0207 4792 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:52:47.0220 4792 cdrom - ok
16:52:47.0223 4792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:52:47.0253 4792 CertPropSvc - ok
16:52:47.0257 4792 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:52:47.0269 4792 circlass - ok
16:52:47.0275 4792 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:52:47.0288 4792 CLFS - ok
16:52:47.0294 4792 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:47.0303 4792 clr_optimization_v2.0.50727_32 - ok
16:52:47.0308 4792 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:52:47.0318 4792 clr_optimization_v2.0.50727_64 - ok
16:52:47.0324 4792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:52:47.0334 4792 clr_optimization_v4.0.30319_32 - ok
16:52:47.0340 4792 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:52:47.0350 4792 clr_optimization_v4.0.30319_64 - ok
16:52:47.0354 4792 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:52:47.0364 4792 CmBatt - ok
16:52:47.0368 4792 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:52:47.0377 4792 cmdide - ok
16:52:47.0384 4792 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:52:47.0404 4792 CNG - ok
16:52:47.0408 4792 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:52:47.0417 4792 Compbatt - ok
16:52:47.0421 4792 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:52:47.0433 4792 CompositeBus - ok
16:52:47.0437 4792 COMSysApp - ok
16:52:47.0442 4792 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:52:47.0451 4792 crcdisk - ok
16:52:47.0457 4792 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:52:47.0469 4792 CryptSvc - ok
16:52:47.0478 4792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:52:47.0510 4792 DcomLaunch - ok
16:52:47.0515 4792 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:52:47.0545 4792 defragsvc - ok
16:52:47.0549 4792 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:52:47.0575 4792 DfsC - ok
16:52:47.0581 4792 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:52:47.0594 4792 Dhcp - ok
16:52:47.0598 4792 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:52:47.0624 4792 discache - ok
16:52:47.0628 4792 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:52:47.0638 4792 Disk - ok
16:52:47.0643 4792 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:52:47.0654 4792 Dnscache - ok
16:52:47.0660 4792 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:52:47.0687 4792 dot3svc - ok
16:52:47.0692 4792 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:52:47.0719 4792 DPS - ok
16:52:47.0722 4792 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:52:47.0734 4792 drmkaud - ok
16:52:47.0745 4792 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:52:47.0766 4792 DXGKrnl - ok
16:52:47.0770 4792 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:52:47.0797 4792 EapHost - ok
16:52:47.0825 4792 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:52:47.0867 4792 ebdrv - ok
16:52:47.0872 4792 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:52:47.0884 4792 EFS - ok
16:52:47.0893 4792 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:52:47.0910 4792 ehRecvr - ok
16:52:47.0914 4792 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:52:47.0926 4792 ehSched - ok
16:52:47.0933 4792 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:52:47.0949 4792 elxstor - ok
16:52:47.0952 4792 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:52:47.0963 4792 ErrDev - ok
16:52:47.0973 4792 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:52:48.0004 4792 EventSystem - ok
16:52:48.0010 4792 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:52:48.0038 4792 exfat - ok
16:52:48.0043 4792 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:52:48.0070 4792 fastfat - ok
16:52:48.0079 4792 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:52:48.0096 4792 Fax - ok
16:52:48.0100 4792 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:52:48.0111 4792 fdc - ok
16:52:48.0115 4792 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:52:48.0140 4792 fdPHost - ok
16:52:48.0144 4792 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:52:48.0170 4792 FDResPub - ok
16:52:48.0174 4792 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:52:48.0184 4792 FileInfo - ok
16:52:48.0188 4792 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:52:48.0213 4792 Filetrace - ok
16:52:48.0217 4792 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:52:48.0227 4792 flpydisk - ok
16:52:48.0233 4792 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:52:48.0246 4792 FltMgr - ok
16:52:48.0257 4792 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
16:52:48.0295 4792 FontCache - ok
16:52:48.0299 4792 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:52:48.0307 4792 FontCache3.0.0.0 - ok
16:52:48.0311 4792 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:52:48.0321 4792 FsDepends - ok
16:52:48.0325 4792 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:52:48.0335 4792 Fs_Rec - ok
16:52:48.0340 4792 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:52:48.0354 4792 fvevol - ok
16:52:48.0359 4792 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:52:48.0369 4792 gagp30kx - ok
16:52:48.0371 4792 gdrv - ok
16:52:48.0382 4792 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:52:48.0415 4792 gpsvc - ok
16:52:48.0419 4792 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:52:48.0429 4792 hcw85cir - ok
16:52:48.0435 4792 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:52:48.0451 4792 HdAudAddService - ok
16:52:48.0455 4792 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:52:48.0468 4792 HDAudBus - ok
16:52:48.0473 4792 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:52:48.0484 4792 HidBatt - ok
16:52:48.0488 4792 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:52:48.0501 4792 HidBth - ok
16:52:48.0504 4792 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:52:48.0516 4792 HidIr - ok
16:52:48.0520 4792 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:52:48.0547 4792 hidserv - ok
16:52:48.0550 4792 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:52:48.0560 4792 HidUsb - ok
16:52:48.0564 4792 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:52:48.0591 4792 hkmsvc - ok
16:52:48.0596 4792 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:52:48.0609 4792 HomeGroupListener - ok
16:52:48.0614 4792 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:52:48.0627 4792 HomeGroupProvider - ok
16:52:48.0631 4792 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:52:48.0641 4792 HpSAMD - ok
16:52:48.0650 4792 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:52:48.0681 4792 HTTP - ok
16:52:48.0685 4792 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:52:48.0694 4792 hwpolicy - ok
16:52:48.0698 4792 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:52:48.0709 4792 i8042prt - ok
16:52:48.0716 4792 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:52:48.0730 4792 iaStorV - ok
16:52:48.0740 4792 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:52:48.0758 4792 idsvc - ok
16:52:48.0762 4792 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:52:48.0772 4792 iirsp - ok
16:52:48.0782 4792 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:52:48.0816 4792 IKEEXT - ok
16:52:48.0821 4792 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:52:48.0831 4792 intelide - ok
16:52:48.0834 4792 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:52:48.0846 4792 intelppm - ok
16:52:48.0850 4792 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:52:48.0877 4792 IPBusEnum - ok
16:52:48.0881 4792 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:48.0906 4792 IpFilterDriver - ok
16:52:48.0913 4792 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:52:48.0930 4792 iphlpsvc - ok
16:52:48.0934 4792 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:52:48.0945 4792 IPMIDRV - ok
16:52:48.0950 4792 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:52:48.0977 4792 IPNAT - ok
16:52:48.0981 4792 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:52:48.0994 4792 IRENUM - ok
16:52:48.0997 4792 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:52:49.0007 4792 isapnp - ok
16:52:49.0013 4792 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:52:49.0025 4792 iScsiPrt - ok
16:52:49.0029 4792 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:52:49.0039 4792 kbdclass - ok
16:52:49.0043 4792 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:52:49.0054 4792 kbdhid - ok
16:52:49.0057 4792 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:52:49.0068 4792 KeyIso - ok
16:52:49.0072 4792 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:52:49.0082 4792 KSecDD - ok
16:52:49.0087 4792 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:52:49.0098 4792 KSecPkg - ok
16:52:49.0101 4792 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:52:49.0128 4792 ksthunk - ok
16:52:49.0134 4792 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:52:49.0165 4792 KtmRm - ok
16:52:49.0170 4792 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:52:49.0199 4792 LanmanServer - ok
16:52:49.0203 4792 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:52:49.0232 4792 LanmanWorkstation - ok
16:52:49.0237 4792 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:52:49.0263 4792 lltdio - ok
16:52:49.0269 4792 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:52:49.0298 4792 lltdsvc - ok
16:52:49.0302 4792 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:52:49.0329 4792 lmhosts - ok
16:52:49.0335 4792 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:52:49.0345 4792 LSI_FC - ok
16:52:49.0349 4792 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:52:49.0359 4792 LSI_SAS - ok
16:52:49.0363 4792 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:52:49.0372 4792 LSI_SAS2 - ok
16:52:49.0377 4792 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:52:49.0387 4792 LSI_SCSI - ok
16:52:49.0391 4792 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:52:49.0418 4792 luafv - ok
16:52:49.0422 4792 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:52:49.0435 4792 Mcx2Svc - ok
16:52:49.0438 4792 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:52:49.0448 4792 megasas - ok
16:52:49.0453 4792 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:52:49.0465 4792 MegaSR - ok
16:52:49.0469 4792 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:52:49.0497 4792 MMCSS - ok
16:52:49.0500 4792 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:52:49.0527 4792 Modem - ok
16:52:49.0530 4792 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:52:49.0543 4792 monitor - ok
16:52:49.0547 4792 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:52:49.0557 4792 mouclass - ok
16:52:49.0560 4792 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:52:49.0570 4792 mouhid - ok
16:52:49.0574 4792 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:52:49.0584 4792 mountmgr - ok
16:52:49.0589 4792 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:52:49.0600 4792 mpio - ok
16:52:49.0604 4792 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:52:49.0630 4792 mpsdrv - ok
16:52:49.0640 4792 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:52:49.0674 4792 MpsSvc - ok
16:52:49.0679 4792 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:52:49.0694 4792 MRxDAV - ok
16:52:49.0699 4792 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:49.0710 4792 mrxsmb - ok
16:52:49.0716 4792 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:49.0729 4792 mrxsmb10 - ok
16:52:49.0733 4792 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:49.0745 4792 mrxsmb20 - ok
16:52:49.0749 4792 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:52:49.0758 4792 msahci - ok
16:52:49.0762 4792 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:52:49.0773 4792 msdsm - ok
16:52:49.0778 4792 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:52:49.0790 4792 MSDTC - ok
16:52:49.0798 4792 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:52:49.0823 4792 Msfs - ok
16:52:49.0827 4792 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:52:49.0852 4792 mshidkmdf - ok
16:52:49.0856 4792 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:52:49.0865 4792 msisadrv - ok
16:52:49.0870 4792 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:52:49.0898 4792 MSiSCSI - ok
16:52:49.0902 4792 msiserver - ok
16:52:49.0906 4792 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:52:49.0931 4792 MSKSSRV - ok
16:52:49.0935 4792 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:49.0960 4792 MSPCLOCK - ok
16:52:49.0964 4792 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:52:49.0989 4792 MSPQM - ok
16:52:49.0995 4792 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:52:50.0009 4792 MsRPC - ok
16:52:50.0015 4792 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:52:50.0025 4792 mssmbios - ok
16:52:50.0028 4792 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:52:50.0054 4792 MSTEE - ok
16:52:50.0058 4792 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:52:50.0068 4792 MTConfig - ok
16:52:50.0072 4792 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:52:50.0082 4792 Mup - ok
16:52:50.0089 4792 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:52:50.0119 4792 napagent - ok
16:52:50.0125 4792 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:52:50.0141 4792 NativeWifiP - ok
16:52:50.0153 4792 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:52:50.0174 4792 NDIS - ok
16:52:50.0178 4792 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:50.0204 4792 NdisCap - ok
16:52:50.0207 4792 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:50.0233 4792 NdisTapi - ok
16:52:50.0237 4792 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:50.0263 4792 Ndisuio - ok
16:52:50.0268 4792 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:50.0295 4792 NdisWan - ok
16:52:50.0299 4792 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:52:50.0324 4792 NDProxy - ok
16:52:50.0328 4792 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:52:50.0355 4792 NetBIOS - ok
16:52:50.0360 4792 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:52:50.0387 4792 NetBT - ok
16:52:50.0390 4792 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:52:50.0401 4792 Netlogon - ok
16:52:50.0415 4792 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:52:50.0446 4792 Netman - ok
16:52:50.0453 4792 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:52:50.0485 4792 netprofm - ok
16:52:50.0489 4792 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:50.0498 4792 NetTcpPortSharing - ok
16:52:50.0502 4792 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:52:50.0512 4792 nfrd960 - ok
16:52:50.0518 4792 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:52:50.0531 4792 NlaSvc - ok
16:52:50.0535 4792 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:52:50.0561 4792 Npfs - ok
16:52:50.0565 4792 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:52:50.0592 4792 nsi - ok
16:52:50.0595 4792 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:52:50.0620 4792 nsiproxy - ok
16:52:50.0637 4792 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:52:50.0667 4792 Ntfs - ok
16:52:50.0671 4792 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:52:50.0698 4792 Null - ok
16:52:50.0702 4792 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:52:50.0713 4792 nvraid - ok
16:52:50.0718 4792 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:52:50.0729 4792 nvstor - ok
16:52:50.0733 4792 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:52:50.0744 4792 nv_agp - ok
16:52:50.0749 4792 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:52:50.0759 4792 ohci1394 - ok
16:52:50.0765 4792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:52:50.0780 4792 p2pimsvc - ok
16:52:50.0787 4792 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:52:50.0802 4792 p2psvc - ok
16:52:50.0806 4792 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:52:50.0818 4792 Parport - ok
16:52:50.0822 4792 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:52:50.0833 4792 partmgr - ok
16:52:50.0837 4792 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:52:50.0854 4792 PcaSvc - ok
16:52:50.0858 4792 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:52:50.0869 4792 pci - ok
16:52:50.0873 4792 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:52:50.0883 4792 pciide - ok
16:52:50.0888 4792 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:52:50.0900 4792 pcmcia - ok
16:52:50.0903 4792 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:52:50.0913 4792 pcw - ok
16:52:50.0921 4792 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:52:50.0954 4792 PEAUTH - ok
16:52:50.0967 4792 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:52:50.0979 4792 PerfHost - ok
16:52:50.0999 4792 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:52:51.0039 4792 pla - ok
16:52:51.0046 4792 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:52:51.0061 4792 PlugPlay - ok
16:52:51.0065 4792 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:52:51.0076 4792 PNRPAutoReg - ok
16:52:51.0082 4792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:52:51.0095 4792 PNRPsvc - ok
16:52:51.0102 4792 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:52:51.0132 4792 PolicyAgent - ok
16:52:51.0139 4792 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:52:51.0168 4792 Power - ok
16:52:51.0173 4792 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:52:51.0199 4792 PptpMiniport - ok
16:52:51.0203 4792 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:52:51.0214 4792 Processor - ok
16:52:51.0219 4792 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:52:51.0232 4792 ProfSvc - ok
16:52:51.0235 4792 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:52:51.0246 4792 ProtectedStorage - ok
16:52:51.0250 4792 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:52:51.0276 4792 Psched - ok
16:52:51.0280 4792 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
16:52:51.0288 4792 PSI - ok
16:52:51.0303 4792 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:52:51.0331 4792 ql2300 - ok
16:52:51.0336 4792 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:52:51.0347 4792 ql40xx - ok
16:52:51.0352 4792 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:52:51.0370 4792 QWAVE - ok
16:52:51.0373 4792 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:52:51.0387 4792 QWAVEdrv - ok
16:52:51.0391 4792 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:52:51.0416 4792 RasAcd - ok
16:52:51.0420 4792 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:51.0446 4792 RasAgileVpn - ok
16:52:51.0451 4792 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:52:51.0479 4792 RasAuto - ok
16:52:51.0483 4792 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:51.0509 4792 Rasl2tp - ok
16:52:51.0515 4792 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:52:51.0545 4792 RasMan - ok
16:52:51.0549 4792 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:51.0576 4792 RasPppoe - ok
16:52:51.0580 4792 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:52:51.0607 4792 RasSstp - ok
16:52:51.0612 4792 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:52:51.0640 4792 rdbss - ok
16:52:51.0644 4792 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:51.0656 4792 rdpbus - ok
16:52:51.0659 4792 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:51.0684 4792 RDPCDD - ok
16:52:51.0689 4792 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:52:51.0715 4792 RDPENCDD - ok
16:52:51.0721 4792 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:52:51.0746 4792 RDPREFMP - ok
16:52:51.0751 4792 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:52:51.0764 4792 RDPWD - ok
16:52:51.0768 4792 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:52:51.0781 4792 rdyboost - ok
16:52:51.0785 4792 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:52:51.0813 4792 RemoteAccess - ok
16:52:51.0817 4792 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:52:51.0846 4792 RemoteRegistry - ok
16:52:51.0850 4792 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:52:51.0877 4792 RpcEptMapper - ok
16:52:51.0881 4792 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:52:51.0893 4792 RpcLocator - ok
16:52:51.0899 4792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:52:51.0928 4792 RpcSs - ok
16:52:51.0932 4792 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:52:51.0959 4792 rspndr - ok
16:52:51.0964 4792 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:52:51.0975 4792 RTL8167 - ok
16:52:51.0979 4792 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:52:51.0989 4792 SamSs - ok
16:52:51.0991 4792 SbieDrv - ok
16:52:51.0995 4792 SbieSvc - ok
16:52:52.0000 4792 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:52:52.0011 4792 sbp2port - ok
16:52:52.0015 4792 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:52:52.0044 4792 SCardSvr - ok
16:52:52.0048 4792 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:52:52.0073 4792 scfilter - ok
16:52:52.0084 4792 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:52:52.0121 4792 Schedule - ok
16:52:52.0125 4792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:52:52.0150 4792 SCPolicySvc - ok
16:52:52.0154 4792 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:52:52.0167 4792 SDRSVC - ok
16:52:52.0171 4792 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:52:52.0197 4792 secdrv - ok
16:52:52.0200 4792 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:52:52.0227 4792 seclogon - ok
16:52:52.0240 4792 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
16:52:52.0265 4792 Secunia PSI Agent - ok
16:52:52.0273 4792 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
16:52:52.0289 4792 Secunia Update Agent - ok
16:52:52.0293 4792 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:52:52.0321 4792 SENS - ok
16:52:52.0324 4792 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:52:52.0336 4792 SensrSvc - ok
16:52:52.0339 4792 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:52:52.0350 4792 Serenum - ok
16:52:52.0354 4792 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:52:52.0365 4792 Serial - ok
16:52:52.0368 4792 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:52:52.0379 4792 sermouse - ok
16:52:52.0389 4792 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:52:52.0416 4792 SessionEnv - ok
16:52:52.0420 4792 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:52:52.0433 4792 sffdisk - ok
16:52:52.0436 4792 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:52:52.0450 4792 sffp_mmc - ok
16:52:52.0453 4792 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:52:52.0466 4792 sffp_sd - ok
16:52:52.0470 4792 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:52:52.0483 4792 sfloppy - ok
16:52:52.0490 4792 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:52:52.0522 4792 SharedAccess - ok
16:52:52.0528 4792 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:52:52.0559 4792 ShellHWDetection - ok
16:52:52.0563 4792 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:52:52.0572 4792 SiSRaid2 - ok
16:52:52.0576 4792 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:52:52.0586 4792 SiSRaid4 - ok
16:52:52.0590 4792 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:52:52.0617 4792 Smb - ok
16:52:52.0635 4792 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:52:52.0649 4792 SNMPTRAP - ok
16:52:52.0653 4792 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:52:52.0662 4792 spldr - ok
16:52:52.0669 4792 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:52:52.0687 4792 Spooler - ok
16:52:52.0716 4792 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:52:52.0779 4792 sppsvc - ok
16:52:52.0785 4792 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:52:52.0814 4792 sppuinotify - ok
16:52:52.0821 4792 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:52:52.0836 4792 srv - ok
16:52:52.0843 4792 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:52:52.0857 4792 srv2 - ok
16:52:52.0863 4792 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:52:52.0875 4792 srvnet - ok
16:52:52.0880 4792 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:52:52.0910 4792 SSDPSRV - ok
16:52:52.0914 4792 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:52:52.0944 4792 SstpSvc - ok
16:52:52.0948 4792 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:52:52.0958 4792 stexstor - ok
16:52:52.0966 4792 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:52:52.0987 4792 stisvc - ok
16:52:52.0991 4792 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:52:53.0000 4792 swenum - ok
16:52:53.0006 4792 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:52:53.0039 4792 swprv - ok
16:52:53.0056 4792 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:52:53.0088 4792 SysMain - ok
16:52:53.0093 4792 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:52:53.0109 4792 TabletInputService - ok
16:52:53.0114 4792 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:52:53.0143 4792 TapiSrv - ok
16:52:53.0147 4792 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:52:53.0175 4792 TBS - ok
16:52:53.0192 4792 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:52:53.0226 4792 Tcpip - ok
16:52:53.0244 4792 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:52:53.0271 4792 TCPIP6 - ok
16:52:53.0277 4792 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:52:53.0289 4792 tcpipreg - ok
16:52:53.0295 4792 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:52:53.0306 4792 TDPIPE - ok
16:52:53.0310 4792 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:52:53.0320 4792 TDTCP - ok
16:52:53.0325 4792 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:52:53.0352 4792 tdx - ok
16:52:53.0357 4792 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:52:53.0368 4792 TermDD - ok
16:52:53.0376 4792 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:52:53.0409 4792 TermService - ok
16:52:53.0413 4792 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:52:53.0428 4792 Themes - ok
16:52:53.0431 4792 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:52:53.0457 4792 THREADORDER - ok
16:52:53.0461 4792 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:52:53.0490 4792 TrkWks - ok
16:52:53.0494 4792 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:52:53.0520 4792 TrustedInstaller - ok
16:52:53.0526 4792 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:53.0551 4792 tssecsrv - ok
16:52:53.0555 4792 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:52:53.0565 4792 TsUsbFlt - ok
16:52:53.0569 4792 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:52:53.0595 4792 tunnel - ok
16:52:53.0598 4792 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:52:53.0609 4792 uagp35 - ok
16:52:53.0614 4792 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:52:53.0642 4792 udfs - ok
16:52:53.0649 4792 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:52:53.0662 4792 UI0Detect - ok
16:52:53.0665 4792 [ 34859D3801F4BD3DACFA131DD928455A ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
16:52:53.0675 4792 UimBus - ok
16:52:53.0683 4792 [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
16:52:53.0698 4792 Uim_IM - ok
16:52:53.0704 4792 [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
16:52:53.0717 4792 Uim_VIM - ok
16:52:53.0720 4792 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:52:53.0730 4792 uliagpkx - ok
16:52:53.0734 4792 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:52:53.0745 4792 umbus - ok
16:52:53.0748 4792 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:52:53.0758 4792 UmPass - ok
16:52:53.0764 4792 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:52:53.0795 4792 upnphost - ok
16:52:53.0799 4792 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:52:53.0811 4792 usbaudio - ok
16:52:53.0815 4792 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:53.0824 4792 usbccgp - ok
16:52:53.0828 4792 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:52:53.0841 4792 usbcir - ok
16:52:53.0844 4792 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:52:53.0855 4792 usbehci - ok
16:52:53.0860 4792 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:52:53.0874 4792 usbhub - ok
16:52:53.0877 4792 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:52:53.0888 4792 usbohci - ok
16:52:53.0891 4792 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:52:53.0903 4792 usbprint - ok
16:52:53.0906 4792 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:53.0917 4792 USBSTOR - ok
16:52:53.0920 4792 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:52:53.0930 4792 usbuhci - ok
16:52:53.0934 4792 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:52:53.0961 4792 UxSms - ok
16:52:53.0964 4792 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:52:53.0975 4792 VaultSvc - ok
16:52:53.0979 4792 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:52:53.0989 4792 vdrvroot - ok
16:52:53.0996 4792 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:52:54.0030 4792 vds - ok
16:52:54.0035 4792 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:54.0048 4792 vga - ok
16:52:54.0052 4792 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:52:54.0078 4792 VgaSave - ok
16:52:54.0084 4792 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:52:54.0095 4792 vhdmp - ok
16:52:54.0099 4792 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:52:54.0109 4792 viaide - ok
16:52:54.0113 4792 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:52:54.0123 4792 volmgr - ok
16:52:54.0130 4792 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:52:54.0144 4792 volmgrx - ok
16:52:54.0150 4792 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:52:54.0164 4792 volsnap - ok
16:52:54.0169 4792 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:52:54.0181 4792 vsmraid - ok
16:52:54.0196 4792 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:52:54.0239 4792 VSS - ok
16:52:54.0243 4792 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:52:54.0255 4792 vwifibus - ok
16:52:54.0262 4792 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:52:54.0294 4792 W32Time - ok
16:52:54.0300 4792 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:52:54.0311 4792 WacomPen - ok
16:52:54.0315 4792 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:52:54.0343 4792 WANARP - ok
16:52:54.0347 4792 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:52:54.0374 4792 Wanarpv6 - ok
16:52:54.0389 4792 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:52:54.0418 4792 wbengine - ok
16:52:54.0423 4792 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:52:54.0440 4792 WbioSrvc - ok
16:52:54.0446 4792 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:52:54.0464 4792 wcncsvc - ok
16:52:54.0467 4792 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:52:54.0479 4792 WcsPlugInService - ok
16:52:54.0482 4792 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:52:54.0491 4792 Wd - ok
16:52:54.0500 4792 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:52:54.0520 4792 Wdf01000 - ok
16:52:54.0524 4792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:52:54.0539 4792 WdiServiceHost - ok
16:52:54.0542 4792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:52:54.0557 4792 WdiSystemHost - ok
16:52:54.0562 4792 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:52:54.0579 4792 WebClient - ok
16:52:54.0584 4792 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:52:54.0614 4792 Wecsvc - ok
16:52:54.0618 4792 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:52:54.0645 4792 wercplsupport - ok
16:52:54.0649 4792 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:52:54.0676 4792 WerSvc - ok
16:52:54.0679 4792 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:54.0705 4792 WfpLwf - ok
16:52:54.0708 4792 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:52:54.0717 4792 WIMMount - ok
16:52:54.0719 4792 WinDefend - ok
16:52:54.0725 4792 WinHttpAutoProxySvc - ok
16:52:54.0733 4792 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:52:54.0762 4792 Winmgmt - ok
16:52:54.0780 4792 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:52:54.0828 4792 WinRM - ok
16:52:54.0842 4792 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:52:54.0866 4792 Wlansvc - ok
16:52:54.0870 4792 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:52:54.0880 4792 WmiAcpi - ok
16:52:54.0887 4792 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:52:54.0899 4792 wmiApSrv - ok
16:52:54.0902 4792 WMPNetworkSvc - ok
16:52:54.0907 4792 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:52:54.0918 4792 WPCSvc - ok
16:52:54.0922 4792 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:52:54.0936 4792 WPDBusEnum - ok
16:52:54.0939 4792 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:52:54.0965 4792 ws2ifsl - ok
16:52:54.0969 4792 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:52:54.0985 4792 wscsvc - ok
16:52:54.0988 4792 WSearch - ok
16:52:55.0012 4792 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:52:55.0056 4792 wuauserv - ok
16:52:55.0061 4792 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:52:55.0072 4792 WudfPf - ok
16:52:55.0076 4792 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:52:55.0089 4792 wudfsvc - ok
16:52:55.0094 4792 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:52:55.0111 4792 WwanSvc - ok
16:52:55.0115 4792 ================ Scan global ===============================
16:52:55.0117 4792 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:52:55.0122 4792 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:52:55.0129 4792 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:52:55.0134 4792 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:52:55.0140 4792 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:52:55.0145 4792 [Global] - ok
16:52:55.0145 4792 ================ Scan MBR ==================================
16:52:55.0147 4792 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:52:55.0224 4792 \Device\Harddisk0\DR0 - ok
16:52:55.0227 4792 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:52:55.0337 4792 \Device\Harddisk1\DR1 - ok
16:52:55.0337 4792 ================ Scan VBR ==================================
16:52:55.0339 4792 [ 26AF7119655800892A211D0D2BF43191 ] \Device\Harddisk0\DR0\Partition1
16:52:55.0340 4792 \Device\Harddisk0\DR0\Partition1 - ok
16:52:55.0344 4792 [ 362D71764E8DE26EE3709A22DE2CB9CB ] \Device\Harddisk1\DR1\Partition1
16:52:55.0345 4792 \Device\Harddisk1\DR1\Partition1 - ok
16:52:55.0345 4792 ============================================================
16:52:55.0345 4792 Scan finished
16:52:55.0345 4792 ============================================================
16:52:55.0354 4564 Detected object count: 0
16:52:55.0354 4564 Actual detected object count: 0

markusg · 14.01.2013, 17:03

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

herbcyy · 14.01.2013, 18:44

Hoffe mal das ist das richtige:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-14.01 - Jonas 14.01.2013  18:09:11.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4093.2435 [GMT 1:00]
ausgeführt von:: c:\users\Jonas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-14 17:11 . 2013-01-14 17:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-14 09:22 . 2013-01-14 09:22	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{669603C2-0BF7-406E-8B39-09D7357AF69F}\offreg.dll
2013-01-13 23:08 . 2013-01-13 23:08	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-01-13 13:18 . 2013-01-13 13:18	--------	d-----w-	c:\program files (x86)\TeamSpeak 3 Client
2013-01-13 12:47 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{669603C2-0BF7-406E-8B39-09D7357AF69F}\mpengine.dll
2013-01-09 08:42 . 2013-01-09 08:42	--------	d-----w-	C:\Neuer Ordner 1
2013-01-09 08:40 . 2013-01-09 08:40	--------	d-----w-	c:\programdata\backup
2013-01-09 08:40 . 2013-01-09 08:40	--------	d-----w-	c:\programdata\explauncher
2013-01-09 08:40 . 2013-01-09 08:40	--------	d-----w-	c:\programdata\launcher
2013-01-09 08:19 . 2013-01-09 08:19	--------	d-----w-	c:\programdata\Panda Security
2013-01-09 08:19 . 2013-01-09 08:19	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2013-01-09 02:17 . 2013-01-09 02:17	--------	d-----w-	c:\windows\system32\SPReview
2013-01-09 02:17 . 2013-01-09 02:17	--------	d-----w-	c:\windows\system32\EventProviders
2013-01-09 02:14 . 2010-11-20 13:27	1363968	----a-w-	c:\windows\system32\wdc.dll
2013-01-09 02:13 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2013-01-09 02:13 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-09 02:13 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2013-01-09 02:01 . 2008-07-31 09:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2013-01-09 02:01 . 2008-07-31 09:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2013-01-09 02:01 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-01-09 02:01 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-01-09 02:01 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2013-01-09 01:59 . 2013-01-09 01:59	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2013-01-09 01:59 . 2013-01-09 01:59	--------	d-----w-	C:\Riot Games
2013-01-08 22:31 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2013-01-08 22:31 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2013-01-08 22:31 . 2010-11-20 12:58	3072	----a-w-	c:\windows\system32\dpnaddr.dll
2013-01-08 22:31 . 2010-11-20 11:57	2560	----a-w-	c:\windows\SysWow64\dpnaddr.dll
2013-01-08 21:57 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-01-08 21:57 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-01-08 21:57 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-01-08 21:57 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-01-08 21:53 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-01-08 21:49 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-01-08 21:49 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-01-08 21:49 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-01-08 21:49 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-01-08 21:49 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-01-08 21:49 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-01-08 21:48 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-01-08 21:48 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-01-08 21:48 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-01-08 21:48 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-01-08 21:48 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-01-08 21:48 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-01-08 21:48 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-01-08 21:47 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-01-08 21:47 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-01-08 21:47 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-01-08 21:47 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-01-08 21:47 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-01-08 21:25 . 2013-01-14 16:28	--------	d-----w-	c:\programdata\PMB Files
2013-01-08 21:25 . 2013-01-08 21:25	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-01-08 21:19 . 2012-10-30 22:51	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-01-08 21:19 . 2012-10-30 22:51	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-01-08 21:19 . 2012-10-30 22:51	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-01-08 21:19 . 2012-10-30 22:51	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-01-08 21:19 . 2012-10-30 22:51	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-01-08 21:19 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2013-01-08 21:19 . 2012-10-15 16:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-01-08 20:31 . 2013-01-08 20:31	--------	d-----r-	C:\Sandbox
2013-01-08 20:17 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2013-01-08 20:17 . 2012-10-30 22:50	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2013-01-08 20:17 . 2013-01-08 21:18	--------	d-----w-	c:\programdata\AVAST Software
2013-01-08 20:17 . 2013-01-08 21:18	--------	d-----w-	c:\program files\AVAST Software
2013-01-08 20:15 . 2013-01-08 20:15	--------	d-----w-	c:\program files (x86)\Secunia
2013-01-08 20:00 . 2012-12-16 16:31	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 19:13 . 2012-12-07 11:20	23552	----a-w-	c:\windows\system32\oflc.rs
2013-01-08 19:12 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2013-01-08 19:09 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-01-08 19:09 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-01-08 19:09 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-01-08 19:09 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-01-08 19:09 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-01-08 19:09 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-01-08 19:08 . 2013-01-08 19:08	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 19:08 . 2013-01-08 19:08	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 19:08 . 2013-01-08 19:08	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-01-08 19:08 . 2013-01-08 19:08	--------	d-----w-	c:\windows\system32\Macromed
2013-01-08 19:00 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2013-01-08 19:00 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-01-08 18:56 . 2013-01-08 18:56	--------	d-----w-	c:\programdata\ATI
2013-01-08 18:56 . 2013-01-08 18:56	0	----a-w-	c:\windows\ativpsrm.bin
2013-01-08 18:55 . 2013-01-08 18:55	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2013-01-08 18:55 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2013-01-08 18:55 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2013-01-08 18:55 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2013-01-08 18:55 . 2013-01-08 18:55	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2013-01-08 18:54 . 2013-01-13 23:10	--------	d-sh--w-	c:\windows\Installer
2013-01-08 18:54 . 2013-01-08 18:55	--------	d-----w-	c:\program files (x86)\ATI Technologies
2013-01-08 18:54 . 2013-01-08 18:55	--------	d-----w-	c:\program files\ATI Technologies
2013-01-08 18:54 . 2013-01-08 18:54	--------	d-----w-	c:\program files\ATI
2013-01-08 18:54 . 2013-01-08 18:54	--------	d-----w-	C:\AMD
2013-01-08 18:51 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-01-08 18:51 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-01-08 18:51 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-01-08 18:51 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-01-08 18:51 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-01-08 18:51 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-01-08 18:51 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-01-08 18:51 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-01-08 18:51 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-01-08 18:51 . 2013-01-13 12:42	--------	d-----w-	c:\users\Jonas
2013-01-08 18:44 . 2013-01-08 18:50	--------	d-----w-	c:\windows\Panther
2013-01-08 18:44 . 2013-01-09 04:23	--------	d-----w-	C:\Boot
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 04:20 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-09 04:20 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-08 19:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-08 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BioNTDrv;BioNTDrv;d:\program\BioNTDrv.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 68597232
*Deregistered* - 68597232
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 19:08]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383450841-1444442981-759189576-1001Core.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08 19:09]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383450841-1444442981-759189576-1001UA.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-FileHippo.com - d:\filehippo.com\UpdateChecker.exe
Wow6432Node-HKCU-Run-SandboxieControl - d:\sandboxie\SbieCtrl.exe
AddRemove-FileHippo.com - d:\filehippo.com\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14  18:13:08
ComboFix-quarantined-files.txt  2013-01-14 17:13
.
Vor Suchlauf: 10 Verzeichnis(se), 30.759.698.432 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 30.703.001.600 Bytes frei
.
- - End Of File - - F644A5228D2489248A97D504D7773D68

--- --- ---

markusg · 14.01.2013, 19:57

hattest du Sandboxie etc nicht neu instaliert? oder hast du die platten nacheinander wiederhergestellt, denn wenn du programme auf nem andern laufwerk instalierst musst du alles auf einmal wiederherstellen.
ist e: überhaupt ein anderes laufwerk oder nur ne andere partition, denn wenns nur ne Partition is, ists eig quark das zu unterteilen, bringt nichts.

herbcyy · 14.01.2013, 20:38

ja habe Programme auf beiden Laufwerken gehabt. Wie kann man alles auf einmal herstellen ? E ist mein cd laufwerk wo ne cd drinne war

markusg · 15.01.2013, 21:28

hier mal die Anleitung:
download.paragon-software.com/doc/manual_brfree_2012_de.pdf
müsstest wohl beide aktivieren

herbcyy · 17.01.2013, 14:58

Kennst du die genaue Seite auf der das steht ? weil finde sie nicht

markusg · 17.01.2013, 15:06

du müsstes dann gesammte festplatte wiederherstellen wählen

13.01.2013, 17:06	#48
markusg /// Malware-holic	Virus / unzählige Fenster öffnen sich Ja laut tdss killer ist nichts zu sehen. erstelle das Image immer mit dem Masterboot sektor, gibts als Option anzuhaken. du kannst ja noch mal mit fixmbr und fixboot vor der Instalation arbeiten. __________________ __________________

17.01.2013, 15:06	#58
markusg /// Malware-holic	Virus / unzählige Fenster öffnen sich du müsstes dann gesammte festplatte wiederherstellen wählen __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Virus / unzählige Fenster öffnen sich

Plagegeister aller Art und deren Bekämpfung: Virus / unzählige Fenster öffnen sich