Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Temp msotyqr.bat konnte nicht geladen oder gestartet werden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2013, 22:15   #1
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hallo zusammen, habe seit Sonntag die oben genannte Fehlermeldung beim Hochfahren des Notebooks.

Vorher habe ich Malwarebytes als auch Anti-Vir über meinen Rechner laufen lassen, weil die Windows Programme nicht mehr gestartet sind und ich auch nicht mehr in's Netz kam.

Es wurden Trojaner und Würmer gefunden die nun gelöscht wurden. Seid dem läuft der Rechner wieder, allerdings ist die oben genannte Meldung noch vohanden.

Soll ich hier nun meine OTL und Extras posten?

Freue mich über Info. Toffkris

Alt 08.01.2013, 22:18   #2
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hi, ne erst mal die Logs mit Funden, sonst wissen wir ja gar nicht, was auf dem PC war.

Öffne Avira, verwaltung, Quarantäne, poste Funde mit Pfadangaben.
poste auch Malwarebytes Logs:
http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________

Alt 08.01.2013, 22:35   #3
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Vielen Dank für die schnelle Antwort. Ich hoffe ich mache das mit den Codes korrekt!

bei Avira habe ich leider schon die Quarantäne gelöscht! Verdammich!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.06.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
:: [Administrator]

07.01.2013 07:07:18
mbam-log-2013-01-07 (07-07-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211706
Laufzeit: 7 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\\Local Settings\Temp\msotyqr.bat (Trojan.Vbcrypt) -> 4664 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lavasoft (Trojan.Vbcrypt) -> Daten: C:\Users\\AppData\Roaming\81CE7B\81CE7B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\\LOCALS~1\Temp\msotyqr.bat -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\\LOCALS~1\Temp\msotyqr.bat -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1X1F7AUF5HVX3C3WVYQMXNMGH (Trojan.SpyEyes.Gen) -> Daten: C:\config.bin\9A052F918CF.exe /q -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Vbcrypt) -> Bösartig: (C:\Users\\LOCALS~1\Temp\msotyqr.bat) Gut: () -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\\Local Settings\Temp\msotyqr.bat (Trojan.Vbcrypt) -> Löschen bei Neustart.
C:\Users\\AppData\Roaming\81CE7B\81CE7B.exe (Trojan.Vbcrypt) -> Löschen bei Neustart.
C:\Users\\AppData\Local\Temp\00621f44.exe (Trojan.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\\AppData\Roaming\nMNtffsdf5ev.exe (Trojan.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Geändert von toffkris (08.01.2013 um 22:44 Uhr)

Alt 08.01.2013, 23:03   #4
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hi
avira öffnen, ereignisse, dort Fundmeldungen raussuchen.
Avira, berichte, fundberichte raussuchen und posten.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 07:21   #5
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Guten Morgen Markus, hier die Avira Fundberichte:

Exportierte Ereignisse:

09.01.2013 07:55 [Echtzeit Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 12.3.0.15
Engine Version: 8.2.10.226
VDF Version: 7.11.56.106

09.01.2013 07:55 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 12.3.0.15
Engine Version: 8.2.10.226
VDF Version: 7.11.56.106

09.01.2013 07:55 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 12.3.0.15

08.01.2013 23:47 [Echtzeit Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

08.01.2013 23:47 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

08.01.2013 23:04 [Echtzeit Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 12.3.0.15
Engine Version: 8.2.10.226
VDF Version: 7.11.56.106

08.01.2013 23:04 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 12.3.0.15
Engine Version: 8.2.10.226
VDF Version: 7.11.56.106

und hier die OTL:

[CODE][OTL logfile created on: 08.01.2013 22:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ekel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,23% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 45,08 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 39,49 Gb Free Space | 28,36% Space Free | Partition Type: NTFS

Computer Name: EKEL-PC | User Name: ekel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.08 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.08.08 22:17:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.13 03:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.13 03:22:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.13 03:22:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.05.25 17:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.14 12:58:45 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008.08.19 18:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.07.30 01:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.07.15 19:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 19:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.24 04:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.18 06:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 06:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.12 05:52:18 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
PRC - [2008.06.12 05:52:08 | 000,212,992 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.05.20 01:15:06 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
PRC - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.02.07 09:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.07.30 01:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2008.06.12 05:52:20 | 000,778,240 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.12 05:52:16 | 000,007,680 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2012.12.15 12:57:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.13 03:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.13 03:22:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.02.07 09:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006.06.22 02:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - [2012.05.13 03:22:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.13 03:22:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.07 09:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.04.11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008.07.25 09:30:59 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.25 06:05:05 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.24 23:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.06.03 22:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.20 01:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.05.13 07:35:23 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.21 05:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.14 22:56:01 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.11.02 12:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 12:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 12:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5)
DRV - [2007.11.02 12:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.11.02 12:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2006.12.14 23:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ekel\Music
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{207511D0-A61C-48bc-90BC-CF53D8E7D14A}: "URL" = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.12 18:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.12 18:55:00 | 000,000,000 | ---D | M]

[2011.03.02 19:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ekel\AppData\Roaming\mozilla\Extensions
[2012.11.13 22:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ekel\AppData\Roaming\mozilla\Firefox\Profiles\w935rsxy.default\extensions
[2011.03.05 00:38:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ekel\AppData\Roaming\mozilla\Firefox\Profiles\w935rsxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.28 16:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2008.11.01 18:15:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.26 18:14:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 02:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\ekel\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
F3 - HKCU WinNT: Load - (C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat) - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA7C740-CDF3-44BC-BB39-E22C246FDD05}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B07D2F33-1C44-45F5-B05E-7AC4201CADF2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Users\ekel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ekel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48a60db2-da44-11dd-bd46-0023545484ac}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{875eb078-a1cd-11e0-933d-0023545484ac}\Shell - "" = AutoRun
O33 - MountPoints2\{875eb078-a1cd-11e0-933d-0023545484ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.08 22:45:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe
[2013.01.08 18:57:57 | 000,000,000 | ---D | C] -- C:\Users\ekel\LOCALS~1
[2013.01.08 18:38:09 | 000,000,000 | ---D | C] -- C:\Users\ekel\AppData\Roaming\Auslogics
[2013.01.08 18:35:50 | 007,034,560 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Users\ekel\Desktop\registry-cleaner-setup_2405.exe
[2013.01.07 18:43:37 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\ekel\Desktop\ccsetup326.exe
[2013.01.07 14:32:24 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Busta Rhymes Reek Da Villain J Doe - Catastroph (DatPiff.com)
[2013.01.07 14:31:29 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Papoose - Most Hated Alive (DatPiff.com)
[2013.01.07 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Wale - Folarin (DatPiff.com)
[2013.01.06 21:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.06 21:11:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.06 21:09:46 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ekel\Documents\mbam-setup-1.70.0.1100.exe
[2013.01.06 19:07:44 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Österreich 2012
[2013.01.06 18:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.12.27 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Liquid Lalilulelo
[2012.12.24 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\ekel\AppData\Roaming\Blender Foundation
[2012.12.23 15:12:22 | 000,000,000 | ---D | C] -- C:\Users\ekel\Documents\BioWare
[2012.12.23 14:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2012.12.23 14:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2012.12.15 22:23:30 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\101_PANA
[2012.12.15 15:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.15 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.15 15:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.15 15:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.12.13 21:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.13 21:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.11.13 15:30:36 | 081,893,672 | ---- | C] (Apple Inc.) -- C:\Users\ekel\iTunesSetup.exe
[21 C:\Users\ekel\Documents\*.tmp files -> C:\Users\ekel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.08 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe
[2013.01.08 22:40:14 | 000,094,588 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.08 22:34:03 | 000,000,000 | ---- | M] () -- C:\Users\ekel\defogger_reenable
[2013.01.08 22:32:34 | 000,050,477 | ---- | M] () -- C:\Users\ekel\Desktop\Defogger.exe
[2013.01.08 22:31:44 | 004,331,248 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.08 22:31:44 | 001,717,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.08 22:31:44 | 001,345,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.08 22:31:44 | 001,175,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.08 22:24:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.01.08 22:24:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 22:24:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 22:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 22:23:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.08 22:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013.01.08 21:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.08 21:38:35 | 000,008,268 | ---- | M] () -- C:\Users\ekel\AppData\Local\d3d9caps.dat
[2013.01.08 21:34:37 | 000,000,714 | ---- | M] () -- C:\Users\ekel\Documents\cc_20130108_213429.reg
[2013.01.08 18:35:50 | 007,034,560 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Users\ekel\Desktop\registry-cleaner-setup_2405.exe
[2013.01.07 18:50:52 | 000,368,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.07 18:47:17 | 000,151,748 | ---- | M] () -- C:\Users\ekel\Documents\cc_20130107_184634.reg
[2013.01.07 18:43:43 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\ekel\Desktop\ccsetup326.exe
[2013.01.06 21:11:13 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.06 21:10:12 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ekel\Documents\mbam-setup-1.70.0.1100.exe
[2013.01.06 19:12:38 | 000,212,480 | ---- | M] () -- C:\Users\ekel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 09:30:01 | 000,000,957 | ---- | M] () -- C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.06 09:29:45 | 000,000,923 | ---- | M] () -- C:\Users\ekel\Desktop\Dropbox.lnk
[2012.12.28 07:55:59 | 000,094,588 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.12.27 19:00:11 | 000,011,848 | -HS- | M] () -- C:\Users\ekel\Desktop\Folder.jpg
[2012.12.27 19:00:11 | 000,002,539 | -HS- | M] () -- C:\Users\ekel\Desktop\AlbumArtSmall.jpg
[2012.12.24 12:53:48 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.15 15:33:16 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[21 C:\Users\ekel\Documents\*.tmp files -> C:\Users\ekel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.08 22:34:03 | 000,000,000 | ---- | C] () -- C:\Users\ekel\defogger_reenable
[2013.01.08 22:32:34 | 000,050,477 | ---- | C] () -- C:\Users\ekel\Desktop\Defogger.exe
[2013.01.08 21:34:32 | 000,000,714 | ---- | C] () -- C:\Users\ekel\Documents\cc_20130108_213429.reg
[2013.01.07 18:50:31 | 000,368,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.07 18:46:38 | 000,151,748 | ---- | C] () -- C:\Users\ekel\Documents\cc_20130107_184634.reg
[2013.01.06 21:11:13 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.15 15:33:16 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.13 22:02:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.13 22:02:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2011.12.05 20:28:30 | 000,000,843 | ---- | C] () -- C:\Users\ekel\.recently-used.xbel
[2011.11.25 08:08:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.21 22:48:43 | 000,004,096 | -H-- | C] () -- C:\Users\ekel\AppData\Local\keyfile3.drm
[2010.12.11 21:46:14 | 000,000,092 | ---- | C] () -- C:\Users\ekel\AppData\Local\fusioncache.dat
[2010.12.11 21:31:44 | 000,139,152 | ---- | C] () -- C:\Users\ekel\AppData\Roaming\PnkBstrK.sys
[2008.12.01 00:15:11 | 000,029,239 | ---- | C] () -- C:\Users\ekel\AppData\Roaming\UserTile.png
[2008.11.09 20:13:59 | 000,008,268 | ---- | C] () -- C:\Users\ekel\AppData\Local\d3d9caps.dat
[2008.11.07 19:01:38 | 000,212,480 | ---- | C] () -- C:\Users\ekel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.02 18:52:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.02 11:47:37 | 000,094,588 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.02 11:47:29 | 000,094,588 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.01 15:58:39 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.07 07:17:00 | 000,000,000 | -HSD | M] -- C:\Users\ekel\AppData\Roaming\81CE7B
[2011.11.21 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Ableton
[2009.10.19 21:19:16 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\ASCOMP Software
[2010.03.18 07:41:11 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Audacity
[2013.01.08 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Auslogics
[2011.12.26 19:26:43 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Bioshock2
[2012.12.24 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Blender Foundation
[2012.05.20 08:59:50 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\DataDesign
[2013.01.08 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Dropbox
[2012.11.13 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\GameRanger
[2010.06.13 16:25:34 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\gtk-2.0
[2008.11.01 18:27:29 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\ICQ
[2009.03.19 20:18:42 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\PeaZip
[2008.12.01 00:15:11 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\PeerNetworking
[2011.04.06 08:38:57 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Softland
[2011.04.06 08:26:18 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\WordToPDF

========== Purity Check ==========
/CODE]


Alt 09.01.2013, 13:53   #6
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
F3 - HKCU WinNT: Load - (C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat) - File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
--> Temp msotyqr.bat konnte nicht geladen oder gestartet werden

Alt 09.01.2013, 14:13   #7
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hallo! Hier der Inhalt des Textdokuments:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ekel
->Flash cache emptied: 3347 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: ekel
->Temp folder emptied: 798726 bytes
->Temporary Internet Files folder emptied: 505158177 bytes
->FireFox cache emptied: 57483764 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1626432 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 539,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01092013_150843

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 09.01.2013, 14:22   #8
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 14:43   #9
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hier der LOG:


15:31:32.0126 3792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:31:32.0313 3792 ============================================================
15:31:32.0313 3792 Current date / time: 2013/01/09 15:31:32.0313
15:31:32.0313 3792 SystemInfo:
15:31:32.0313 3792
15:31:32.0313 3792 OS Version: 6.0.6002 ServicePack: 2.0
15:31:32.0313 3792 Product type: Workstation
15:31:32.0313 3792 ComputerName: EKEL-PC
15:31:32.0313 3792 UserName: ekel
15:31:32.0313 3792 Windows directory: C:\Windows
15:31:32.0313 3792 System windows directory: C:\Windows
15:31:32.0313 3792 Processor architecture: Intel x86
15:31:32.0313 3792 Number of processors: 2
15:31:32.0313 3792 Page size: 0x1000
15:31:32.0313 3792 Boot type: Normal boot
15:31:32.0313 3792 ============================================================
15:31:32.0828 3792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:31:32.0828 3792 ============================================================
15:31:32.0828 3792 \Device\Harddisk0\DR0:
15:31:32.0828 3792 MBR partitions:
15:31:32.0828 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00
15:31:32.0844 3792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47
15:31:32.0844 3792 ============================================================
15:31:32.0890 3792 C: <-> \Device\Harddisk0\DR0\Partition1
15:31:32.0922 3792 D: <-> \Device\Harddisk0\DR0\Partition2
15:31:32.0922 3792 ============================================================
15:31:32.0922 3792 Initialize success
15:31:32.0922 3792 ============================================================
15:32:28.0083 0836 ============================================================
15:32:28.0083 0836 Scan started
15:32:28.0083 0836 Mode: Manual; SigCheck; TDLFS;
15:32:28.0083 0836 ============================================================
15:32:28.0863 0836 ================ Scan system memory ========================
15:32:28.0863 0836 System memory - ok
15:32:28.0863 0836 ================ Scan services =============================
15:32:29.0097 0836 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:32:29.0238 0836 ACPI - ok
15:32:29.0316 0836 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:29.0331 0836 AdobeFlashPlayerUpdateSvc - ok
15:32:29.0409 0836 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:32:29.0440 0836 adp94xx - ok
15:32:29.0456 0836 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:32:29.0472 0836 adpahci - ok
15:32:29.0518 0836 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:32:29.0534 0836 adpu160m - ok
15:32:29.0550 0836 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:32:29.0565 0836 adpu320 - ok
15:32:29.0628 0836 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:32:29.0768 0836 AeLookupSvc - ok
15:32:29.0815 0836 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:32:29.0908 0836 AFD - ok
15:32:29.0955 0836 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:32:30.0033 0836 AgereModemAudio - ok
15:32:30.0111 0836 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:32:30.0174 0836 AgereSoftModem - ok
15:32:30.0220 0836 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:32:30.0236 0836 agp440 - ok
15:32:30.0283 0836 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:32:30.0298 0836 aic78xx - ok
15:32:30.0298 0836 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:32:30.0454 0836 ALG - ok
15:32:30.0470 0836 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:32:30.0486 0836 aliide - ok
15:32:30.0548 0836 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:32:30.0564 0836 amdagp - ok
15:32:30.0595 0836 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:32:30.0610 0836 amdide - ok
15:32:30.0657 0836 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:32:30.0688 0836 AmdK7 - ok
15:32:30.0704 0836 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:32:30.0751 0836 AmdK8 - ok
15:32:30.0876 0836 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:32:30.0907 0836 AntiVirSchedulerService - ok
15:32:30.0938 0836 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:32:30.0954 0836 AntiVirService - ok
15:32:30.0985 0836 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:32:31.0047 0836 Appinfo - ok
15:32:31.0156 0836 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:32:31.0172 0836 Apple Mobile Device - ok
15:32:31.0219 0836 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:32:31.0250 0836 arc - ok
15:32:31.0281 0836 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:32:31.0297 0836 arcsas - ok
15:32:31.0390 0836 [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
15:32:31.0437 0836 ASBroker ( UnsignedFile.Multi.Generic ) - warning
15:32:31.0437 0836 ASBroker - detected UnsignedFile.Multi.Generic (1)
15:32:31.0468 0836 [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
15:32:31.0500 0836 ASChannel ( UnsignedFile.Multi.Generic ) - warning
15:32:31.0500 0836 ASChannel - detected UnsignedFile.Multi.Generic (1)
15:32:31.0609 0836 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
15:32:31.0640 0836 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
15:32:31.0640 0836 ASLDRService - detected UnsignedFile.Multi.Generic (1)
15:32:31.0671 0836 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
15:32:31.0687 0836 ASMMAP - ok
15:32:31.0827 0836 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:32:31.0827 0836 aspnet_state - ok
15:32:31.0874 0836 ASUSProcObsrv - ok
15:32:31.0890 0836 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:31.0952 0836 AsyncMac - ok
15:32:31.0999 0836 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:32:31.0999 0836 atapi - ok
15:32:32.0046 0836 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
15:32:32.0077 0836 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
15:32:32.0077 0836 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
15:32:32.0108 0836 [ F70D2392158CB68E775F8C4CD3D12FBB ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:32:32.0124 0836 ATSWPDRV - ok
15:32:32.0186 0836 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:32:32.0233 0836 AudioEndpointBuilder - ok
15:32:32.0233 0836 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:32:32.0264 0836 Audiosrv - ok
15:32:32.0311 0836 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:32:32.0326 0836 avgntflt - ok
15:32:32.0389 0836 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:32:32.0404 0836 avipbb - ok
15:32:32.0451 0836 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:32:32.0467 0836 avkmgr - ok
15:32:32.0514 0836 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:32:32.0560 0836 Beep - ok
15:32:32.0623 0836 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:32:32.0670 0836 BFE - ok
15:32:32.0794 0836 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:32:32.0888 0836 BITS - ok
15:32:32.0935 0836 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:32:32.0982 0836 blbdrive - ok
15:32:33.0106 0836 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:32:33.0122 0836 Bonjour Service - ok
15:32:33.0169 0836 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:32:33.0231 0836 bowser - ok
15:32:33.0278 0836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:32:33.0309 0836 BrFiltLo - ok
15:32:33.0325 0836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:32:33.0372 0836 BrFiltUp - ok
15:32:33.0418 0836 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:32:33.0465 0836 Browser - ok
15:32:33.0496 0836 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:32:33.0684 0836 Brserid - ok
15:32:33.0730 0836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:32:33.0824 0836 BrSerWdm - ok
15:32:33.0855 0836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:32:33.0949 0836 BrUsbMdm - ok
15:32:33.0980 0836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:32:34.0042 0836 BrUsbSer - ok
15:32:34.0089 0836 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:32:34.0120 0836 BthEnum - ok
15:32:34.0167 0836 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:32:34.0245 0836 BTHMODEM - ok
15:32:34.0261 0836 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:32:34.0292 0836 BthPan - ok
15:32:34.0354 0836 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:32:34.0464 0836 BTHPORT - ok
15:32:34.0526 0836 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
15:32:34.0620 0836 BthServ - ok
15:32:34.0666 0836 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:32:34.0698 0836 BTHUSB - ok
15:32:34.0744 0836 [ 463483285B2D2D345443AAEE7B9391E7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:32:34.0760 0836 btwaudio - ok
15:32:34.0776 0836 [ 4F82B6173EF8637CB26CF4E73B90F172 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:32:34.0791 0836 btwavdt - ok
15:32:34.0854 0836 [ B78D1ACA1BBD0077848D9F87C8207AB1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:32:34.0869 0836 btwdins - ok
15:32:34.0900 0836 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:32:34.0916 0836 btwl2cap - ok
15:32:34.0932 0836 [ F771034F5B59A4A5054A2FA6F4E9F28B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:32:34.0947 0836 btwrchid - ok
15:32:34.0963 0836 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:32:35.0025 0836 cdfs - ok
15:32:35.0072 0836 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:32:35.0119 0836 cdrom - ok
15:32:35.0166 0836 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:32:35.0197 0836 CertPropSvc - ok
15:32:35.0244 0836 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:32:35.0290 0836 circlass - ok
15:32:35.0353 0836 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:32:35.0368 0836 CLFS - ok
15:32:35.0415 0836 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:35.0415 0836 clr_optimization_v2.0.50727_32 - ok
15:32:35.0509 0836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:35.0524 0836 clr_optimization_v4.0.30319_32 - ok
15:32:35.0556 0836 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:35.0602 0836 CmBatt - ok
15:32:35.0618 0836 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:32:35.0634 0836 cmdide - ok
15:32:35.0649 0836 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:32:35.0665 0836 Compbatt - ok
15:32:35.0680 0836 COMSysApp - ok
15:32:35.0680 0836 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:32:35.0696 0836 crcdisk - ok
15:32:35.0712 0836 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:32:35.0774 0836 Crusoe - ok
15:32:35.0821 0836 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:32:35.0883 0836 CryptSvc - ok
15:32:35.0946 0836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:32:35.0992 0836 DcomLaunch - ok
15:32:36.0024 0836 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:32:36.0055 0836 DfsC - ok
15:32:36.0226 0836 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:32:36.0429 0836 DFSR - ok
15:32:36.0507 0836 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:32:36.0585 0836 Dhcp - ok
15:32:36.0648 0836 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:32:36.0663 0836 disk - ok
15:32:36.0694 0836 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:32:36.0757 0836 Dnscache - ok
15:32:36.0788 0836 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:32:36.0819 0836 dot3svc - ok
15:32:36.0850 0836 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:32:36.0897 0836 DPS - ok
15:32:36.0928 0836 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:32:36.0975 0836 drmkaud - ok
15:32:37.0053 0836 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:32:37.0084 0836 DXGKrnl - ok
15:32:37.0100 0836 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:32:37.0147 0836 E1G60 - ok
15:32:37.0194 0836 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:32:37.0240 0836 EapHost - ok
15:32:37.0303 0836 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:32:37.0318 0836 Ecache - ok
15:32:37.0365 0836 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:32:37.0428 0836 ehRecvr - ok
15:32:37.0459 0836 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:32:37.0506 0836 ehSched - ok
15:32:37.0521 0836 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:32:37.0552 0836 ehstart - ok
15:32:37.0599 0836 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:32:37.0646 0836 elxstor - ok
15:32:37.0740 0836 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:32:37.0864 0836 EMDMgmt - ok
15:32:37.0911 0836 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:32:37.0942 0836 ErrDev - ok
15:32:38.0020 0836 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:32:38.0067 0836 EventSystem - ok
15:32:38.0098 0836 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:32:38.0192 0836 exfat - ok
15:32:38.0254 0836 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:32:38.0301 0836 fastfat - ok
15:32:38.0348 0836 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:32:38.0395 0836 fdc - ok
15:32:38.0426 0836 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:32:38.0457 0836 fdPHost - ok
15:32:38.0504 0836 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:32:38.0566 0836 FDResPub - ok
15:32:38.0598 0836 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:32:38.0629 0836 FileInfo - ok
15:32:38.0644 0836 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:32:38.0691 0836 Filetrace - ok
15:32:38.0722 0836 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:32:38.0785 0836 flpydisk - ok
15:32:38.0847 0836 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:32:38.0878 0836 FltMgr - ok
15:32:38.0972 0836 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:32:39.0081 0836 FontCache - ok
15:32:39.0190 0836 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:39.0190 0836 FontCache3.0.0.0 - ok
15:32:39.0253 0836 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:32:39.0315 0836 Fs_Rec - ok
15:32:39.0346 0836 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:32:39.0362 0836 gagp30kx - ok
15:32:39.0424 0836 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:39.0440 0836 GEARAspiWDM - ok
15:32:39.0502 0836 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
15:32:39.0518 0836 ghaio - ok
15:32:39.0705 0836 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:32:39.0752 0836 gpsvc - ok
15:32:39.0799 0836 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:39.0877 0836 HdAudAddService - ok
15:32:40.0048 0836 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:32:40.0111 0836 HDAudBus - ok
15:32:40.0142 0836 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:32:40.0236 0836 HidBth - ok
15:32:40.0282 0836 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:32:40.0345 0836 HidIr - ok
15:32:40.0392 0836 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:32:40.0438 0836 hidserv - ok
15:32:40.0470 0836 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:32:40.0501 0836 HidUsb - ok
15:32:40.0532 0836 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:32:40.0563 0836 hkmsvc - ok
15:32:40.0626 0836 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:32:40.0657 0836 HpCISSs - ok
15:32:40.0719 0836 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:32:40.0875 0836 HTTP - ok
15:32:40.0938 0836 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:32:40.0953 0836 i2omp - ok
15:32:41.0000 0836 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:32:41.0047 0836 i8042prt - ok
15:32:41.0094 0836 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:32:41.0109 0836 iaStor - ok
15:32:41.0218 0836 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:32:41.0234 0836 iaStorV - ok
15:32:41.0390 0836 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:32:41.0437 0836 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:32:41.0452 0836 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:41.0718 0836 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:41.0796 0836 idsvc - ok
15:32:41.0842 0836 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:32:41.0874 0836 iirsp - ok
15:32:42.0045 0836 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:42.0264 0836 IKEEXT - ok
15:32:42.0560 0836 [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:32:42.0810 0836 IntcAzAudAddService - ok
15:32:42.0856 0836 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:42.0872 0836 intelide - ok
15:32:42.0903 0836 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:42.0934 0836 intelppm - ok
15:32:42.0981 0836 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:43.0044 0836 IPBusEnum - ok
15:32:43.0059 0836 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:43.0106 0836 IpFilterDriver - ok
15:32:43.0137 0836 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:43.0200 0836 iphlpsvc - ok
15:32:43.0215 0836 IpInIp - ok
15:32:43.0246 0836 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:32:43.0262 0836 IPMIDRV - ok
15:32:43.0293 0836 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:32:43.0340 0836 IPNAT - ok
15:32:43.0402 0836 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:32:43.0418 0836 iPod Service - ok
15:32:43.0449 0836 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:43.0496 0836 IRENUM - ok
15:32:43.0512 0836 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:43.0543 0836 isapnp - ok
15:32:43.0590 0836 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:32:43.0605 0836 iScsiPrt - ok
15:32:43.0636 0836 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:32:43.0652 0836 iteatapi - ok
15:32:43.0699 0836 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
15:32:43.0730 0836 itecir - ok
15:32:43.0746 0836 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:32:43.0761 0836 iteraid - ok
15:32:43.0777 0836 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:43.0792 0836 kbdclass - ok
15:32:43.0839 0836 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:43.0870 0836 kbdhid - ok
15:32:43.0902 0836 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
15:32:43.0917 0836 kbfiltr - ok
15:32:43.0948 0836 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:32:44.0058 0836 KeyIso - ok
15:32:44.0151 0836 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:44.0182 0836 KSecDD - ok
15:32:44.0229 0836 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:44.0307 0836 KtmRm - ok
15:32:44.0370 0836 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:32:44.0432 0836 LanmanServer - ok
15:32:44.0479 0836 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:44.0557 0836 LanmanWorkstation - ok
15:32:44.0604 0836 Lavasoft Kernexplorer - ok
15:32:44.0635 0836 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:44.0682 0836 lltdio - ok
15:32:44.0713 0836 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:44.0744 0836 lltdsvc - ok
15:32:44.0775 0836 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:44.0838 0836 lmhosts - ok
15:32:44.0869 0836 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:32:44.0884 0836 LSI_FC - ok
15:32:44.0916 0836 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:32:44.0931 0836 LSI_SAS - ok
15:32:44.0947 0836 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:32:44.0962 0836 LSI_SCSI - ok
15:32:44.0978 0836 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:45.0025 0836 luafv - ok
15:32:45.0056 0836 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
15:32:45.0072 0836 lullaby - ok
15:32:45.0134 0836 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:45.0181 0836 Mcx2Svc - ok
15:32:45.0228 0836 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:32:45.0243 0836 megasas - ok
15:32:45.0290 0836 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:32:45.0321 0836 MegaSR - ok
15:32:45.0337 0836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:32:45.0368 0836 MMCSS - ok
15:32:45.0399 0836 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:32:45.0446 0836 Modem - ok
15:32:45.0493 0836 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
15:32:45.0540 0836 MODEMCSA - ok
15:32:45.0555 0836 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:45.0602 0836 monitor - ok
15:32:45.0618 0836 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:45.0664 0836 mouclass - ok
15:32:45.0680 0836 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:45.0711 0836 mouhid - ok
15:32:45.0727 0836 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:32:45.0742 0836 MountMgr - ok
15:32:45.0805 0836 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:32:45.0820 0836 MozillaMaintenance - ok
15:32:45.0867 0836 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:45.0883 0836 mpio - ok
15:32:45.0930 0836 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:45.0945 0836 mpsdrv - ok
15:32:46.0008 0836 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:46.0054 0836 MpsSvc - ok
15:32:46.0117 0836 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:32:46.0132 0836 Mraid35x - ok
15:32:46.0164 0836 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:46.0195 0836 MRxDAV - ok
15:32:46.0257 0836 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:46.0320 0836 mrxsmb - ok
15:32:46.0382 0836 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:46.0429 0836 mrxsmb10 - ok
15:32:46.0476 0836 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:46.0491 0836 mrxsmb20 - ok
15:32:46.0554 0836 [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:46.0569 0836 msahci - ok
15:32:46.0600 0836 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:46.0616 0836 msdsm - ok
15:32:46.0663 0836 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:32:46.0725 0836 MSDTC - ok
15:32:46.0725 0836 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:46.0756 0836 Msfs - ok
15:32:46.0803 0836 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:46.0819 0836 msisadrv - ok
15:32:46.0850 0836 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:46.0881 0836 MSiSCSI - ok
15:32:46.0881 0836 msiserver - ok
15:32:46.0912 0836 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:46.0944 0836 MSKSSRV - ok
15:32:46.0959 0836 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:46.0990 0836 MSPCLOCK - ok
15:32:47.0006 0836 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:47.0037 0836 MSPQM - ok
15:32:47.0100 0836 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:47.0115 0836 MsRPC - ok
15:32:47.0162 0836 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:32:47.0178 0836 mssmbios - ok
15:32:47.0193 0836 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:32:47.0256 0836 MSTEE - ok
15:32:47.0287 0836 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
15:32:47.0318 0836 MTsensor - ok
15:32:47.0365 0836 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:32:47.0380 0836 Mup - ok
15:32:47.0396 0836 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:32:47.0458 0836 napagent - ok
15:32:47.0505 0836 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:32:47.0552 0836 NativeWifiP - ok
15:32:47.0599 0836 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:32:47.0614 0836 NDIS - ok
15:32:47.0646 0836 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:47.0677 0836 NdisTapi - ok
15:32:47.0708 0836 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:47.0739 0836 Ndisuio - ok
15:32:47.0802 0836 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:47.0848 0836 NdisWan - ok
15:32:47.0864 0836 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:32:47.0895 0836 NDProxy - ok
15:32:47.0926 0836 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:32:47.0958 0836 NetBIOS - ok
15:32:48.0020 0836 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:32:48.0067 0836 netbt - ok
15:32:48.0098 0836 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:32:48.0114 0836 Netlogon - ok
15:32:48.0160 0836 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:32:48.0223 0836 Netman - ok
15:32:48.0238 0836 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:32:48.0301 0836 netprofm - ok
15:32:48.0332 0836 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:48.0348 0836 NetTcpPortSharing - ok
15:32:48.0597 0836 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:32:48.0878 0836 NETw5v32 - ok
15:32:48.0909 0836 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:32:48.0925 0836 nfrd960 - ok
15:32:48.0956 0836 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:32:49.0018 0836 NlaSvc - ok
15:32:49.0050 0836 [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
15:32:49.0128 0836 nmwcd - ok
15:32:49.0143 0836 [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
15:32:49.0174 0836 nmwcdc - ok
15:32:49.0221 0836 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:32:49.0252 0836 Npfs - ok
15:32:49.0299 0836 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:32:49.0362 0836 nsi - ok
15:32:49.0393 0836 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:32:49.0408 0836 nsiproxy - ok
15:32:49.0611 0836 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:32:49.0736 0836 Ntfs - ok
15:32:49.0814 0836 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:32:49.0892 0836 ntrigdigi - ok
15:32:49.0908 0836 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:32:49.0954 0836 Null - ok
15:32:49.0986 0836 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
15:32:50.0001 0836 NVHDA - ok
15:32:50.0360 0836 [ B5D2B15D3EBA77BEF9392FBEFB3DDDA0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:32:50.0797 0836 nvlddmkm - ok
15:32:50.0828 0836 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:32:50.0844 0836 nvraid - ok
15:32:50.0859 0836 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:32:50.0890 0836 nvstor - ok
15:32:50.0953 0836 [ C7D36F2077360216D1DB16B1B8F5AEA3 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:32:51.0000 0836 nvsvc - ok
15:32:51.0015 0836 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:32:51.0031 0836 nv_agp - ok
15:32:51.0046 0836 NwlnkFlt - ok
15:32:51.0046 0836 NwlnkFwd - ok
15:32:51.0093 0836 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:32:51.0124 0836 ohci1394 - ok
15:32:51.0187 0836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:51.0187 0836 ose - ok
15:32:51.0374 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:32:51.0483 0836 p2pimsvc - ok
15:32:51.0514 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:32:51.0655 0836 p2psvc - ok
15:32:51.0702 0836 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:32:51.0764 0836 Parport - ok
15:32:51.0842 0836 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:32:51.0920 0836 partmgr - ok
15:32:51.0967 0836 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:32:52.0014 0836 Parvdm - ok
15:32:52.0045 0836 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:32:52.0107 0836 PcaSvc - ok
15:32:52.0138 0836 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:32:52.0170 0836 pci - ok
15:32:52.0201 0836 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:32:52.0232 0836 pciide - ok
15:32:52.0263 0836 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:32:52.0279 0836 pcmcia - ok
15:32:52.0341 0836 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:32:52.0419 0836 PEAUTH - ok
15:32:52.0497 0836 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:32:52.0638 0836 pla - ok
15:32:52.0731 0836 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:32:52.0778 0836 PlugPlay - ok
15:32:52.0825 0836 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
15:32:52.0840 0836 PnkBstrA - ok
15:32:52.0872 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:32:52.0996 0836 PNRPAutoReg - ok
15:32:53.0059 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:32:53.0121 0836 PNRPsvc - ok
15:32:53.0168 0836 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:32:53.0277 0836 PolicyAgent - ok
15:32:53.0355 0836 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:32:53.0371 0836 PptpMiniport - ok
15:32:53.0418 0836 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:32:53.0480 0836 Processor - ok
15:32:53.0527 0836 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:32:53.0574 0836 ProfSvc - ok
15:32:53.0589 0836 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:53.0605 0836 ProtectedStorage - ok
15:32:53.0652 0836 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:32:53.0667 0836 PSched - ok
15:32:53.0761 0836 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:32:53.0839 0836 ql2300 - ok
15:32:53.0901 0836 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:32:53.0932 0836 ql40xx - ok
15:32:53.0964 0836 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:32:53.0995 0836 QWAVE - ok
15:32:54.0010 0836 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:32:54.0057 0836 QWAVEdrv - ok
15:32:54.0057 0836 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:32:54.0088 0836 RasAcd - ok
15:32:54.0135 0836 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:32:54.0166 0836 RasAuto - ok
15:32:54.0213 0836 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:54.0244 0836 Rasl2tp - ok
15:32:54.0338 0836 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:32:54.0385 0836 RasMan - ok
15:32:54.0432 0836 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:54.0463 0836 RasPppoe - ok
15:32:54.0525 0836 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:32:54.0541 0836 RasSstp - ok
15:32:54.0572 0836 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:32:54.0588 0836 rdbss - ok
15:32:54.0634 0836 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:54.0681 0836 RDPCDD - ok
15:32:54.0712 0836 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:32:54.0744 0836 rdpdr - ok
15:32:54.0759 0836 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:32:54.0790 0836 RDPENCDD - ok
15:32:54.0853 0836 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:32:54.0915 0836 RDPWD - ok
15:32:54.0962 0836 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:32:55.0009 0836 RemoteAccess - ok
15:32:55.0056 0836 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:32:55.0087 0836 RemoteRegistry - ok
15:32:55.0149 0836 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:32:55.0165 0836 RFCOMM - ok
15:32:55.0212 0836 [ DED01A389926A89540B82373E4C550EE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:32:55.0243 0836 rimmptsk - ok
15:32:55.0258 0836 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:32:55.0305 0836 rimsptsk - ok
15:32:55.0321 0836 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:32:55.0383 0836 rismxdp - ok
15:32:55.0414 0836 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:32:55.0461 0836 RpcLocator - ok
15:32:55.0477 0836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:32:55.0555 0836 RpcSs - ok
15:32:55.0586 0836 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:32:55.0633 0836 rspndr - ok
15:32:55.0695 0836 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:32:55.0758 0836 RTL8169 - ok
15:32:55.0820 0836 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
15:32:55.0851 0836 s217bus - ok
15:32:55.0882 0836 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
15:32:55.0882 0836 s217mdfl - ok
15:32:55.0898 0836 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
15:32:55.0914 0836 s217mdm - ok
15:32:55.0945 0836 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
15:32:55.0960 0836 s217nd5 - ok
15:32:55.0976 0836 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
15:32:55.0992 0836 s217obex - ok
15:32:56.0023 0836 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
15:32:56.0038 0836 s217unic - ok
15:32:56.0070 0836 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:32:56.0070 0836 SamSs - ok
15:32:56.0116 0836 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:32:56.0132 0836 sbp2port - ok
15:32:56.0163 0836 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:32:56.0226 0836 SCardSvr - ok
15:32:56.0257 0836 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:32:56.0304 0836 Schedule - ok
15:32:56.0335 0836 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:32:56.0350 0836 SCPolicySvc - ok
15:32:56.0397 0836 [ 624795DF1993B955B0C0A03A4612F2EC ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys
15:32:56.0428 0836 SCR3XX2K - ok
15:32:56.0475 0836 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:32:56.0506 0836 sdbus - ok
15:32:56.0538 0836 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:32:56.0600 0836 SDRSVC - ok
15:32:56.0631 0836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:32:56.0678 0836 secdrv - ok
15:32:56.0709 0836 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:32:56.0740 0836 seclogon - ok
15:32:56.0772 0836 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:32:56.0818 0836 SENS - ok
15:32:56.0834 0836 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:32:56.0896 0836 Serenum - ok
15:32:56.0912 0836 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:32:56.0990 0836 Serial - ok
15:32:57.0052 0836 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:32:57.0084 0836 sermouse - ok
15:32:57.0115 0836 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:32:57.0162 0836 SessionEnv - ok
15:32:57.0177 0836 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:32:57.0193 0836 sffdisk - ok
15:32:57.0208 0836 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:32:57.0240 0836 sffp_mmc - ok
15:32:57.0286 0836 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:32:57.0318 0836 sffp_sd - ok
15:32:57.0364 0836 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:32:57.0411 0836 sfloppy - ok
15:32:57.0458 0836 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:32:57.0505 0836 SharedAccess - ok
15:32:57.0552 0836 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:57.0614 0836 ShellHWDetection - ok
15:32:57.0630 0836 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:32:57.0645 0836 sisagp - ok
15:32:57.0661 0836 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:32:57.0676 0836 SiSRaid2 - ok
15:32:57.0692 0836 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:32:57.0708 0836 SiSRaid4 - ok
15:32:57.0770 0836 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:32:57.0770 0836 SkypeUpdate - ok
15:32:57.0973 0836 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:32:58.0378 0836 slsvc - ok
15:32:58.0425 0836 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:32:58.0456 0836 SLUINotify - ok
15:32:58.0488 0836 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:32:58.0519 0836 Smb - ok
15:32:58.0597 0836 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
15:32:58.0675 0836 smserial - ok
15:32:58.0737 0836 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:32:58.0768 0836 SNMPTRAP - ok
15:32:58.0893 0836 [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
15:32:58.0987 0836 SNP2UVC - ok
15:32:59.0034 0836 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:32:59.0049 0836 spldr - ok
15:32:59.0096 0836 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
15:32:59.0096 0836 spmgr - ok
15:32:59.0205 0836 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:32:59.0268 0836 Spooler - ok
15:32:59.0314 0836 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:32:59.0361 0836 srv - ok
15:32:59.0408 0836 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:32:59.0455 0836 srv2 - ok
15:32:59.0486 0836 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:32:59.0502 0836 srvnet - ok
15:32:59.0533 0836 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:32:59.0564 0836 SSDPSRV - ok
15:32:59.0595 0836 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:32:59.0611 0836 ssmdrv - ok
15:32:59.0658 0836 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:32:59.0689 0836 SstpSvc - ok
15:32:59.0736 0836 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:32:59.0767 0836 StillCam - ok
15:32:59.0892 0836 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:32:59.0985 0836 stisvc - ok
15:33:00.0016 0836 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:33:00.0032 0836 swenum - ok
15:33:00.0079 0836 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:33:00.0141 0836 swprv - ok
15:33:00.0172 0836 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:33:00.0204 0836 Symc8xx - ok
15:33:00.0219 0836 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:33:00.0250 0836 Sym_hi - ok
15:33:00.0266 0836 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:33:00.0282 0836 Sym_u3 - ok
15:33:00.0313 0836 [ BE78198C69135EF1FA157E08FD5C90FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:33:00.0328 0836 SynTP - ok
15:33:00.0375 0836 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:33:00.0469 0836 SysMain - ok
15:33:00.0516 0836 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:33:00.0547 0836 TabletInputService - ok
15:33:00.0594 0836 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:33:00.0625 0836 TapiSrv - ok
15:33:00.0656 0836 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:33:00.0687 0836 TBS - ok
15:33:00.0859 0836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:33:00.0999 0836 Tcpip - ok
15:33:01.0062 0836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:33:01.0186 0836 Tcpip6 - ok
15:33:01.0249 0836 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:33:01.0296 0836 tcpipreg - ok
15:33:01.0311 0836 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:33:01.0358 0836 TDPIPE - ok
15:33:01.0389 0836 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:33:01.0405 0836 TDTCP - ok
15:33:01.0436 0836 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:33:01.0467 0836 tdx - ok
15:33:01.0530 0836 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:33:01.0561 0836 TermDD - ok
15:33:01.0576 0836 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:33:01.0623 0836 TermService - ok
15:33:01.0654 0836 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:33:01.0670 0836 Themes - ok
15:33:01.0717 0836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:33:01.0748 0836 THREADORDER - ok
15:33:01.0795 0836 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:33:01.0857 0836 TrkWks - ok
15:33:01.0935 0836 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:33:01.0998 0836 TrustedInstaller - ok
15:33:02.0029 0836 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:02.0076 0836 tssecsrv - ok
15:33:02.0122 0836 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:33:02.0154 0836 tunmp - ok
15:33:02.0185 0836 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:33:02.0200 0836 tunnel - ok
15:33:02.0232 0836 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:33:02.0247 0836 uagp35 - ok
15:33:02.0310 0836 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:33:02.0372 0836 udfs - ok
15:33:02.0419 0836 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:33:02.0450 0836 UI0Detect - ok
15:33:02.0481 0836 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:33:02.0497 0836 uliagpkx - ok
15:33:02.0544 0836 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:33:02.0575 0836 uliahci - ok
15:33:02.0590 0836 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:33:02.0606 0836 UlSata - ok
15:33:02.0622 0836 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:33:02.0637 0836 ulsata2 - ok
15:33:02.0653 0836 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:33:02.0684 0836 umbus - ok
15:33:02.0700 0836 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:33:02.0762 0836 upnphost - ok
15:33:02.0793 0836 [ BB16932A4189E82D6C455042C11849B6 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:33:02.0840 0836 upperdev - ok
15:33:02.0902 0836 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:33:02.0934 0836 USBAAPL - ok
15:33:02.0965 0836 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:02.0996 0836 usbccgp - ok
15:33:03.0058 0836 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
15:33:03.0105 0836 USBCCID - ok
15:33:03.0152 0836 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:33:03.0230 0836 usbcir - ok
15:33:03.0277 0836 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:33:03.0308 0836 usbehci - ok
15:33:03.0355 0836 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:33:03.0370 0836 usbhub - ok
15:33:03.0433 0836 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:33:03.0511 0836 usbohci - ok
15:33:03.0542 0836 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:33:03.0604 0836 usbprint - ok
15:33:03.0636 0836 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:33:03.0667 0836 usbscan - ok
15:33:03.0698 0836 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
15:33:03.0729 0836 usbser - ok
15:33:03.0760 0836 [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:33:03.0776 0836 UsbserFilt - ok
15:33:03.0807 0836 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:33:03.0854 0836 USBSTOR - ok
15:33:03.0885 0836 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:33:03.0901 0836 usbuhci - ok
15:33:03.0932 0836 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:33:03.0979 0836 usbvideo - ok
15:33:04.0010 0836 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:33:04.0057 0836 UxSms - ok
15:33:04.0135 0836 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:33:04.0197 0836 vds - ok
15:33:04.0244 0836 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:04.0275 0836 vga - ok
15:33:04.0306 0836 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:33:04.0369 0836 VgaSave - ok
15:33:04.0384 0836 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:33:04.0400 0836 viaagp - ok
15:33:04.0431 0836 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:33:04.0462 0836 ViaC7 - ok
15:33:04.0478 0836 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:33:04.0478 0836 viaide - ok
15:33:04.0525 0836 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:33:04.0540 0836 volmgr - ok
15:33:04.0634 0836 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:33:04.0665 0836 volmgrx - ok
15:33:04.0712 0836 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:33:04.0743 0836 volsnap - ok
15:33:04.0790 0836 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:33:04.0806 0836 vsmraid - ok
15:33:04.0884 0836 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:33:05.0008 0836 VSS - ok
15:33:05.0040 0836 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:33:05.0071 0836 W32Time - ok
15:33:05.0118 0836 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:33:05.0196 0836 WacomPen - ok
15:33:05.0242 0836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:33:05.0274 0836 Wanarp - ok
15:33:05.0274 0836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:33:05.0305 0836 Wanarpv6 - ok
15:33:05.0352 0836 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:33:05.0430 0836 wcncsvc - ok
15:33:05.0461 0836 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:33:05.0492 0836 WcsPlugInService - ok
15:33:05.0523 0836 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:33:05.0539 0836 Wd - ok
15:33:05.0617 0836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:33:05.0648 0836 Wdf01000 - ok
15:33:05.0679 0836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:33:05.0710 0836 WdiServiceHost - ok
15:33:05.0726 0836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:33:05.0757 0836 WdiSystemHost - ok
15:33:05.0788 0836 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:33:05.0804 0836 WebClient - ok
15:33:05.0835 0836 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:33:05.0882 0836 Wecsvc - ok
15:33:05.0913 0836 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:33:05.0944 0836 wercplsupport - ok
15:33:05.0960 0836 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:33:05.0976 0836 WerSvc - ok
15:33:06.0038 0836 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:33:06.0054 0836 WinDefend - ok
15:33:06.0069 0836 WinHttpAutoProxySvc - ok
15:33:06.0163 0836 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:33:06.0194 0836 Winmgmt - ok
15:33:06.0256 0836 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:33:06.0366 0836 WinRM - ok
15:33:06.0475 0836 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:33:06.0600 0836 Wlansvc - ok
15:33:06.0662 0836 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:33:06.0709 0836 WmiAcpi - ok
15:33:06.0756 0836 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:33:06.0771 0836 wmiApSrv - ok
15:33:06.0865 0836 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:33:06.0990 0836 WMPNetworkSvc - ok
15:33:07.0021 0836 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:33:07.0068 0836 WPCSvc - ok
15:33:07.0146 0836 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:33:07.0224 0836 WPDBusEnum - ok
15:33:07.0270 0836 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:33:07.0302 0836 WpdUsb - ok
15:33:07.0395 0836 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:33:07.0442 0836 WPFFontCache_v0400 - ok
15:33:07.0442 0836 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:33:07.0473 0836 ws2ifsl - ok
15:33:07.0536 0836 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:33:07.0551 0836 wscsvc - ok
15:33:07.0551 0836 WSearch - ok
15:33:07.0692 0836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:33:08.0035 0836 wuauserv - ok
15:33:08.0097 0836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:33:08.0160 0836 WudfPf - ok
15:33:08.0191 0836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:08.0206 0836 WUDFRd - ok
15:33:08.0253 0836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:33:08.0269 0836 wudfsvc - ok
15:33:08.0300 0836 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:33:08.0362 0836 yukonwlh - ok
15:33:08.0456 0836 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl
15:33:08.0472 0836 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
15:33:08.0487 0836 ================ Scan global ===============================
15:33:08.0518 0836 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:33:08.0550 0836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:33:08.0581 0836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:33:08.0643 0836 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:33:08.0659 0836 [Global] - ok
15:33:08.0659 0836 ================ Scan MBR ==================================
15:33:08.0674 0836 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
15:33:09.0252 0836 \Device\Harddisk0\DR0 - ok
15:33:09.0252 0836 ================ Scan VBR ==================================
15:33:09.0283 0836 [ 63A840E1B59D2D7C909EB84F3D5DC062 ] \Device\Harddisk0\DR0\Partition1
15:33:09.0330 0836 \Device\Harddisk0\DR0\Partition1 - ok
15:33:09.0330 0836 [ B8274D868092CA08F5CACF55D47B5837 ] \Device\Harddisk0\DR0\Partition2
15:33:09.0330 0836 \Device\Harddisk0\DR0\Partition2 - ok
15:33:09.0330 0836 ============================================================
15:33:09.0330 0836 Scan finished
15:33:09.0330 0836 ============================================================
15:33:09.0345 3116 Detected object count: 5
15:33:09.0345 3116 Actual detected object count: 5
15:33:36.0864 3116 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:36.0864 3116 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:36.0864 3116 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:36.0864 3116 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:36.0864 3116 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:36.0864 3116 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:36.0864 3116 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:36.0864 3116 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:36.0864 3116 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:36.0864 3116 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 09.01.2013, 14:45   #10
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 15:47   #11
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hier die nächste Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-08.01 - ekel 09.01.2013  16:31:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1985 [GMT 1:00]
ausgeführt von:: c:\users\ekel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 15:38 . 2013-01-09 15:39	--------	d-----w-	c:\users\ekel\AppData\Local\temp
2013-01-09 15:38 . 2013-01-09 15:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-09 14:08 . 2013-01-09 14:08	--------	d-----w-	C:\_OTL
2013-01-09 12:50 . 2012-11-23 01:35	2048000	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:49 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:49 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 12:48 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84FB0509-5EFB-47B6-83AB-DFD7B697FF80}\mpengine.dll
2013-01-08 17:57 . 2013-01-08 17:59	--------	d-----w-	c:\users\ekel\LOCALS~1
2013-01-08 17:38 . 2013-01-08 17:38	--------	d-----w-	c:\users\ekel\AppData\Roaming\Auslogics
2013-01-06 20:11 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-06 17:18 . 2013-01-06 17:18	--------	d-----w-	c:\program files\Dropbox
2012-12-24 12:09 . 2012-12-24 12:09	--------	d-----w-	c:\users\ekel\AppData\Roaming\Blender Foundation
2012-12-23 13:35 . 2012-12-23 14:09	--------	d-----w-	c:\program files\Common Files\BioWare
2012-12-23 13:35 . 2012-12-23 13:54	--------	d-----w-	c:\program files\Mass Effect 2
2012-12-21 18:39 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 18:39 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 14:32 . 2012-12-15 14:32	--------	d-----w-	c:\program files\iPod
2012-12-15 14:32 . 2012-12-15 14:33	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-15 14:32 . 2012-12-15 14:33	--------	d-----w-	c:\program files\iTunes
2012-12-13 21:02 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-13 21:02 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:02 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:02 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2012-12-13 21:02 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-13 21:02 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:02 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:02 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:02 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-13 21:02 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-13 21:02 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 20:58 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 20:56 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:49 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 20:49 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-13 20:37 . 2012-12-13 20:37	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 15:14 . 2008-10-14 12:09	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-12-15 11:57 . 2012-04-06 09:36	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-15 11:57 . 2011-05-16 21:23	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\system32\QuickTime.qts
2008-07-02 02:28 . 2008-07-02 02:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2012-04-21 01:18 . 2012-04-28 15:35	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 1801064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe" [2008-06-12 196608]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"PCMAgent"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe" [2008-06-12 212992]
"PlayMovie"="c:\program files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe" [2008-05-20 172032]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-14 3054136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
GameRanger.lnk - c:\users\ekel\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-10-27 1486560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:57]
.
2013-01-09 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.100
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab
FF - ProfilePath - c:\users\ekel\AppData\Roaming\Mozilla\Firefox\Profiles\w935rsxy.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 08:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-09 16:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-406565842-584222018-3088325611-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,52,68,26,66,fc,9c,22,8e,08,8e,ff,5b,50,1d,0b,a5,58,eb,78,30,
   f2,84,26,33,3c,0c,0b,9c,eb,05,40,ec,34,37,7a,ec,d7,ab,b1,26,f5,51,65,4f,cc,\
"rkeysecu"=hex:3b,83,f4,b3,6d,c9,ca,78,87,81,ce,27,92,62,6f,bd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1292)
c:\windows\system32\APSHook.dll
c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2013-01-09  16:40:56
ComboFix-quarantined-files.txt  2013-01-09 15:40
ComboFix2.txt  2013-01-09 15:22
.
Vor Suchlauf: 13 Verzeichnis(se), 46.334.926.848 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 46.275.739.648 Bytes frei
.
- - End Of File - - 897DC3D8F86DD1EE1C689436450ED21A
         
--- --- ---

Alt 09.01.2013, 15:54   #12
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 06:24   #13
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Moin Markus, sorry fürs lange Warten.

Ich hab den Scan durchlaufen lassen, er findet auch nix, nur kann ich die Logdatei nicht posten, weil diese nicht gespeichert wird. Ich habe nur Logdateiein vom z.B. 08.01, weil ich dort schon mal den Scan durchgeführt habe. Bitte um Rat.

Vielen Dank.

Alt 10.01.2013, 13:39   #14
markusg
/// Malware-holic
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



dann lass das mit dem Log.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 13:56   #15
toffkris
 
Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Standard

Temp msotyqr.bat konnte nicht geladen oder gestartet werden



Hier die Log des CC Cleaners:

ANALYSE komplett - (0.320 Sek)
----------------------------------------------------------------------------------------------------
0,14MB zu entfernen. (Ungefähre Größe)
----------------------------------------------------------------------------------------------------

Details der zu löschenden Dateien (Hinweis: Es wurden noch keine Dateien gelöscht)
----------------------------------------------------------------------------------------------------
Internet Explorer - Verlauf 16KB 1 Dateien
Windows - MS Search 128KB 1 Dateien
------------------------------------------------------------------------------------------
C:\Users\ekel\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 16KB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS049BB.log 128KB

Antwort

Themen zu Temp msotyqr.bat konnte nicht geladen oder gestartet werden
extras, fehlermeldung, gefunde, geladen, gelöscht, gestartet, hallo zusammen, hochfahren, konnte, laufe, laufen, malwarebytes, nicht geladen, nicht mehr, poste, posten, programme, rechner, sonntag, temp, troja, trojaner, windows, würmer, zusammen



Ähnliche Themen: Temp msotyqr.bat konnte nicht geladen oder gestartet werden


  1. Der Sicherheitscenterdienst konnte nicht gestartet werden
    Log-Analyse und Auswertung - 23.10.2015 (15)
  2. Die Anwendung konnte nicht korrekt gestartet werden (0xc0000006).
    Plagegeister aller Art und deren Bekämpfung - 30.04.2015 (6)
  3. Windows 7: snap-in konnte nicht geladen oder initialisiert werden
    Plagegeister aller Art und deren Bekämpfung - 16.12.2014 (7)
  4. Windows 8.1 Anmeldung nicht mehr möglich - Benutzerprofil konnte nicht geladen werden - Bitte um Hilfe!
    Alles rund um Windows - 03.09.2014 (4)
  5. Windows konnte nicht gestartet werden,...
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (14)
  6. dishp.dll konnte nicht geladen werden Error 0x80040702
    Log-Analyse und Auswertung - 09.01.2014 (3)
  7. rundll konnte nicht geladen werden
    Log-Analyse und Auswertung - 31.10.2013 (13)
  8. Windows konnte leider nicht erfolgreich gestartet werden.
    Alles rund um Windows - 22.12.2012 (3)
  9. Die Anwendung konnte nicht korrekt gestartet werden (0xc0000006)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (9)
  10. Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  11. Nach Polizeivirus erscheint bei Neustart temp/install_0_msi.exe konnte nicht gestartet werden
    Log-Analyse und Auswertung - 24.10.2012 (2)
  12. Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht
    Alles rund um Windows - 16.03.2012 (16)
  13. AppData/Local/Temp/csrss.exe konnte nicht geladen werden
    Log-Analyse und Auswertung - 17.06.2011 (1)
  14. Abhängigkeitsdienst konnte nicht gestartet werden!
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (5)
  15. Problem - sshnas21.dll konnte nicht geladen werden - Virus?
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (1)
  16. efcccyVN.dll konnte nicht geladen werden
    Plagegeister aller Art und deren Bekämpfung - 02.10.2008 (1)
  17. Windows konnte nicht gestartet werden...
    Alles rund um Windows - 06.10.2006 (4)

Zum Thema Temp msotyqr.bat konnte nicht geladen oder gestartet werden - Hallo zusammen, habe seit Sonntag die oben genannte Fehlermeldung beim Hochfahren des Notebooks. Vorher habe ich Malwarebytes als auch Anti-Vir über meinen Rechner laufen lassen, weil die Windows Programme nicht - Temp msotyqr.bat konnte nicht geladen oder gestartet werden...
Archiv
Du betrachtest: Temp msotyqr.bat konnte nicht geladen oder gestartet werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.