Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.03.2013, 19:48   #1
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Hallo,
ich habe mir im Laufe der letzten Jahre wohl einiges eingefangen und habe das auch immer mit AVIRA bzw. Malewarebytes Anti-Malware, glaube auch SuperAntiSpyware, in den Griff bekommen. In letzter Zeit springt mein Virenscanner mit den im Titel genannten Trojanern an.
Heute habe ich noch mal einen Malewarebytes Anti-Malware Scan gemacht, allerdings ohne Fund. Logs von Defogger, OTL und GMER sind beigefügt.

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:47 on 19/03/2013 (Britta)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
OTL:
Code:
ATTFilter
OTL logfile created on: 19.03.2013 18:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Britta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 49,66% Memory free
7,59 Gb Paging File | 5,54 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 23,09 Gb Free Space | 19,83% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 191,06 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 824,81 Gb Free Space | 88,55% Space Free | Partition Type: NTFS
 
Computer Name: BRITTA_PC | User Name: Britta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.19 18:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.07.31 09:42:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 06:36:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 06:36:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2011.05.31 17:07:45 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.02.01 20:53:38 | 000,391,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.05.25 20:22:34 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.02.08 19:04:04 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010.02.05 18:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.01.05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.31 18:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 09:05:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 15:34:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.10 15:15:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 15:14:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.10 15:14:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 15:14:06 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.10 15:13:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 15:13:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 15:13:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 15:13:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 15:13:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.03 00:51:50 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010.02.03 00:51:32 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010.02.03 00:51:24 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010.02.03 00:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010.02.03 00:51:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010.01.05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.08.09 11:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010.06.21 21:44:10 | 002,532,680 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2010.01.27 17:15:56 | 008,610,664 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009.12.08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.14 11:43:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 08:48:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.05.10 06:36:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 06:36:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.05.31 17:07:45 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.02.01 20:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.10.29 04:11:24 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.27 20:42:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.05.10 06:36:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 06:36:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.31 17:07:45 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.05.31 17:07:44 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011.05.31 17:07:43 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.05.31 17:07:37 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.05.17 15:44:46 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 16:07:22 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.23219.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.29 03:25:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.09.04 14:28:28 | 000,067,584 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lan9500-x64-n51f.sys -- (LAN9500)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.08.23 23:02:59 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.09 11:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010.03.11 10:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.03.03 12:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.26 09:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.25 04:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010.02.02 23:38:29 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.01.27 17:16:26 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2010.01.27 17:16:26 | 000,116,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dlcdbus.sys -- (dlcdbus)
DRV:64bit: - [2010.01.27 17:16:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2010.01.18 13:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.30 03:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.18 09:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.18 20:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:15:57 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.05.13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.09.06 14:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2007.04.23 15:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt)
DRV:64bit: - [2007.04.23 15:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007.04.23 15:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007.04.23 15:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007.04.23 15:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.19 11:39:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 08:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 08:48:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 08:48:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 08:48:36 | 000,000,000 | ---D | M]
 
[2010.08.22 15:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\Extensions
[2013.03.11 11:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\Firefox\Profiles\2vxwcsiu.default\extensions
[2012.12.01 11:23:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Britta\AppData\Roaming\mozilla\Firefox\Profiles\2vxwcsiu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.03.08 08:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 08:48:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.22 12:03:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.25 07:33:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 12:03:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 12:03:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 12:03:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 12:03:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.23 08:58:09 | 000,002,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 109 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1b0353f1-8948-487b-9fb3-06b8fd525b9a}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26f10c58-a7df-4576-baa5-cb7dc6b5c369}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dfa5185-122b-11e0-893d-485b3979aac5}\Shell - "" = AutoRun
O33 - MountPoints2\{2dfa5185-122b-11e0-893d-485b3979aac5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{5501e8fb-af02-11df-ba2f-485b3979aac5}\Shell - "" = AutoRun
O33 - MountPoints2\{5501e8fb-af02-11df-ba2f-485b3979aac5}\Shell\AutoRun\command - "" = G:\Setupx.exe
O33 - MountPoints2\{ea18907b-b76e-11df-aed5-485b3979aac5}\Shell - "" = AutoRun
O33 - MountPoints2\{ea18907b-b76e-11df-aed5-485b3979aac5}\Shell\AutoRun\command - "" = F:\autorun.exe setup.exe -suppressUpToDateInfo
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 18:00:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe
[2013.03.19 17:56:55 | 000,000,000 | ---D | C] -- C:\Users\Britta\Desktop\Logs
[2013.03.19 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.19 14:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.18 14:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2013.03.18 10:47:21 | 000,000,000 | ---D | C] -- C:\Users\Britta\AppData\Roaming\HP
[2013.03.14 09:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.09 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Britta\AppData\Local\PutLockerDownloader
[2013.03.09 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2013.03.08 08:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.04 16:59:29 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\DB
[2013.03.02 14:23:45 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\OPER
[2013.02.21 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\R
[2013.02.20 13:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2008.08.12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 18:15:44 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 18:15:44 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 18:08:07 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.03.19 18:07:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 18:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 18:07:19 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 18:07:18 | 001,710,602 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.03.19 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.19 18:01:54 | 000,377,856 | ---- | M] () -- C:\Users\Britta\Desktop\gmer_2.1.19155.exe
[2013.03.19 18:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe
[2013.03.19 17:34:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 16:47:50 | 000,000,020 | ---- | M] () -- C:\Users\Britta\defogger_reenable
[2013.03.19 16:44:58 | 000,050,477 | ---- | M] () -- C:\Users\Britta\Desktop\Defogger.exe
[2013.03.19 14:09:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 14:09:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 14:09:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 14:09:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 14:09:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.18 11:13:03 | 000,458,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 10:56:19 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.14 11:49:13 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013.03.11 11:35:13 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.03.10 19:42:43 | 000,001,298 | ---- | M] () -- C:\Users\Britta\Desktop\Acronis*True*Image*Home.lnk
[2013.03.10 08:28:50 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.03.10 08:28:49 | 000,001,564 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.02.23 08:58:09 | 000,002,592 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.20 22:50:04 | 000,006,603 | ---- | M] () -- C:\Users\Britta\Desktop\record_.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.19 18:01:52 | 000,377,856 | ---- | C] () -- C:\Users\Britta\Desktop\gmer_2.1.19155.exe
[2013.03.19 16:47:50 | 000,000,020 | ---- | C] () -- C:\Users\Britta\defogger_reenable
[2013.03.19 16:44:52 | 000,050,477 | ---- | C] () -- C:\Users\Britta\Desktop\Defogger.exe
[2013.03.18 10:56:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.14 11:49:13 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013.03.10 19:42:43 | 000,001,298 | ---- | C] () -- C:\Users\Britta\Desktop\Acronis*True*Image*Home.lnk
[2013.03.09 19:00:37 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.20 22:47:30 | 000,006,603 | ---- | C] () -- C:\Users\Britta\Desktop\record_.lnk
[2012.09.03 16:31:21 | 000,008,422 | ---- | C] () -- C:\Users\Britta\spss_macros_project_68312_2012_09_03.sps
[2012.04.27 11:46:22 | 000,262,516 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.04.27 11:46:22 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.11.05 14:13:53 | 000,262,516 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.11.05 14:13:53 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011.08.20 11:46:07 | 000,015,872 | ---- | C] () -- C:\Users\Britta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.23 17:59:16 | 000,000,000 | ---- | C] () -- C:\Users\Britta\AppData\Local\{77A2F0BF-B1CB-40FD-B914-8BF20C628BFB}
[2011.07.22 15:50:43 | 000,000,000 | ---- | C] () -- C:\Users\Britta\AppData\Local\{437C5DAD-B54B-4ABE-9052-55EE0DCB9A18}
[2010.10.16 12:31:11 | 000,038,458 | ---- | C] () -- C:\Users\Britta\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.08.22 17:17:13 | 000,007,666 | ---- | C] () -- C:\Users\Britta\AppData\Local\Resmon.ResmonCfg
[2010.05.25 19:58:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.04.08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.08.28 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\ACD Systems
[2010.08.28 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Acronis
[2013.03.14 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Akhuv
[2013.01.15 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Bitdreamers
[2010.08.22 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.23 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\DAEMON Tools Lite
[2012.12.18 07:56:04 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Dropbox
[2012.10.04 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\GARMIN
[2010.08.26 07:59:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Igqo
[2010.08.28 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Leadertech
[2013.02.08 18:06:10 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\MyPhoneExplorer
[2013.02.19 11:10:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Swiss Academic Software
[2010.09.19 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\TeamViewer
[2010.08.30 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\TimeComX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 18:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Britta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 49,66% Memory free
7,59 Gb Paging File | 5,54 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 23,09 Gb Free Space | 19,83% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 191,06 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 824,81 Gb Free Space | 88,55% Space Free | Partition Type: NTFS
 
Computer Name: BRITTA_PC | User Name: Britta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{199E7FC3-1715-4C9B-9DCE-37E61995F272}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22B9EDB4-8D41-4E51-B779-750C810C565F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2A0468AE-08EF-41F4-8EE3-E08BD1950E78}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{363C0790-4AF1-44F5-8321-D645B1645462}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3909B801-AA01-4BA5-AE83-DB84BC430393}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D2E8E46-4DA5-46B4-B1BF-033B674C73CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E7AABB6-F52B-49D9-B000-168FADD82E8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43251674-C128-45C0-868A-AB83743A0770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{64570F92-14C8-4B0E-9394-45F00CD7AE09}" = lport=137 | protocol=17 | dir=in | app=system | 
"{654AA687-F0F0-423B-8AD6-AC46C846EBC9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6B8531AE-9A59-403B-9282-1B272438F12A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6F79DA02-80F7-42C4-9F72-C055AA1B56D8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7E7FA119-A166-479B-A806-A0D720607992}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F152073-6FB1-493B-88A8-C0D5A514CB8E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{81896A18-023E-479D-92CD-F4853BA5025E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{93219A13-B324-47D8-9879-5086A8567644}" = lport=139 | protocol=6 | dir=in | app=system | 
"{97B41F95-0AAC-487F-BC67-DB14EEB3231F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1A16779-C5CA-457B-8846-43DE4DF17D1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A5EB711C-5D49-4297-A8F3-286F57DEE678}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B081250D-1312-4664-B3CE-7FF872EC6B76}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF7441D6-3079-4671-9E22-0B0BB21D6394}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C8394506-1773-4239-B582-3A04CF779267}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DC24E98F-2B07-4906-96E0-883A87197D52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4E88B84-4CAF-421B-949D-1927FD692979}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2CEEDEC-ED6E-4E1A-AE32-F556D6B54908}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B02DAA-C8A7-4A29-A8C2-00652EDF6E5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{066A1BAD-9B66-4058-B1F4-84F5FA8B78C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0CF990C4-5E34-4DFF-BC70-9BEE9BD3CEE2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{0E45193A-833E-44D2-8A3A-FE2E2AE41D78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{1447A14C-E89E-408C-B34C-E4C6A632BA20}" = protocol=17 | dir=in | app=c:\users\britta\appdata\roaming\dropbox\bin\dropbox.exe | 
"{17969B8E-71D3-4B12-8D07-47C3B40D63B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{18E2D811-6E1C-406C-9F53-9EE1A61A764E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{1B8DC502-79D2-4A7D-AEB3-21C11BAC0EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{1CE6147B-0A9D-4B0F-BDD2-2AC38A37B968}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{22BEAD4E-A8CE-4BE3-9394-FBE871A1B905}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{263DD1B3-8638-4C7B-8732-EB0539F15BA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{2C817BC8-7745-4AD7-855D-C0B8B5910742}" = protocol=6 | dir=out | app=system | 
"{2E4C8A94-1AD5-4E76-B83D-159C36895EAF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{3766C838-F1FA-414A-85B7-E86C28546DE1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{379AFEFC-CBDE-4F06-9C73-F279DE3E0D00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{3D1C1F62-EF3D-423E-B76B-6940DEC4DFF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{3D97D250-3191-4177-8A34-6ECFB6A34193}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3FFE0581-681D-4209-ACA2-08266C125F58}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{42FBB8BC-C404-4A3C-8D89-9F5D2D43C1F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43C34B98-135A-4083-AC52-3C1597D791E6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{458EBA06-5B40-4260-9CD2-117CEC2AAEC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46022594-EC1D-4479-A9AC-34992BB8A20F}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{46669348-25E7-447B-BF87-1250F52DE372}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{57B88FA3-6DA8-4F57-89C0-F05A71BFDEEF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{5DAB4120-EDC0-42C8-98D6-60A2BEBABCAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62B5C2A6-38EA-4250-BA0C-C6F16FD36960}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{68CDA005-506A-4D87-AF5E-7D626247FD6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{69A18FCF-0DD4-431F-8207-0B92540608C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6E45EF56-D385-4C2B-B90D-54F9C67EBC5C}" = protocol=6 | dir=in | app=c:\users\britta\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6FF71EB7-6153-400B-A126-CB3CE66B3D3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{710654FD-5D76-4842-B4AB-18A6EA89486C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DD310C8-443F-40E6-88D9-238DEE728D61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F24D32F-5CE7-43F0-B304-C91D835B370E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{99B25E24-E4A0-4BBD-9043-AD4AF3971ECC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{A017ED1E-A01A-468B-8D15-C273A2FEB390}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A9691A89-06DC-41B8-8BED-BA587C1E625A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9C307AA-EDC0-4B84-8F84-D0EB0D3F6908}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AEA071FF-73CC-4C1A-9F94-99A924E604F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4237C03-F022-4E2F-BAEB-6E46F59EB9FE}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{B66CE5C0-F8F3-4E90-A75C-5B5D989D46B4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{BA2521B9-72AF-4912-B166-C50E5B37DE23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BE38A0DA-C10D-4957-9590-FEFFA0ADA6A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C15B4E54-CA5B-411D-B08C-344BADB4E0E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C1E8499E-7A28-40C7-A5E0-0846E5FDBE12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{CB4BFB69-3C72-4F56-B5C6-BC3929640F89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF73A91E-572E-43B2-B976-2E61D2C92A3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D4303FCC-C99B-4060-AE2B-34DD481E8B59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{D967DCC6-9967-4303-8AC7-04554EFBA2F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{DA424061-A10C-4FBA-832E-A21841B8E34E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{E365948A-794D-472C-92D8-AA4FC00681B0}" = dir=in | app=c:\users\britta\appdata\local\temp\7zs5ca8\oj6500ve709_full_14\setup\hpznui40.exe | 
"{E639DDC3-7B07-4EE4-AA04-7D6241824F77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{E9D99A83-4737-4CC7-B2E3-727DE69A47F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{EE71C340-A247-4396-9F56-2FB0BA8E4759}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{F4E1ED38-B36C-4A95-B5A0-A2CFC8DD79B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{F4E88FBB-5619-42F8-98AA-3C8D29F9F307}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F4EC0887-D9CA-4CAB-9EC7-0CD83C30B26B}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{F9C9B0A7-A2E3-4835-AF2F-D51E1A1DD6DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA44F30C-F24A-4875-B364-11D184455191}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FF80A38E-0BC4-4707-AE22-ED3A8A6E6D1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3EF27BBD-5FB5-44E1-AB80-056FBE369536}" = Kensington Display Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{EF4BC5F6-385F-4EA9-8A47-CEB064951E13}" = DisplayLink Core Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Sandboxie" = Sandboxie 3.48 (64-bit)
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3fb10979-3448-4cf4-9764-404ec73c5027}" = Nero 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{50C913B1-A091-48B8-A434-6C9670284888}" = Garmin Training Center
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dm-Fotowelt" = dm-Fotowelt
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"JDiskReport 1.1" = JGoodies JDiskReport 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamViewer 5" = TeamViewer 5
"TimeComX Basic 64-Bit" = TimeComX Basic (64-Bit)
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.03.2013 11:52:22 | Computer Name = Britta_PC | Source = Application Hang | ID = 1002
Description = Programm ControlDeck.exe, Version 1.0.6.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8f0    Startzeit: 
01ce23f047a2b7b4    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

Berichts-ID:
 c84da69c-8fe3-11e2-b933-485b3979aac5  
 
Error - 18.03.2013 12:51:49 | Computer Name = Britta_PC | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt
 nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus 
hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm
 erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert
 sein.  Möchten Sie Outlook im abgesicherten Modus starten?.
 
Error - 18.03.2013 12:56:28 | Computer Name = Britta_PC | Source = Application Hang | ID = 1002
Description = Programm HpWebReg.exe, Version 22.50.231.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 146c    Startzeit:
 01ce23f96371ff12    Endzeit: 16    Anwendungspfad: C:\Program Files\HP\HP Officejet 6500
 E710n-z\Bin\HpWebReg.exe    Berichts-ID: c145d0c4-8fec-11e2-b933-485b3979aac5  
 
Error - 18.03.2013 16:34:20 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe" in Zeile 
19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 18.03.2013 16:35:11 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll" in Zeile 19.
Der
 Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.03.2013 16:36:32 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 19.03.2013 07:37:59 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe" in Zeile 
19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 19.03.2013 07:38:43 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll" in Zeile 19.
Der
 Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 19.03.2013 07:39:47 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 19.03.2013 09:37:18 | Computer Name = Britta_PC | Source = MsiInstaller | ID = 10005
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return 
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.03.2013 11:50:19 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 18.03.2013 17:13:00 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 19.03.2013 03:09:07 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 19.03.2013 13:07:53 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ System Events ]
Error - 18.03.2013 07:08:06 | Computer Name = Britta_PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.03.2013 07:08:06 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.03.2013 08:37:31 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.03.2013 09:41:37 | Computer Name = Britta_PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 18.03.2013 12:16:04 | Computer Name = Britta_PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 18.03.2013 12:16:04 | Computer Name = Britta_PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 19.03.2013 09:05:17 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.03.2013 09:20:15 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.03.2013 09:20:19 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.03.2013 13:08:54 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Gmer Log und Malewarebytes Log folgen im nächsten Post

Ich hoffe, mir kann geholfen werden.
Im Voraus herzlichen Dank.

Alt 19.03.2013, 19:52   #2
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Hier die restlichen Logs (sind nicht mehr Zeichen zugelassen)

Gmer Log:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 19:32:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Britta\AppData\Local\Temp\kwriipow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                                                                                   0000000075e91401 2 bytes JMP 000000010679a47b
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                                                                                     0000000075e91419 2 bytes JMP 000000010679a493
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                                                                                   0000000075e91431 2 bytes JMP 000000010679a4ab
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                                                                                   0000000075e9144a 2 bytes JMP 0000000075f5fcc4
.text  ...                                                                                                                                                                                                                                                                                                     * 9
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                                                                                      0000000075e914dd 2 bytes JMP 000000010679a557
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                                                                               0000000075e914f5 2 bytes JMP 000000010679a56f
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                                                                                      0000000075e9150d 2 bytes JMP 000000010679a587
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                                                                               0000000075e91525 2 bytes JMP 000000010679a59f
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                                                                                     0000000075e9153d 2 bytes JMP 000000010679a5b7
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                                                                          0000000075e91555 2 bytes JMP 000000010679a5cf
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                                                                                   0000000075e9156d 2 bytes JMP 000000010679a5e7
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                                                                                     0000000075e91585 2 bytes JMP 000000010679a5ff
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                                                                        0000000075e9159d 2 bytes JMP 000000010679a617
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                                                                                     0000000075e915b5 2 bytes JMP 000000010679a62f
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                                                                                   0000000075e915cd 2 bytes JMP 000000015c37ce47
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                                                                               0000000075e916b2 2 bytes JMP 000000010679a72c
.text  C:\Windows\AsScrPro.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                                                                               0000000075e916bd 2 bytes JMP 000000010679a737
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                                      0000000075e91401 2 bytes JMP 000000010679a47b
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                                        0000000075e91419 2 bytes JMP 000000010679a493
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                                      0000000075e91431 2 bytes JMP 000000010679a4ab
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                                      0000000075e9144a 2 bytes JMP 0000000075f5fcc4
.text  ...                                                                                                                                                                                                                                                                                                     * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                                         0000000075e914dd 2 bytes JMP 000000010679a557
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                                  0000000075e914f5 2 bytes JMP 000000010679a56f
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                                         0000000075e9150d 2 bytes JMP 000000010679a587
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                                  0000000075e91525 2 bytes JMP 000000010679a59f
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                                        0000000075e9153d 2 bytes JMP 000000010679a5b7
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                             0000000075e91555 2 bytes JMP 000000010679a5cf
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                                      0000000075e9156d 2 bytes JMP 000000010679a5e7
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                                        0000000075e91585 2 bytes JMP 000000010679a5ff
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                           0000000075e9159d 2 bytes JMP 000000010679a617
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                                        0000000075e915b5 2 bytes JMP 000000010679a62f
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                                      0000000075e915cd 2 bytes JMP 000000015c37ce47
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                                  0000000075e916b2 2 bytes JMP 000000010679a72c
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                                  0000000075e916bd 2 bytes JMP 000000010679a737
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                            0000000075e91401 2 bytes JMP 000000010679a47b
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                              0000000075e91419 2 bytes JMP 000000010679a493
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                            0000000075e91431 2 bytes JMP 000000010679a4ab
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                            0000000075e9144a 2 bytes JMP 0000000075f5fcc4
.text  ...                                                                                                                                                                                                                                                                                                     * 9
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                               0000000075e914dd 2 bytes JMP 000000010679a557
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                        0000000075e914f5 2 bytes JMP 000000010679a56f
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                               0000000075e9150d 2 bytes JMP 000000010679a587
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                        0000000075e91525 2 bytes JMP 000000010679a59f
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                              0000000075e9153d 2 bytes JMP 000000010679a5b7
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                   0000000075e91555 2 bytes JMP 000000010679a5cf
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                            0000000075e9156d 2 bytes JMP 000000010679a5e7
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                              0000000075e91585 2 bytes JMP 000000010679a5ff
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                 0000000075e9159d 2 bytes JMP 000000010679a617
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                              0000000075e915b5 2 bytes JMP 000000010679a62f
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                            0000000075e915cd 2 bytes JMP 000000015c37ce47
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                        0000000075e916b2 2 bytes JMP 000000010679a72c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                        0000000075e916bd 2 bytes JMP 000000010679a737

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                                                                    
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                                                                         0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                                                         0
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                                                      0xDF 0xE6 0xE9 0xC1 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                                                                           
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                                                0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                                             0x27 0x5E 0x8C 0x60 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                                                                      
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                                                        0x03 0x73 0x4B 0x32 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                                                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                                                                     0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                                                     0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                                                  0xDF 0xE6 0xE9 0xC1 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                                         0x27 0x5E 0x8C 0x60 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                                                    0x03 0x73 0x4B 0x32 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                                                                    
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                                                                         0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                                                         0
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                                                      0xDF 0xE6 0xE9 0xC1 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                                                                           
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                                                0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                                             0x27 0x5E 0x8C 0x60 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                                                                      
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                                                        0x03 0x73 0x4B 0x32 ...

---- Files - GMER 2.1 ----

File   C:\Users\Britta\Documents\***.pdf  44677 bytes
File   C:\Users\Britta\Documents\***\Thumbs.db                           109568 bytes
File   C:\Users\Britta\Documents\***\Unbenannt.PNG                       109270 bytes

---- EOF - GMER 2.1 ----
         
--- --- ---
Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Britta :: BRITTA_PC [Administrator]

19.03.2013 14:22:47
mbam-log-2013-03-19 (14-22-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 519905
Laufzeit: 3 Stunde(n), 27 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________


Alt 19.03.2013, 19:52   #3
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.





Log von Antivir erstellen: http://www.trojaner-board.de/125889-...en-posten.html


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi 
[2013.03.09 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\movie2kDownloader.com 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4CF61E54 
[2010.05.25 19:58:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe 
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) 
[2010.08.26 07:59:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Igqo
[2013.03.14 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Akhuv

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Britta\*.tmp
C:\Users\Britta\AppData\*.dll
C:\Users\Britta\AppData\*.exe
C:\Users\Britta\AppData\Local\Temp\*.exe
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 20.03.2013, 15:06   #4
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Vielen Dank für die schnelle Antwort.
Ich habe die 3 Schritte jetzt ausgeführt, Logs sind eingefügt. Malwarebytes Antivirus hatte beim Starten aufgefordert, eine .dll Datei zu löschen. Ich habe erst nein geklickt und ein Update durchgeführt und das Programm durchlaufen lassen (log1). Danach das Programm erneut ausgeführt und den EIntrag der .dll Datei ändern lassen (log2, 2. Durchlauf).

OTL Fix:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully.
C:\Program Files (x86)\movie2kDownloader.com folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:115CEE00 deleted successfully.
ADS C:\ProgramData\Temp:2F370DA6 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\ProgramData\FullRemove.exe moved successfully.
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\SysWOW64\srvany.exe moved successfully.
C:\Users\Britta\AppData\Roaming\Igqo folder moved successfully.
C:\Users\Britta\AppData\Roaming\Akhuv folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Britta\*.tmp not found.
File\Folder C:\Users\Britta\AppData\*.dll not found.
File\Folder C:\Users\Britta\AppData\*.exe not found.
C:\Users\Britta\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\Uni000.exe moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Britta\Desktop\cmd.bat deleted successfully.
C:\Users\Britta\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Britta
->Temp folder emptied: 6644051483 bytes
->Temporary Internet Files folder emptied: 83561422 bytes
->FireFox cache emptied: 64842863 bytes
->Flash cache emptied: 74569 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: UpdatusUser.Britta_PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8096716712 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
RecycleBin emptied: 13976411 bytes
 
Total Files Cleaned = 14.213,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03192013_220713
         
Malewarebytes Antirootkid, log1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Britta :: BRITTA_PC [administrator]

20.03.2013 15:14:35
mbar-log-2013-03-20 (15-14-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30599
Time elapsed: 16 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

log2
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Britta :: BRITTA_PC [administrator]

20.03.2013 15:41:15
mbar-log-2013-03-20 (15-41-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30600
Time elapsed: 14 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

ADW cleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 20/03/2013 um 15:46:58 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Britta - BRITTA_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Britta\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Britta\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\prefs.js

C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [11741 octets] - [20/03/2013 15:46:58]

########## EOF - C:\AdwCleaner[S1].txt - [11802 octets] ##########
         
--- --- ---

[/CODE]

Alt 20.03.2013, 18:39   #5
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Mfg, t'john
Das TB unterstützen

Alt 20.03.2013, 19:36   #6
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



OK, nun habe ich aswMBR.exe 3mal - nach dem Klicken auf Scan - durchlaufen lassen mit dem erfolglosen Ergebnis:

Code:
ATTFilter
avast! Antirootkit funktioniert nicht mehr
Das Programm wir aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
         
Kann Dir also keine aswMBR.txt posten, da ich dann auf "Programm schließen" geklickt habe.

Und nun?

Alt 20.03.2013, 19:38   #7
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



OK:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


dann mit ESET weiter.
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.03.2013, 19:51   #8
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Oh:
TDSSKiller.exe ->Error Page 404

Alt 21.03.2013, 05:51   #9
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Kaspersky baut um, mit ESET weitermachen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.03.2013, 10:43   #10
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



OK.

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=276db5ed60d3f944a7fb262bda1cc6d2
# engine=13443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 09:59:34
# local_time=2013-03-21 10:59:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 98828 229279664 91598 0
# compatibility_mode=5893 16776573 100 94 135223 115489824 0 0
# scanned=274212
# found=2
# cleaned=0
# scan_time=10786
sh=30EF816C6621ED6F246DAF02B2E912D2044A7B3C ft=1 fh=8960084616669ecc vn="a variant of Win32/Kryptik.ATIT trojan" ac=I fn="C:\_OTL\MovedFiles\03192013_220713\C_Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6ddeaafa-5e98d355"
sh=C5417642089F8244E1CFD60A1F9DCE7F16D31AB0 ft=1 fh=3c16887179f5274c vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\_OTL\MovedFiles\03192013_220713\C_Users\Britta\AppData\Roaming\Igqo\alwaof.exe"
         

SecurityCheck
checkup.txt:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java(TM) 6 Update 20  
 Java(TM) 6 Update 26  
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (19.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 21.03.2013, 18:16   #11
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Alles Windows Updates einspielen, inkl. Internet Explorer!
http://windowsupdate.microsoft.com


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.03.2013, 09:49   #12
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Sorry, t'john, ich war ein paar Tage unterwegs und nicht am PC.

Also:
Habe Windows Updates eingespielt, inkl. Internet Explorer.
Seitdem muß ich Firefox im abgesichtem Modus starten, da der Mozilla Absturz-Melder den Hinweis gegeben hat:
"Entschuldigung
Ein Problem ist aufgetreten und Firefox abgestürzt."

Bei "Firefox neu starten" kann ich es nur im abgesicherten Modus starten.

Habe dann versucht, folgende Schritte von Deinen Tipps durchzuführen:

1. PluginCheck:

Code:
ATTFilter
PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 19.0 ist aktuell

    Flash (11,6,602,180) ist aktuell.

    Java ist Installiert aber nicht aktiviert.

    Adobe Reader 11,0,2,0 ist aktuell.
         
2. TDSSKiller.exe:
TDSSKiller.2.8.16.0_26.03.2013_10.07.58_log.txt

Code:
ATTFilter
10:07:58.0199 3608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:07:58.0409 3608  ============================================================
10:07:58.0409 3608  Current date / time: 2013/03/26 10:07:58.0409
10:07:58.0409 3608  SystemInfo:
10:07:58.0409 3608  
10:07:58.0409 3608  OS Version: 6.1.7601 ServicePack: 1.0
10:07:58.0409 3608  Product type: Workstation
10:07:58.0409 3608  ComputerName: BRI***_PC
10:07:58.0409 3608  UserName: Bri***
10:07:58.0409 3608  Windows directory: C:\Windows
10:07:58.0409 3608  System windows directory: C:\Windows
10:07:58.0409 3608  Running under WOW64
10:07:58.0409 3608  Processor architecture: Intel x64
10:07:58.0409 3608  Number of processors: 4
10:07:58.0409 3608  Page size: 0x1000
10:07:58.0409 3608  Boot type: Normal boot
10:07:58.0409 3608  ============================================================
10:08:00.0209 3608  Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:08:00.0219 3608  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:00.0229 3608  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608  Drive \Device\Harddisk2\DR3 - Size: 0xEFD00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608  Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0792 3608  ============================================================
10:08:04.0792 3608  \Device\Harddisk3\DR4:
10:08:04.0792 3608  MBR partitions:
10:08:04.0792 3608  \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0792 3608  \Device\Harddisk0\DR0:
10:08:04.0823 3608  MBR partitions:
10:08:04.0823 3608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0xE8E0360
10:08:04.0823 3608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10A13756, BlocksNum 0x299714EB
10:08:04.0823 3608  \Device\Harddisk1\DR1:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
10:08:04.0933 3608  \Device\Harddisk2\DR3:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk2\DR3\Partition1: MBR, Type 0xB, StartLBA 0x2410, BlocksNum 0x77C3F0
10:08:04.0933 3608  \Device\Harddisk3\DR4:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0933 3608  ============================================================
10:08:04.0995 3608  C: <-> \Device\Harddisk0\DR0\Partition1
10:08:05.0042 3608  D: <-> \Device\Harddisk0\DR0\Partition2
10:08:05.0089 3608  F: <-> \Device\Harddisk1\DR1\Partition1
10:08:05.0089 3608  ============================================================
10:08:05.0089 3608  Initialize success
10:08:05.0089 3608  ============================================================
10:08:34.0932 3952  ============================================================
10:08:34.0932 3952  Scan started
10:08:34.0932 3952  Mode: Manual; SigCheck; TDLFS; 
10:08:34.0932 3952  ============================================================
10:08:35.0400 3952  ================ Scan system memory ========================
10:08:35.0400 3952  System memory - ok
10:08:35.0400 3952  ================ Scan services =============================
10:08:35.0556 3952  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:08:35.0696 3952  1394ohci - ok
10:08:35.0758 3952  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:08:35.0790 3952  ACPI - ok
10:08:35.0805 3952  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:08:35.0914 3952  AcpiPmi - ok
10:08:36.0070 3952  [ BD2F775D230A9B55AB01CDA4EA5CE729 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:36.0148 3952  AcrSch2Svc - ok
10:08:36.0195 3952  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
10:08:36.0226 3952  acsock - ok
10:08:36.0320 3952  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:36.0351 3952  AdobeARMservice - ok
10:08:36.0476 3952  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:36.0492 3952  AdobeFlashPlayerUpdateSvc - ok
10:08:36.0538 3952  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:36.0585 3952  adp94xx - ok
10:08:36.0616 3952  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:08:36.0663 3952  adpahci - ok
10:08:36.0679 3952  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:08:36.0726 3952  adpu320 - ok
10:08:36.0804 3952  ADSMService - ok
10:08:36.0835 3952  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:08:37.0022 3952  AeLookupSvc - ok
10:08:37.0069 3952  [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent        C:\Windows\system32\FBAgent.exe
10:08:37.0100 3952  AFBAgent - ok
10:08:37.0209 3952  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
10:08:37.0240 3952  afcdp - ok
10:08:37.0334 3952  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:08:37.0474 3952  afcdpsrv - ok
10:08:37.0568 3952  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:08:37.0630 3952  AFD - ok
10:08:37.0662 3952  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:08:37.0693 3952  agp440 - ok
10:08:37.0708 3952  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:08:37.0771 3952  ALG - ok
10:08:37.0786 3952  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:08:37.0802 3952  aliide - ok
10:08:37.0818 3952  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:08:37.0833 3952  amdide - ok
10:08:37.0849 3952  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:08:37.0927 3952  AmdK8 - ok
10:08:37.0927 3952  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:08:37.0989 3952  AmdPPM - ok
10:08:38.0020 3952  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:08:38.0052 3952  amdsata - ok
10:08:38.0067 3952  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:38.0114 3952  amdsbs - ok
10:08:38.0130 3952  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:08:38.0145 3952  amdxata - ok
10:08:38.0239 3952  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:38.0270 3952  AntiVirSchedulerService - ok
10:08:38.0286 3952  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:38.0301 3952  AntiVirService - ok
10:08:38.0332 3952  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:08:38.0551 3952  AppID - ok
10:08:38.0566 3952  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:08:38.0676 3952  AppIDSvc - ok
10:08:38.0707 3952  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:08:38.0800 3952  Appinfo - ok
10:08:38.0832 3952  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:08:38.0863 3952  arc - ok
10:08:38.0878 3952  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:08:38.0910 3952  arcsas - ok
10:08:38.0956 3952  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
10:08:38.0972 3952  ASLDRService - ok
10:08:39.0003 3952  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
10:08:39.0034 3952  ASMMAP64 - ok
10:08:39.0066 3952  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:39.0175 3952  AsyncMac - ok
10:08:39.0222 3952  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:08:39.0237 3952  atapi - ok
10:08:39.0346 3952  [ A5E770426D18F8EF332A593F3289DA91 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:08:39.0549 3952  athr - ok
10:08:39.0580 3952  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
10:08:39.0596 3952  ATKGFNEXSrv - ok
10:08:39.0643 3952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:39.0768 3952  AudioEndpointBuilder - ok
10:08:39.0799 3952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:08:39.0877 3952  AudioSrv - ok
10:08:39.0924 3952  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:39.0955 3952  avgntflt - ok
10:08:40.0033 3952  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:08:40.0064 3952  avipbb - ok
10:08:40.0095 3952  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:40.0111 3952  avkmgr - ok
10:08:40.0173 3952  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:08:40.0251 3952  AxInstSV - ok
10:08:40.0282 3952  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:40.0329 3952  b06bdrv - ok
10:08:40.0360 3952  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:40.0407 3952  b57nd60a - ok
10:08:40.0485 3952  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:08:40.0516 3952  BBSvc - ok
10:08:40.0563 3952  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:08:40.0579 3952  BBUpdate - ok
10:08:40.0610 3952  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:08:40.0657 3952  BDESVC - ok
10:08:40.0719 3952  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:08:40.0813 3952  Beep - ok
10:08:40.0875 3952  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:08:40.0984 3952  BFE - ok
10:08:41.0062 3952  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:08:41.0187 3952  BITS - ok
10:08:41.0218 3952  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:41.0281 3952  blbdrive - ok
10:08:41.0328 3952  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:08:41.0390 3952  bowser - ok
10:08:41.0421 3952  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:41.0515 3952  BrFiltLo - ok
10:08:41.0530 3952  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:41.0562 3952  BrFiltUp - ok
10:08:41.0593 3952  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:08:41.0624 3952  Browser - ok
10:08:41.0671 3952  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:08:41.0733 3952  Brserid - ok
10:08:41.0733 3952  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:41.0780 3952  BrSerWdm - ok
10:08:41.0796 3952  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:41.0858 3952  BrUsbMdm - ok
10:08:41.0858 3952  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:41.0889 3952  BrUsbSer - ok
10:08:41.0905 3952  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:41.0936 3952  BTHMODEM - ok
10:08:41.0983 3952  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:08:42.0076 3952  bthserv - ok
10:08:42.0123 3952  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0201 3952  cdfs - ok
10:08:42.0248 3952  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:08:42.0295 3952  cdrom - ok
10:08:42.0310 3952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:08:42.0420 3952  CertPropSvc - ok
10:08:42.0451 3952  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0498 3952  circlass - ok
10:08:42.0576 3952  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:08:42.0607 3952  CLFS - ok
10:08:42.0654 3952  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0685 3952  clr_optimization_v2.0.50727_32 - ok
10:08:42.0763 3952  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0794 3952  clr_optimization_v2.0.50727_64 - ok
10:08:42.0872 3952  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0888 3952  clr_optimization_v4.0.30319_32 - ok
10:08:42.0919 3952  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0934 3952  clr_optimization_v4.0.30319_64 - ok
10:08:42.0966 3952  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:43.0012 3952  CmBatt - ok
10:08:43.0059 3952  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:08:43.0075 3952  cmdide - ok
10:08:43.0137 3952  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:08:43.0200 3952  CNG - ok
10:08:43.0246 3952  [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:08:43.0356 3952  CnxtHdAudService - ok
10:08:43.0387 3952  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:08:43.0418 3952  Compbatt - ok
10:08:43.0449 3952  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:08:43.0496 3952  CompositeBus - ok
10:08:43.0512 3952  COMSysApp - ok
10:08:43.0527 3952  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:43.0558 3952  crcdisk - ok
10:08:43.0590 3952  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:08:43.0636 3952  CryptSvc - ok
10:08:43.0683 3952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:08:43.0808 3952  DcomLaunch - ok
10:08:43.0855 3952  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:08:43.0948 3952  defragsvc - ok
10:08:43.0995 3952  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:08:44.0104 3952  DfsC - ok
10:08:44.0136 3952  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:08:44.0167 3952  Dhcp - ok
10:08:44.0214 3952  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:08:44.0307 3952  discache - ok
10:08:44.0354 3952  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:08:44.0385 3952  Disk - ok
10:08:44.0650 3952  [ ECDA7D5B479F6C38C9D3D74868CB6401 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:08:45.0025 3952  DisplayLinkService - ok
10:08:45.0072 3952  [ 64FF7EAA324702E824AFFD24D4B33412 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
10:08:45.0118 3952  DisplayLinkUsbPort - ok
10:08:45.0150 3952  [ 0E787242686A9FC890ED420C9C287686 ] dlcdbus         C:\Windows\system32\DRIVERS\dlcdbus.sys
10:08:45.0181 3952  dlcdbus - ok
10:08:45.0212 3952  [ B77DE8ECE8C423CC2DE0812FEB13BF5E ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
10:08:45.0243 3952  dlkmd - ok
10:08:45.0259 3952  [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
10:08:45.0290 3952  dlkmdldr - ok
10:08:45.0306 3952  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:08:45.0337 3952  Dnscache - ok
10:08:45.0368 3952  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:08:45.0477 3952  dot3svc - ok
10:08:45.0508 3952  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:08:45.0602 3952  DPS - ok
10:08:45.0633 3952  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:08:45.0680 3952  drmkaud - ok
10:08:45.0742 3952  [ 50AAD2A07BD8B90A8CFB4F6D7A4D165A ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
10:08:45.0774 3952  DSI_SiUSBXp_3_1 - ok
10:08:45.0836 3952  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:08:45.0930 3952  DXGKrnl - ok
10:08:45.0976 3952  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:08:46.0070 3952  EapHost - ok
10:08:46.0148 3952  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:08:46.0351 3952  ebdrv - ok
10:08:46.0382 3952  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:08:46.0413 3952  EFS - ok
10:08:46.0476 3952  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:08:46.0554 3952  ehRecvr - ok
10:08:46.0585 3952  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:08:46.0647 3952  ehSched - ok
10:08:46.0694 3952  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:08:46.0741 3952  elxstor - ok
10:08:46.0756 3952  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:08:46.0803 3952  ErrDev - ok
10:08:46.0850 3952  [ 06C94BE9D9E1E6411429433A64A76936 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
10:08:46.0912 3952  ETD - ok
10:08:46.0959 3952  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:08:47.0068 3952  EventSystem - ok
10:08:47.0100 3952  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:08:47.0193 3952  exfat - ok
10:08:47.0240 3952  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:08:47.0349 3952  fastfat - ok
10:08:47.0396 3952  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:08:47.0490 3952  Fax - ok
10:08:47.0521 3952  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:08:47.0568 3952  fdc - ok
10:08:47.0583 3952  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:08:47.0661 3952  fdPHost - ok
10:08:47.0677 3952  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:08:47.0770 3952  FDResPub - ok
10:08:47.0833 3952  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:08:47.0895 3952  FileInfo - ok
10:08:47.0911 3952  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:08:48.0004 3952  Filetrace - ok
10:08:48.0082 3952  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:08:48.0160 3952  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0160 3952  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:08:48.0192 3952  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:48.0223 3952  flpydisk - ok
10:08:48.0270 3952  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:08:48.0316 3952  FltMgr - ok
10:08:48.0379 3952  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:08:48.0457 3952  FontCache - ok
10:08:48.0519 3952  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:48.0550 3952  FontCache3.0.0.0 - ok
10:08:48.0566 3952  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:08:48.0597 3952  FsDepends - ok
10:08:48.0644 3952  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:08:48.0675 3952  Fs_Rec - ok
10:08:48.0722 3952  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:08:48.0753 3952  fvevol - ok
10:08:48.0800 3952  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:48.0831 3952  gagp30kx - ok
10:08:48.0862 3952  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:08:48.0987 3952  gpsvc - ok
10:08:49.0065 3952  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0081 3952  gupdate - ok
10:08:49.0174 3952  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0190 3952  gupdatem - ok
10:08:49.0221 3952  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:08:49.0268 3952  hcw85cir - ok
10:08:49.0299 3952  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:49.0393 3952  HdAudAddService - ok
10:08:49.0424 3952  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:08:49.0471 3952  HDAudBus - ok
10:08:49.0502 3952  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:49.0533 3952  HECIx64 - ok
10:08:49.0549 3952  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:49.0611 3952  HidBatt - ok
10:08:49.0611 3952  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:08:49.0658 3952  HidBth - ok
10:08:49.0674 3952  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:08:49.0736 3952  HidIr - ok
10:08:49.0752 3952  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:08:49.0845 3952  hidserv - ok
10:08:49.0892 3952  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:08:49.0923 3952  HidUsb - ok
10:08:49.0954 3952  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:08:50.0032 3952  hkmsvc - ok
10:08:50.0064 3952  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:50.0110 3952  HomeGroupListener - ok
10:08:50.0157 3952  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:50.0188 3952  HomeGroupProvider - ok
10:08:50.0235 3952  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:08:50.0266 3952  HpSAMD - ok
10:08:50.0329 3952  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:08:50.0454 3952  HTTP - ok
10:08:50.0500 3952  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:08:50.0516 3952  hwpolicy - ok
10:08:50.0547 3952  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:08:50.0578 3952  i8042prt - ok
10:08:50.0610 3952  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:08:50.0641 3952  iaStor - ok
10:08:50.0672 3952  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:08:50.0719 3952  iaStorV - ok
10:08:50.0781 3952  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:50.0875 3952  idsvc - ok
10:08:51.0249 3952  [ 174BCAC474DE13B2650E444CF124828E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:51.0811 3952  igfx - ok
10:08:51.0858 3952  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:08:51.0889 3952  iirsp - ok
10:08:51.0936 3952  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:08:52.0060 3952  IKEEXT - ok
10:08:52.0107 3952  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
10:08:52.0185 3952  Impcd - ok
10:08:52.0232 3952  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:08:52.0279 3952  IntcDAud - ok
10:08:52.0310 3952  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:08:52.0341 3952  intelide - ok
10:08:52.0372 3952  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:08:52.0404 3952  intelppm - ok
10:08:52.0450 3952  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:08:52.0513 3952  IPBusEnum - ok
10:08:52.0544 3952  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:52.0638 3952  IpFilterDriver - ok
10:08:52.0684 3952  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:08:52.0778 3952  iphlpsvc - ok
10:08:52.0794 3952  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:08:52.0840 3952  IPMIDRV - ok
10:08:52.0872 3952  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:08:52.0981 3952  IPNAT - ok
10:08:53.0012 3952  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:08:53.0106 3952  IRENUM - ok
10:08:53.0152 3952  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:08:53.0184 3952  isapnp - ok
10:08:53.0215 3952  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:08:53.0262 3952  iScsiPrt - ok
10:08:53.0277 3952  [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
10:08:53.0308 3952  JMCR - ok
10:08:53.0340 3952  [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME             C:\Windows\system32\DRIVERS\JME.sys
10:08:53.0371 3952  JME - ok
10:08:53.0386 3952  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:08:53.0418 3952  kbdclass - ok
10:08:53.0433 3952  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:08:53.0480 3952  kbdhid - ok
10:08:53.0511 3952  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
10:08:53.0542 3952  kbfiltr - ok
10:08:53.0558 3952  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:08:53.0589 3952  KeyIso - ok
10:08:53.0636 3952  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:08:53.0667 3952  KSecDD - ok
10:08:53.0683 3952  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:08:53.0730 3952  KSecPkg - ok
10:08:53.0776 3952  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:08:53.0870 3952  ksthunk - ok
10:08:53.0901 3952  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:08:54.0026 3952  KtmRm - ok
10:08:54.0073 3952  [ 44892163F1A1329FA5C22A4CEEBB1D45 ] LAN9500         C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
10:08:54.0104 3952  LAN9500 - ok
10:08:54.0166 3952  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:08:54.0276 3952  LanmanServer - ok
10:08:54.0307 3952  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:54.0385 3952  LanmanWorkstation - ok
10:08:54.0463 3952  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:08:54.0494 3952  LBTServ - ok
10:08:54.0525 3952  [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:08:54.0556 3952  LEqdUsb - ok
10:08:54.0572 3952  [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:08:54.0588 3952  LHidEqd - ok
10:08:54.0603 3952  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:08:54.0619 3952  LHidFilt - ok
10:08:54.0681 3952  [ 02538E602280C07438C94489DCBE77D5 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
10:08:54.0697 3952  libusb0 - ok
10:08:54.0744 3952  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:08:54.0837 3952  lltdio - ok
10:08:54.0884 3952  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:08:54.0993 3952  lltdsvc - ok
10:08:55.0024 3952  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:08:55.0102 3952  lmhosts - ok
10:08:55.0134 3952  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:08:55.0165 3952  LMouFilt - ok
10:08:55.0212 3952  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:55.0243 3952  LMS ( UnsignedFile.Multi.Generic ) - warning
10:08:55.0243 3952  LMS - detected UnsignedFile.Multi.Generic (1)
10:08:55.0274 3952  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:55.0305 3952  LSI_FC - ok
10:08:55.0321 3952  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:55.0352 3952  LSI_SAS - ok
10:08:55.0368 3952  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:55.0399 3952  LSI_SAS2 - ok
10:08:55.0414 3952  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:55.0446 3952  LSI_SCSI - ok
10:08:55.0461 3952  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:08:55.0570 3952  luafv - ok
10:08:55.0602 3952  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
10:08:55.0617 3952  lullaby - ok
10:08:55.0695 3952  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
10:08:55.0742 3952  McComponentHostService - ok
10:08:55.0789 3952  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:08:55.0836 3952  Mcx2Svc - ok
10:08:55.0867 3952  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:08:55.0898 3952  megasas - ok
10:08:55.0914 3952  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:55.0976 3952  MegaSR - ok
10:08:56.0054 3952  Microsoft SharePoint Workspace Audit Service - ok
10:08:56.0070 3952  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:08:56.0163 3952  MMCSS - ok
10:08:56.0210 3952  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:08:56.0319 3952  Modem - ok
10:08:56.0335 3952  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:08:56.0366 3952  monitor - ok
10:08:56.0397 3952  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:08:56.0413 3952  mouclass - ok
10:08:56.0460 3952  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:08:56.0506 3952  mouhid - ok
10:08:56.0522 3952  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:08:56.0553 3952  mountmgr - ok
10:08:56.0631 3952  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:56.0647 3952  MozillaMaintenance - ok
10:08:56.0662 3952  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:08:56.0694 3952  mpio - ok
10:08:56.0725 3952  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:08:56.0818 3952  mpsdrv - ok
10:08:56.0850 3952  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:08:56.0974 3952  MpsSvc - ok
10:08:57.0006 3952  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:08:57.0068 3952  MRxDAV - ok
10:08:57.0130 3952  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:57.0177 3952  mrxsmb - ok
10:08:57.0224 3952  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:57.0286 3952  mrxsmb10 - ok
10:08:57.0318 3952  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:57.0380 3952  mrxsmb20 - ok
10:08:57.0396 3952  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:08:57.0427 3952  msahci - ok
10:08:57.0458 3952  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:08:57.0489 3952  msdsm - ok
10:08:57.0520 3952  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:08:57.0567 3952  MSDTC - ok
10:08:57.0614 3952  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:08:57.0723 3952  Msfs - ok
10:08:57.0739 3952  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:08:57.0817 3952  mshidkmdf - ok
10:08:57.0848 3952  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:08:57.0864 3952  msisadrv - ok
10:08:57.0895 3952  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:08:57.0988 3952  MSiSCSI - ok
10:08:58.0004 3952  msiserver - ok
10:08:58.0035 3952  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:08:58.0129 3952  MSKSSRV - ok
10:08:58.0144 3952  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:58.0238 3952  MSPCLOCK - ok
10:08:58.0254 3952  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:08:58.0347 3952  MSPQM - ok
10:08:58.0378 3952  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:08:58.0410 3952  MsRPC - ok
10:08:58.0456 3952  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:08:58.0472 3952  mssmbios - ok
10:08:58.0488 3952  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:08:58.0581 3952  MSTEE - ok
10:08:58.0581 3952  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:58.0628 3952  MTConfig - ok
10:08:58.0675 3952  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
10:08:58.0690 3952  MTsensor - ok
10:08:58.0690 3952  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:08:58.0722 3952  Mup - ok
10:08:58.0753 3952  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:08:58.0862 3952  napagent - ok
10:08:58.0893 3952  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:08:58.0940 3952  NativeWifiP - ok
10:08:58.0987 3952  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:08:59.0049 3952  NDIS - ok
10:08:59.0065 3952  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:59.0158 3952  NdisCap - ok
10:08:59.0205 3952  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:59.0299 3952  NdisTapi - ok
10:08:59.0314 3952  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:59.0408 3952  Ndisuio - ok
10:08:59.0439 3952  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:59.0533 3952  NdisWan - ok
10:08:59.0564 3952  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:08:59.0642 3952  NDProxy - ok
10:08:59.0720 3952  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:08:59.0751 3952  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:08:59.0751 3952  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:08:59.0782 3952  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:08:59.0892 3952  NetBIOS - ok
10:08:59.0938 3952  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:09:00.0032 3952  NetBT - ok
10:09:00.0048 3952  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:09:00.0079 3952  Netlogon - ok
10:09:00.0110 3952  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:09:00.0219 3952  Netman - ok
10:09:00.0250 3952  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:09:00.0344 3952  netprofm - ok
10:09:00.0375 3952  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:00.0406 3952  NetTcpPortSharing - ok
10:09:00.0422 3952  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:09:00.0453 3952  nfrd960 - ok
10:09:00.0484 3952  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:09:00.0531 3952  NlaSvc - ok
10:09:00.0547 3952  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:09:00.0625 3952  Npfs - ok
10:09:00.0656 3952  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:09:00.0750 3952  nsi - ok
10:09:00.0781 3952  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:09:00.0859 3952  nsiproxy - ok
10:09:00.0937 3952  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:09:01.0108 3952  Ntfs - ok
10:09:01.0155 3952  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:09:01.0233 3952  Null - ok
10:09:01.0561 3952  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:02.0169 3952  nvlddmkm - ok
10:09:02.0278 3952  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
10:09:02.0310 3952  nvpciflt - ok
10:09:02.0341 3952  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:09:02.0372 3952  nvraid - ok
10:09:02.0388 3952  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:09:02.0419 3952  nvstor - ok
10:09:02.0481 3952  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:09:02.0544 3952  nvsvc - ok
10:09:02.0637 3952  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:09:02.0715 3952  nvUpdatusService - ok
10:09:02.0746 3952  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:09:02.0778 3952  nv_agp - ok
10:09:02.0778 3952  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:09:02.0824 3952  ohci1394 - ok
10:09:02.0918 3952  [ 379F3CDCD9917135B7629FA90F87FD1D ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
10:09:03.0043 3952  OODefragAgent - ok
10:09:03.0090 3952  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:03.0105 3952  ose - ok
10:09:03.0246 3952  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:09:03.0480 3952  osppsvc - ok
10:09:03.0526 3952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:09:03.0573 3952  p2pimsvc - ok
10:09:03.0589 3952  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:09:03.0636 3952  p2psvc - ok
10:09:03.0667 3952  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:09:03.0714 3952  Parport - ok
10:09:03.0745 3952  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:09:03.0776 3952  partmgr - ok
10:09:03.0807 3952  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:09:03.0854 3952  PcaSvc - ok
10:09:03.0901 3952  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:09:03.0932 3952  pci - ok
10:09:03.0948 3952  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:09:03.0979 3952  pciide - ok
10:09:04.0010 3952  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:09:04.0041 3952  pcmcia - ok
10:09:04.0104 3952  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:09:04.0135 3952  pcw - ok
10:09:04.0166 3952  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:09:04.0291 3952  PEAUTH - ok
10:09:04.0384 3952  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:09:04.0416 3952  PerfHost - ok
10:09:04.0478 3952  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:09:04.0650 3952  pla - ok
10:09:04.0696 3952  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:09:04.0743 3952  PlugPlay - ok
10:09:04.0806 3952  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:09:04.0837 3952  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:09:04.0837 3952  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:09:04.0852 3952  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:09:04.0899 3952  PNRPAutoReg - ok
10:09:04.0930 3952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:09:04.0962 3952  PNRPsvc - ok
10:09:04.0993 3952  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:09:05.0071 3952  PolicyAgent - ok
10:09:05.0102 3952  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:09:05.0196 3952  Power - ok
10:09:05.0227 3952  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:09:05.0336 3952  PptpMiniport - ok
10:09:05.0367 3952  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:09:05.0398 3952  Processor - ok
10:09:05.0461 3952  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:09:05.0508 3952  ProfSvc - ok
10:09:05.0523 3952  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:05.0539 3952  ProtectedStorage - ok
10:09:05.0570 3952  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:09:05.0648 3952  Psched - ok
10:09:05.0695 3952  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:09:05.0835 3952  ql2300 - ok
10:09:05.0851 3952  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:09:05.0882 3952  ql40xx - ok
10:09:05.0913 3952  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:09:05.0960 3952  QWAVE - ok
10:09:05.0976 3952  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:09:06.0022 3952  QWAVEdrv - ok
10:09:06.0054 3952  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:09:06.0132 3952  RasAcd - ok
10:09:06.0178 3952  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:06.0272 3952  RasAgileVpn - ok
10:09:06.0303 3952  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:09:06.0397 3952  RasAuto - ok
10:09:06.0444 3952  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:06.0553 3952  Rasl2tp - ok
10:09:06.0600 3952  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:09:06.0709 3952  RasMan - ok
10:09:06.0756 3952  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:06.0834 3952  RasPppoe - ok
10:09:06.0865 3952  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:09:06.0958 3952  RasSstp - ok
10:09:07.0005 3952  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:09:07.0114 3952  rdbss - ok
10:09:07.0130 3952  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:07.0177 3952  rdpbus - ok
10:09:07.0208 3952  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:07.0302 3952  RDPCDD - ok
10:09:07.0317 3952  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:09:07.0411 3952  RDPENCDD - ok
10:09:07.0442 3952  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:09:07.0520 3952  RDPREFMP - ok
10:09:07.0582 3952  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:09:07.0598 3952  RdpVideoMiniport - ok
10:09:07.0629 3952  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:09:07.0692 3952  RDPWD - ok
10:09:07.0723 3952  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:09:07.0770 3952  rdyboost - ok
10:09:07.0816 3952  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:09:07.0910 3952  RemoteAccess - ok
10:09:07.0941 3952  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:09:08.0035 3952  RemoteRegistry - ok
10:09:08.0050 3952  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:09:08.0144 3952  RpcEptMapper - ok
10:09:08.0160 3952  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:09:08.0206 3952  RpcLocator - ok
10:09:08.0253 3952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:09:08.0331 3952  RpcSs - ok
10:09:08.0394 3952  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:09:08.0487 3952  rspndr - ok
10:09:08.0550 3952  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
10:09:08.0565 3952  s0016bus - ok
10:09:08.0581 3952  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:09:08.0596 3952  s0016mdfl - ok
10:09:08.0612 3952  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
10:09:08.0628 3952  s0016mdm - ok
10:09:08.0643 3952  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:09:08.0690 3952  s0016mgmt - ok
10:09:08.0690 3952  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
10:09:08.0721 3952  s0016nd5 - ok
10:09:08.0721 3952  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
10:09:08.0752 3952  s0016obex - ok
10:09:08.0768 3952  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
10:09:08.0799 3952  s0016unic - ok
10:09:08.0815 3952  [ E0F0977CAAFDF719929C8CA02A1C5147 ] s115bus         C:\Windows\system32\DRIVERS\s115bus.sys
10:09:08.0846 3952  s115bus - ok
10:09:08.0877 3952  [ 136328E6C3086A19EB3154058BC7B3A3 ] s115mdfl        C:\Windows\system32\DRIVERS\s115mdfl.sys
10:09:08.0893 3952  s115mdfl - ok
10:09:08.0924 3952  [ 54552277DE7EAE1A2E108A4CFF7ABB07 ] s115mdm         C:\Windows\system32\DRIVERS\s115mdm.sys
10:09:08.0940 3952  s115mdm - ok
10:09:08.0986 3952  [ E9B3966836CB9C2107264E44249267DF ] s115mgmt        C:\Windows\system32\DRIVERS\s115mgmt.sys
10:09:09.0018 3952  s115mgmt - ok
10:09:09.0049 3952  [ F6AB3B6E35981C4F3FED4198D3F29674 ] s115obex        C:\Windows\system32\DRIVERS\s115obex.sys
10:09:09.0064 3952  s115obex - ok
10:09:09.0096 3952  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:09:09.0111 3952  SamSs - ok
10:09:09.0174 3952  [ B7E1FF02C6A9BCDE9A34DE801E379844 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
10:09:09.0205 3952  SbieDrv - ok
10:09:09.0236 3952  [ 4B30590ABBBE4138BD4999FDF586AE53 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
10:09:09.0252 3952  SbieSvc - ok
10:09:09.0283 3952  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:09:09.0314 3952  sbp2port - ok
10:09:09.0345 3952  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:09:09.0439 3952  SCardSvr - ok
10:09:09.0470 3952  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:09:09.0548 3952  scfilter - ok
10:09:09.0610 3952  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:09:09.0720 3952  Schedule - ok
10:09:09.0735 3952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:09:09.0813 3952  SCPolicySvc - ok
10:09:09.0829 3952  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:09:09.0876 3952  sdbus - ok
10:09:09.0907 3952  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:09:09.0954 3952  SDRSVC - ok
10:09:09.0985 3952  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:09:10.0078 3952  secdrv - ok
10:09:10.0110 3952  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:09:10.0203 3952  seclogon - ok
10:09:10.0234 3952  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:09:10.0328 3952  SENS - ok
10:09:10.0344 3952  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:09:10.0390 3952  SensrSvc - ok
10:09:10.0406 3952  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:09:10.0453 3952  Serenum - ok
10:09:10.0468 3952  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:09:10.0515 3952  Serial - ok
10:09:10.0546 3952  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:09:10.0593 3952  sermouse - ok
10:09:10.0624 3952  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:09:10.0734 3952  SessionEnv - ok
10:09:10.0765 3952  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:09:10.0812 3952  sffdisk - ok
10:09:10.0858 3952  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:09:10.0890 3952  sffp_mmc - ok
10:09:10.0905 3952  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:09:10.0936 3952  sffp_sd - ok
10:09:10.0952 3952  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:09:10.0999 3952  sfloppy - ok
10:09:11.0061 3952  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:09:11.0139 3952  SharedAccess - ok
10:09:11.0186 3952  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:11.0280 3952  ShellHWDetection - ok
10:09:11.0342 3952  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
10:09:11.0389 3952  SiSGbeLH - ok
10:09:11.0389 3952  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:09:11.0420 3952  SiSRaid2 - ok
10:09:11.0436 3952  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:09:11.0467 3952  SiSRaid4 - ok
10:09:11.0529 3952  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:09:11.0592 3952  SkypeUpdate - ok
10:09:11.0607 3952  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:09:11.0716 3952  Smb - ok
10:09:11.0779 3952  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:09:11.0810 3952  snapman - ok
10:09:11.0826 3952  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:09:11.0872 3952  SNMPTRAP - ok
10:09:11.0950 3952  [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
10:09:12.0091 3952  SNP2UVC - ok
10:09:12.0122 3952  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:09:12.0153 3952  spldr - ok
10:09:12.0184 3952  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:09:12.0231 3952  Spooler - ok
10:09:12.0325 3952  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:09:12.0528 3952  sppsvc - ok
10:09:12.0574 3952  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:09:12.0668 3952  sppuinotify - ok
10:09:12.0730 3952  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
10:09:12.0824 3952  sptd - ok
10:09:12.0871 3952  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:09:12.0949 3952  srv - ok
10:09:12.0980 3952  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:09:13.0058 3952  srv2 - ok
10:09:13.0105 3952  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:09:13.0152 3952  srvnet - ok
10:09:13.0198 3952  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:09:13.0292 3952  SSDPSRV - ok
10:09:13.0308 3952  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:09:13.0401 3952  SstpSvc - ok
10:09:13.0432 3952  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:09:13.0464 3952  stexstor - ok
10:09:13.0479 3952  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:09:13.0526 3952  StillCam - ok
10:09:13.0573 3952  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:09:13.0651 3952  stisvc - ok
10:09:13.0666 3952  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:09:13.0698 3952  swenum - ok
10:09:13.0729 3952  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:09:13.0807 3952  swprv - ok
10:09:13.0885 3952  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:09:13.0978 3952  SysMain - ok
10:09:14.0010 3952  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:14.0041 3952  TabletInputService - ok
10:09:14.0072 3952  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:09:14.0181 3952  TapiSrv - ok
10:09:14.0228 3952  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:09:14.0322 3952  TBS - ok
10:09:14.0384 3952  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:09:14.0556 3952  Tcpip - ok
10:09:14.0618 3952  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:09:14.0680 3952  TCPIP6 - ok
10:09:14.0727 3952  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:09:14.0790 3952  tcpipreg - ok
10:09:14.0821 3952  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:09:14.0852 3952  TDPIPE - ok
10:09:14.0946 3952  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
10:09:15.0055 3952  tdrpman273 - ok
10:09:15.0086 3952  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:09:15.0102 3952  TDTCP - ok
10:09:15.0148 3952  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:09:15.0242 3952  tdx - ok
10:09:15.0304 3952  [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
10:09:15.0320 3952  TeamViewer5 - ok
10:09:15.0367 3952  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:09:15.0382 3952  teamviewervpn - ok
10:09:15.0398 3952  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:09:15.0429 3952  TermDD - ok
10:09:15.0460 3952  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:09:15.0663 3952  TermService - ok
10:09:15.0694 3952  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:09:15.0741 3952  Themes - ok
10:09:15.0772 3952  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:09:15.0850 3952  THREADORDER - ok
10:09:15.0897 3952  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:09:15.0991 3952  timounter - ok
10:09:16.0053 3952  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:09:16.0147 3952  TrkWks - ok
10:09:16.0194 3952  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:16.0287 3952  TrustedInstaller - ok
10:09:16.0334 3952  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:16.0428 3952  tssecsrv - ok
10:09:16.0474 3952  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:09:16.0521 3952  TsUsbFlt - ok
10:09:16.0568 3952  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:09:16.0662 3952  tunnel - ok
10:09:16.0693 3952  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
10:09:16.0708 3952  TurboB - ok
10:09:16.0771 3952  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:09:16.0786 3952  TurboBoost - ok
10:09:16.0833 3952  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:09:16.0880 3952  uagp35 - ok
10:09:16.0911 3952  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:09:17.0020 3952  udfs - ok
10:09:17.0052 3952  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:09:17.0098 3952  UI0Detect - ok
10:09:17.0130 3952  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:09:17.0161 3952  uliagpkx - ok
10:09:17.0176 3952  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:09:17.0208 3952  umbus - ok
10:09:17.0239 3952  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:09:17.0286 3952  UmPass - ok
10:09:17.0379 3952  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:09:17.0473 3952  UNS ( UnsignedFile.Multi.Generic ) - warning
10:09:17.0473 3952  UNS - detected UnsignedFile.Multi.Generic (1)
10:09:17.0520 3952  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:09:17.0613 3952  upnphost - ok
10:09:17.0676 3952  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:09:17.0722 3952  usbaudio - ok
10:09:17.0754 3952  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:17.0785 3952  usbccgp - ok
10:09:17.0800 3952  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:09:17.0847 3952  usbcir - ok
10:09:17.0878 3952  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:09:17.0925 3952  usbehci - ok
10:09:17.0956 3952  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:09:17.0988 3952  usbhub - ok
10:09:18.0003 3952  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:09:18.0034 3952  usbohci - ok
10:09:18.0050 3952  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:09:18.0081 3952  usbprint - ok
10:09:18.0097 3952  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:18.0159 3952  USBSTOR - ok
10:09:18.0159 3952  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:09:18.0206 3952  usbuhci - ok
10:09:18.0222 3952  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:09:18.0284 3952  usbvideo - ok
10:09:18.0315 3952  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:09:18.0393 3952  UxSms - ok
10:09:18.0424 3952  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:09:18.0440 3952  VaultSvc - ok
10:09:18.0456 3952  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:09:18.0487 3952  vdrvroot - ok
10:09:18.0518 3952  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:09:18.0627 3952  vds - ok
10:09:18.0658 3952  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:18.0690 3952  vga - ok
10:09:18.0705 3952  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:09:18.0814 3952  VgaSave - ok
10:09:18.0846 3952  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:09:18.0877 3952  vhdmp - ok
10:09:18.0908 3952  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:09:18.0924 3952  viaide - ok
10:09:18.0955 3952  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:09:18.0986 3952  volmgr - ok
10:09:19.0017 3952  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:09:19.0048 3952  volmgrx - ok
10:09:19.0080 3952  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:09:19.0126 3952  volsnap - ok
10:09:19.0189 3952  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:09:19.0220 3952  vpnagent - ok
10:09:19.0251 3952  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
10:09:19.0267 3952  vpnva - ok
10:09:19.0298 3952  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:09:19.0345 3952  vsmraid - ok
10:09:19.0407 3952  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:09:19.0548 3952  VSS - ok
10:09:19.0563 3952  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:19.0626 3952  vwifibus - ok
10:09:19.0672 3952  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:19.0735 3952  vwififlt - ok
10:09:19.0766 3952  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:09:19.0813 3952  vwifimp - ok
10:09:19.0860 3952  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:09:19.0938 3952  W32Time - ok
10:09:19.0969 3952  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:09:20.0000 3952  WacomPen - ok
10:09:20.0047 3952  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0140 3952  WANARP - ok
10:09:20.0140 3952  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0218 3952  Wanarpv6 - ok
10:09:20.0296 3952  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:20.0374 3952  WatAdminSvc - ok
10:09:20.0437 3952  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:09:20.0546 3952  wbengine - ok
10:09:20.0577 3952  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:09:20.0624 3952  WbioSrvc - ok
10:09:20.0671 3952  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:09:20.0718 3952  wcncsvc - ok
10:09:20.0733 3952  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:20.0780 3952  WcsPlugInService - ok
10:09:20.0827 3952  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:09:20.0842 3952  Wd - ok
10:09:20.0905 3952  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:09:20.0983 3952  Wdf01000 - ok
10:09:21.0014 3952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:09:21.0123 3952  WdiServiceHost - ok
10:09:21.0123 3952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:09:21.0170 3952  WdiSystemHost - ok
10:09:21.0201 3952  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:09:21.0279 3952  WebClient - ok
10:09:21.0295 3952  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:09:21.0420 3952  Wecsvc - ok
10:09:21.0451 3952  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:09:21.0544 3952  wercplsupport - ok
10:09:21.0576 3952  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:09:21.0669 3952  WerSvc - ok
10:09:21.0700 3952  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:21.0778 3952  WfpLwf - ok
10:09:21.0825 3952  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
10:09:21.0872 3952  WimFltr - ok
10:09:21.0903 3952  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:09:21.0934 3952  WIMMount - ok
10:09:21.0981 3952  WinDefend - ok
10:09:21.0997 3952  WinHttpAutoProxySvc - ok
10:09:22.0044 3952  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:09:22.0122 3952  Winmgmt - ok
10:09:22.0200 3952  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:09:22.0371 3952  WinRM - ok
10:09:22.0434 3952  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:22.0496 3952  WinUsb - ok
10:09:22.0543 3952  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:09:22.0636 3952  Wlansvc - ok
10:09:22.0714 3952  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:09:22.0839 3952  wlidsvc - ok
10:09:22.0870 3952  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:09:22.0917 3952  WmiAcpi - ok
10:09:22.0948 3952  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:09:22.0995 3952  wmiApSrv - ok
10:09:23.0026 3952  WMPNetworkSvc - ok
10:09:23.0058 3952  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:09:23.0120 3952  WPCSvc - ok
10:09:23.0151 3952  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:09:23.0182 3952  WPDBusEnum - ok
10:09:23.0229 3952  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:09:23.0323 3952  ws2ifsl - ok
10:09:23.0354 3952  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:09:23.0385 3952  wscsvc - ok
10:09:23.0401 3952  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:09:23.0448 3952  WSDPrintDevice - ok
10:09:23.0448 3952  WSearch - ok
10:09:23.0541 3952  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:09:23.0666 3952  wuauserv - ok
10:09:23.0697 3952  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:09:23.0728 3952  WudfPf - ok
10:09:23.0775 3952  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:23.0822 3952  WUDFRd - ok
10:09:23.0853 3952  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:09:23.0900 3952  wudfsvc - ok
10:09:23.0931 3952  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:09:23.0994 3952  WwanSvc - ok
10:09:24.0025 3952  ================ Scan global ===============================
10:09:24.0072 3952  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:09:24.0103 3952  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0118 3952  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0150 3952  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:09:24.0181 3952  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:09:24.0196 3952  [Global] - ok
10:09:24.0196 3952  ================ Scan MBR ==================================
10:09:24.0992 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:25.0179 3952  \Device\Harddisk3\DR4 - ok
10:09:25.0226 3952  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:09:25.0678 3952  \Device\Harddisk0\DR0 - ok
10:09:25.0678 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:09:26.0224 3952  \Device\Harddisk1\DR1 - ok
10:09:26.0224 3952  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
10:09:31.0014 3952  \Device\Harddisk2\DR3 - ok
10:09:31.0029 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:31.0216 3952  \Device\Harddisk3\DR4 - ok
10:09:31.0216 3952  ================ Scan VBR ==================================
10:09:31.0216 3952  [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0216 3952  \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0279 3952  [ C1EFB675B04D3E0FEFEB0B2A9E55B3D3 ] \Device\Harddisk0\DR0\Partition1
10:09:31.0279 3952  \Device\Harddisk0\DR0\Partition1 - ok
10:09:31.0294 3952  [ E8FBD723A8500F903E608DCF5B339629 ] \Device\Harddisk0\DR0\Partition2
10:09:31.0294 3952  \Device\Harddisk0\DR0\Partition2 - ok
10:09:31.0310 3952  [ 8E37C8177012DCDC8A81A9657CA7B97F ] \Device\Harddisk1\DR1\Partition1
10:09:31.0310 3952  \Device\Harddisk1\DR1\Partition1 - ok
10:09:31.0310 3952  [ 364BE6FAD58CE19E8C0B3E4A5C363247 ] \Device\Harddisk2\DR3\Partition1
10:09:31.0326 3952  \Device\Harddisk2\DR3\Partition1 - ok
10:09:31.0326 3952  [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0326 3952  \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0326 3952  ============================================================
10:09:31.0326 3952  Scan finished
10:09:31.0326 3952  ============================================================
10:09:31.0357 6536  Detected object count: 5
10:09:31.0357 6536  Actual detected object count: 5
10:18:10.0916 6536  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0931 6536  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0931 6536  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 26.03.2013, 09:57   #13
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Hab einen Schritt vergessen, zu posten:

Hier nun alle drei Schritte:


1. Java aktualisieren
Code:
ATTFilter
PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 19.0 ist aktuell

    Flash (11,6,602,180) ist aktuell.

    Java (1,7,0,17) ist aktuell.

    Adobe Reader 11,0,2,0 ist aktuell.
         

2. Java deaktivieren
Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 19.0 ist aktuell

    Flash (11,6,602,180) ist aktuell.

    Java ist Installiert aber nicht aktiviert.

    Adobe Reader 11,0,2,0 ist aktuell.
         

3. TDSSKiller.exe:
TDSSKiller.2.8.16.0_26.03.2013_10.07.58_log.txt
Code:
ATTFilter
10:07:58.0199 3608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:07:58.0409 3608  ============================================================
10:07:58.0409 3608  Current date / time: 2013/03/26 10:07:58.0409
10:07:58.0409 3608  SystemInfo:
10:07:58.0409 3608  
10:07:58.0409 3608  OS Version: 6.1.7601 ServicePack: 1.0
10:07:58.0409 3608  Product type: Workstation
10:07:58.0409 3608  ComputerName: BRI***_PC
10:07:58.0409 3608  UserName: Bri***
10:07:58.0409 3608  Windows directory: C:\Windows
10:07:58.0409 3608  System windows directory: C:\Windows
10:07:58.0409 3608  Running under WOW64
10:07:58.0409 3608  Processor architecture: Intel x64
10:07:58.0409 3608  Number of processors: 4
10:07:58.0409 3608  Page size: 0x1000
10:07:58.0409 3608  Boot type: Normal boot
10:07:58.0409 3608  ============================================================
10:08:00.0209 3608  Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:08:00.0219 3608  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:00.0229 3608  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608  Drive \Device\Harddisk2\DR3 - Size: 0xEFD00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608  Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0792 3608  ============================================================
10:08:04.0792 3608  \Device\Harddisk3\DR4:
10:08:04.0792 3608  MBR partitions:
10:08:04.0792 3608  \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0792 3608  \Device\Harddisk0\DR0:
10:08:04.0823 3608  MBR partitions:
10:08:04.0823 3608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0xE8E0360
10:08:04.0823 3608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10A13756, BlocksNum 0x299714EB
10:08:04.0823 3608  \Device\Harddisk1\DR1:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
10:08:04.0933 3608  \Device\Harddisk2\DR3:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk2\DR3\Partition1: MBR, Type 0xB, StartLBA 0x2410, BlocksNum 0x77C3F0
10:08:04.0933 3608  \Device\Harddisk3\DR4:
10:08:04.0933 3608  MBR partitions:
10:08:04.0933 3608  \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0933 3608  ============================================================
10:08:04.0995 3608  C: <-> \Device\Harddisk0\DR0\Partition1
10:08:05.0042 3608  D: <-> \Device\Harddisk0\DR0\Partition2
10:08:05.0089 3608  F: <-> \Device\Harddisk1\DR1\Partition1
10:08:05.0089 3608  ============================================================
10:08:05.0089 3608  Initialize success
10:08:05.0089 3608  ============================================================
10:08:34.0932 3952  ============================================================
10:08:34.0932 3952  Scan started
10:08:34.0932 3952  Mode: Manual; SigCheck; TDLFS; 
10:08:34.0932 3952  ============================================================
10:08:35.0400 3952  ================ Scan system memory ========================
10:08:35.0400 3952  System memory - ok
10:08:35.0400 3952  ================ Scan services =============================
10:08:35.0556 3952  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:08:35.0696 3952  1394ohci - ok
10:08:35.0758 3952  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:08:35.0790 3952  ACPI - ok
10:08:35.0805 3952  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:08:35.0914 3952  AcpiPmi - ok
10:08:36.0070 3952  [ BD2F775D230A9B55AB01CDA4EA5CE729 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:36.0148 3952  AcrSch2Svc - ok
10:08:36.0195 3952  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
10:08:36.0226 3952  acsock - ok
10:08:36.0320 3952  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:36.0351 3952  AdobeARMservice - ok
10:08:36.0476 3952  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:36.0492 3952  AdobeFlashPlayerUpdateSvc - ok
10:08:36.0538 3952  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:36.0585 3952  adp94xx - ok
10:08:36.0616 3952  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:08:36.0663 3952  adpahci - ok
10:08:36.0679 3952  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:08:36.0726 3952  adpu320 - ok
10:08:36.0804 3952  ADSMService - ok
10:08:36.0835 3952  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:08:37.0022 3952  AeLookupSvc - ok
10:08:37.0069 3952  [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent        C:\Windows\system32\FBAgent.exe
10:08:37.0100 3952  AFBAgent - ok
10:08:37.0209 3952  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
10:08:37.0240 3952  afcdp - ok
10:08:37.0334 3952  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:08:37.0474 3952  afcdpsrv - ok
10:08:37.0568 3952  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:08:37.0630 3952  AFD - ok
10:08:37.0662 3952  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:08:37.0693 3952  agp440 - ok
10:08:37.0708 3952  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:08:37.0771 3952  ALG - ok
10:08:37.0786 3952  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:08:37.0802 3952  aliide - ok
10:08:37.0818 3952  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:08:37.0833 3952  amdide - ok
10:08:37.0849 3952  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:08:37.0927 3952  AmdK8 - ok
10:08:37.0927 3952  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:08:37.0989 3952  AmdPPM - ok
10:08:38.0020 3952  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:08:38.0052 3952  amdsata - ok
10:08:38.0067 3952  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:38.0114 3952  amdsbs - ok
10:08:38.0130 3952  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:08:38.0145 3952  amdxata - ok
10:08:38.0239 3952  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:38.0270 3952  AntiVirSchedulerService - ok
10:08:38.0286 3952  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:38.0301 3952  AntiVirService - ok
10:08:38.0332 3952  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:08:38.0551 3952  AppID - ok
10:08:38.0566 3952  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:08:38.0676 3952  AppIDSvc - ok
10:08:38.0707 3952  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:08:38.0800 3952  Appinfo - ok
10:08:38.0832 3952  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:08:38.0863 3952  arc - ok
10:08:38.0878 3952  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:08:38.0910 3952  arcsas - ok
10:08:38.0956 3952  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
10:08:38.0972 3952  ASLDRService - ok
10:08:39.0003 3952  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
10:08:39.0034 3952  ASMMAP64 - ok
10:08:39.0066 3952  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:39.0175 3952  AsyncMac - ok
10:08:39.0222 3952  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:08:39.0237 3952  atapi - ok
10:08:39.0346 3952  [ A5E770426D18F8EF332A593F3289DA91 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:08:39.0549 3952  athr - ok
10:08:39.0580 3952  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
10:08:39.0596 3952  ATKGFNEXSrv - ok
10:08:39.0643 3952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:39.0768 3952  AudioEndpointBuilder - ok
10:08:39.0799 3952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:08:39.0877 3952  AudioSrv - ok
10:08:39.0924 3952  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:39.0955 3952  avgntflt - ok
10:08:40.0033 3952  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:08:40.0064 3952  avipbb - ok
10:08:40.0095 3952  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:40.0111 3952  avkmgr - ok
10:08:40.0173 3952  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:08:40.0251 3952  AxInstSV - ok
10:08:40.0282 3952  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:40.0329 3952  b06bdrv - ok
10:08:40.0360 3952  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:40.0407 3952  b57nd60a - ok
10:08:40.0485 3952  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:08:40.0516 3952  BBSvc - ok
10:08:40.0563 3952  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:08:40.0579 3952  BBUpdate - ok
10:08:40.0610 3952  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:08:40.0657 3952  BDESVC - ok
10:08:40.0719 3952  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:08:40.0813 3952  Beep - ok
10:08:40.0875 3952  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:08:40.0984 3952  BFE - ok
10:08:41.0062 3952  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:08:41.0187 3952  BITS - ok
10:08:41.0218 3952  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:41.0281 3952  blbdrive - ok
10:08:41.0328 3952  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:08:41.0390 3952  bowser - ok
10:08:41.0421 3952  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:41.0515 3952  BrFiltLo - ok
10:08:41.0530 3952  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:41.0562 3952  BrFiltUp - ok
10:08:41.0593 3952  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:08:41.0624 3952  Browser - ok
10:08:41.0671 3952  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:08:41.0733 3952  Brserid - ok
10:08:41.0733 3952  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:41.0780 3952  BrSerWdm - ok
10:08:41.0796 3952  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:41.0858 3952  BrUsbMdm - ok
10:08:41.0858 3952  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:41.0889 3952  BrUsbSer - ok
10:08:41.0905 3952  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:41.0936 3952  BTHMODEM - ok
10:08:41.0983 3952  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:08:42.0076 3952  bthserv - ok
10:08:42.0123 3952  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0201 3952  cdfs - ok
10:08:42.0248 3952  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:08:42.0295 3952  cdrom - ok
10:08:42.0310 3952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:08:42.0420 3952  CertPropSvc - ok
10:08:42.0451 3952  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0498 3952  circlass - ok
10:08:42.0576 3952  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:08:42.0607 3952  CLFS - ok
10:08:42.0654 3952  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0685 3952  clr_optimization_v2.0.50727_32 - ok
10:08:42.0763 3952  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0794 3952  clr_optimization_v2.0.50727_64 - ok
10:08:42.0872 3952  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0888 3952  clr_optimization_v4.0.30319_32 - ok
10:08:42.0919 3952  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0934 3952  clr_optimization_v4.0.30319_64 - ok
10:08:42.0966 3952  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:43.0012 3952  CmBatt - ok
10:08:43.0059 3952  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:08:43.0075 3952  cmdide - ok
10:08:43.0137 3952  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:08:43.0200 3952  CNG - ok
10:08:43.0246 3952  [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:08:43.0356 3952  CnxtHdAudService - ok
10:08:43.0387 3952  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:08:43.0418 3952  Compbatt - ok
10:08:43.0449 3952  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:08:43.0496 3952  CompositeBus - ok
10:08:43.0512 3952  COMSysApp - ok
10:08:43.0527 3952  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:43.0558 3952  crcdisk - ok
10:08:43.0590 3952  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:08:43.0636 3952  CryptSvc - ok
10:08:43.0683 3952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:08:43.0808 3952  DcomLaunch - ok
10:08:43.0855 3952  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:08:43.0948 3952  defragsvc - ok
10:08:43.0995 3952  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:08:44.0104 3952  DfsC - ok
10:08:44.0136 3952  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:08:44.0167 3952  Dhcp - ok
10:08:44.0214 3952  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:08:44.0307 3952  discache - ok
10:08:44.0354 3952  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:08:44.0385 3952  Disk - ok
10:08:44.0650 3952  [ ECDA7D5B479F6C38C9D3D74868CB6401 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:08:45.0025 3952  DisplayLinkService - ok
10:08:45.0072 3952  [ 64FF7EAA324702E824AFFD24D4B33412 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
10:08:45.0118 3952  DisplayLinkUsbPort - ok
10:08:45.0150 3952  [ 0E787242686A9FC890ED420C9C287686 ] dlcdbus         C:\Windows\system32\DRIVERS\dlcdbus.sys
10:08:45.0181 3952  dlcdbus - ok
10:08:45.0212 3952  [ B77DE8ECE8C423CC2DE0812FEB13BF5E ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
10:08:45.0243 3952  dlkmd - ok
10:08:45.0259 3952  [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
10:08:45.0290 3952  dlkmdldr - ok
10:08:45.0306 3952  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:08:45.0337 3952  Dnscache - ok
10:08:45.0368 3952  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:08:45.0477 3952  dot3svc - ok
10:08:45.0508 3952  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:08:45.0602 3952  DPS - ok
10:08:45.0633 3952  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:08:45.0680 3952  drmkaud - ok
10:08:45.0742 3952  [ 50AAD2A07BD8B90A8CFB4F6D7A4D165A ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
10:08:45.0774 3952  DSI_SiUSBXp_3_1 - ok
10:08:45.0836 3952  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:08:45.0930 3952  DXGKrnl - ok
10:08:45.0976 3952  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:08:46.0070 3952  EapHost - ok
10:08:46.0148 3952  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:08:46.0351 3952  ebdrv - ok
10:08:46.0382 3952  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:08:46.0413 3952  EFS - ok
10:08:46.0476 3952  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:08:46.0554 3952  ehRecvr - ok
10:08:46.0585 3952  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:08:46.0647 3952  ehSched - ok
10:08:46.0694 3952  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:08:46.0741 3952  elxstor - ok
10:08:46.0756 3952  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:08:46.0803 3952  ErrDev - ok
10:08:46.0850 3952  [ 06C94BE9D9E1E6411429433A64A76936 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
10:08:46.0912 3952  ETD - ok
10:08:46.0959 3952  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:08:47.0068 3952  EventSystem - ok
10:08:47.0100 3952  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:08:47.0193 3952  exfat - ok
10:08:47.0240 3952  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:08:47.0349 3952  fastfat - ok
10:08:47.0396 3952  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:08:47.0490 3952  Fax - ok
10:08:47.0521 3952  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:08:47.0568 3952  fdc - ok
10:08:47.0583 3952  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:08:47.0661 3952  fdPHost - ok
10:08:47.0677 3952  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:08:47.0770 3952  FDResPub - ok
10:08:47.0833 3952  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:08:47.0895 3952  FileInfo - ok
10:08:47.0911 3952  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:08:48.0004 3952  Filetrace - ok
10:08:48.0082 3952  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:08:48.0160 3952  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0160 3952  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:08:48.0192 3952  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:48.0223 3952  flpydisk - ok
10:08:48.0270 3952  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:08:48.0316 3952  FltMgr - ok
10:08:48.0379 3952  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:08:48.0457 3952  FontCache - ok
10:08:48.0519 3952  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:48.0550 3952  FontCache3.0.0.0 - ok
10:08:48.0566 3952  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:08:48.0597 3952  FsDepends - ok
10:08:48.0644 3952  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:08:48.0675 3952  Fs_Rec - ok
10:08:48.0722 3952  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:08:48.0753 3952  fvevol - ok
10:08:48.0800 3952  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:48.0831 3952  gagp30kx - ok
10:08:48.0862 3952  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:08:48.0987 3952  gpsvc - ok
10:08:49.0065 3952  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0081 3952  gupdate - ok
10:08:49.0174 3952  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0190 3952  gupdatem - ok
10:08:49.0221 3952  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:08:49.0268 3952  hcw85cir - ok
10:08:49.0299 3952  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:49.0393 3952  HdAudAddService - ok
10:08:49.0424 3952  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:08:49.0471 3952  HDAudBus - ok
10:08:49.0502 3952  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:49.0533 3952  HECIx64 - ok
10:08:49.0549 3952  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:49.0611 3952  HidBatt - ok
10:08:49.0611 3952  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:08:49.0658 3952  HidBth - ok
10:08:49.0674 3952  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:08:49.0736 3952  HidIr - ok
10:08:49.0752 3952  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:08:49.0845 3952  hidserv - ok
10:08:49.0892 3952  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:08:49.0923 3952  HidUsb - ok
10:08:49.0954 3952  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:08:50.0032 3952  hkmsvc - ok
10:08:50.0064 3952  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:50.0110 3952  HomeGroupListener - ok
10:08:50.0157 3952  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:50.0188 3952  HomeGroupProvider - ok
10:08:50.0235 3952  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:08:50.0266 3952  HpSAMD - ok
10:08:50.0329 3952  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:08:50.0454 3952  HTTP - ok
10:08:50.0500 3952  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:08:50.0516 3952  hwpolicy - ok
10:08:50.0547 3952  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:08:50.0578 3952  i8042prt - ok
10:08:50.0610 3952  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:08:50.0641 3952  iaStor - ok
10:08:50.0672 3952  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:08:50.0719 3952  iaStorV - ok
10:08:50.0781 3952  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:50.0875 3952  idsvc - ok
10:08:51.0249 3952  [ 174BCAC474DE13B2650E444CF124828E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:51.0811 3952  igfx - ok
10:08:51.0858 3952  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:08:51.0889 3952  iirsp - ok
10:08:51.0936 3952  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:08:52.0060 3952  IKEEXT - ok
10:08:52.0107 3952  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
10:08:52.0185 3952  Impcd - ok
10:08:52.0232 3952  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:08:52.0279 3952  IntcDAud - ok
10:08:52.0310 3952  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:08:52.0341 3952  intelide - ok
10:08:52.0372 3952  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:08:52.0404 3952  intelppm - ok
10:08:52.0450 3952  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:08:52.0513 3952  IPBusEnum - ok
10:08:52.0544 3952  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:52.0638 3952  IpFilterDriver - ok
10:08:52.0684 3952  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:08:52.0778 3952  iphlpsvc - ok
10:08:52.0794 3952  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:08:52.0840 3952  IPMIDRV - ok
10:08:52.0872 3952  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:08:52.0981 3952  IPNAT - ok
10:08:53.0012 3952  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:08:53.0106 3952  IRENUM - ok
10:08:53.0152 3952  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:08:53.0184 3952  isapnp - ok
10:08:53.0215 3952  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:08:53.0262 3952  iScsiPrt - ok
10:08:53.0277 3952  [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
10:08:53.0308 3952  JMCR - ok
10:08:53.0340 3952  [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME             C:\Windows\system32\DRIVERS\JME.sys
10:08:53.0371 3952  JME - ok
10:08:53.0386 3952  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:08:53.0418 3952  kbdclass - ok
10:08:53.0433 3952  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:08:53.0480 3952  kbdhid - ok
10:08:53.0511 3952  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
10:08:53.0542 3952  kbfiltr - ok
10:08:53.0558 3952  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:08:53.0589 3952  KeyIso - ok
10:08:53.0636 3952  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:08:53.0667 3952  KSecDD - ok
10:08:53.0683 3952  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:08:53.0730 3952  KSecPkg - ok
10:08:53.0776 3952  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:08:53.0870 3952  ksthunk - ok
10:08:53.0901 3952  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:08:54.0026 3952  KtmRm - ok
10:08:54.0073 3952  [ 44892163F1A1329FA5C22A4CEEBB1D45 ] LAN9500         C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
10:08:54.0104 3952  LAN9500 - ok
10:08:54.0166 3952  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:08:54.0276 3952  LanmanServer - ok
10:08:54.0307 3952  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:54.0385 3952  LanmanWorkstation - ok
10:08:54.0463 3952  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:08:54.0494 3952  LBTServ - ok
10:08:54.0525 3952  [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:08:54.0556 3952  LEqdUsb - ok
10:08:54.0572 3952  [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:08:54.0588 3952  LHidEqd - ok
10:08:54.0603 3952  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:08:54.0619 3952  LHidFilt - ok
10:08:54.0681 3952  [ 02538E602280C07438C94489DCBE77D5 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
10:08:54.0697 3952  libusb0 - ok
10:08:54.0744 3952  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:08:54.0837 3952  lltdio - ok
10:08:54.0884 3952  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:08:54.0993 3952  lltdsvc - ok
10:08:55.0024 3952  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:08:55.0102 3952  lmhosts - ok
10:08:55.0134 3952  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:08:55.0165 3952  LMouFilt - ok
10:08:55.0212 3952  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:55.0243 3952  LMS ( UnsignedFile.Multi.Generic ) - warning
10:08:55.0243 3952  LMS - detected UnsignedFile.Multi.Generic (1)
10:08:55.0274 3952  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:55.0305 3952  LSI_FC - ok
10:08:55.0321 3952  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:55.0352 3952  LSI_SAS - ok
10:08:55.0368 3952  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:55.0399 3952  LSI_SAS2 - ok
10:08:55.0414 3952  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:55.0446 3952  LSI_SCSI - ok
10:08:55.0461 3952  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:08:55.0570 3952  luafv - ok
10:08:55.0602 3952  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
10:08:55.0617 3952  lullaby - ok
10:08:55.0695 3952  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
10:08:55.0742 3952  McComponentHostService - ok
10:08:55.0789 3952  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:08:55.0836 3952  Mcx2Svc - ok
10:08:55.0867 3952  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:08:55.0898 3952  megasas - ok
10:08:55.0914 3952  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:55.0976 3952  MegaSR - ok
10:08:56.0054 3952  Microsoft SharePoint Workspace Audit Service - ok
10:08:56.0070 3952  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:08:56.0163 3952  MMCSS - ok
10:08:56.0210 3952  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:08:56.0319 3952  Modem - ok
10:08:56.0335 3952  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:08:56.0366 3952  monitor - ok
10:08:56.0397 3952  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:08:56.0413 3952  mouclass - ok
10:08:56.0460 3952  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:08:56.0506 3952  mouhid - ok
10:08:56.0522 3952  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:08:56.0553 3952  mountmgr - ok
10:08:56.0631 3952  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:56.0647 3952  MozillaMaintenance - ok
10:08:56.0662 3952  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:08:56.0694 3952  mpio - ok
10:08:56.0725 3952  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:08:56.0818 3952  mpsdrv - ok
10:08:56.0850 3952  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:08:56.0974 3952  MpsSvc - ok
10:08:57.0006 3952  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:08:57.0068 3952  MRxDAV - ok
10:08:57.0130 3952  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:57.0177 3952  mrxsmb - ok
10:08:57.0224 3952  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:57.0286 3952  mrxsmb10 - ok
10:08:57.0318 3952  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:57.0380 3952  mrxsmb20 - ok
10:08:57.0396 3952  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:08:57.0427 3952  msahci - ok
10:08:57.0458 3952  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:08:57.0489 3952  msdsm - ok
10:08:57.0520 3952  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:08:57.0567 3952  MSDTC - ok
10:08:57.0614 3952  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:08:57.0723 3952  Msfs - ok
10:08:57.0739 3952  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:08:57.0817 3952  mshidkmdf - ok
10:08:57.0848 3952  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:08:57.0864 3952  msisadrv - ok
10:08:57.0895 3952  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:08:57.0988 3952  MSiSCSI - ok
10:08:58.0004 3952  msiserver - ok
10:08:58.0035 3952  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:08:58.0129 3952  MSKSSRV - ok
10:08:58.0144 3952  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:58.0238 3952  MSPCLOCK - ok
10:08:58.0254 3952  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:08:58.0347 3952  MSPQM - ok
10:08:58.0378 3952  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:08:58.0410 3952  MsRPC - ok
10:08:58.0456 3952  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:08:58.0472 3952  mssmbios - ok
10:08:58.0488 3952  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:08:58.0581 3952  MSTEE - ok
10:08:58.0581 3952  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:58.0628 3952  MTConfig - ok
10:08:58.0675 3952  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
10:08:58.0690 3952  MTsensor - ok
10:08:58.0690 3952  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:08:58.0722 3952  Mup - ok
10:08:58.0753 3952  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:08:58.0862 3952  napagent - ok
10:08:58.0893 3952  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:08:58.0940 3952  NativeWifiP - ok
10:08:58.0987 3952  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:08:59.0049 3952  NDIS - ok
10:08:59.0065 3952  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:59.0158 3952  NdisCap - ok
10:08:59.0205 3952  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:59.0299 3952  NdisTapi - ok
10:08:59.0314 3952  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:59.0408 3952  Ndisuio - ok
10:08:59.0439 3952  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:59.0533 3952  NdisWan - ok
10:08:59.0564 3952  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:08:59.0642 3952  NDProxy - ok
10:08:59.0720 3952  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:08:59.0751 3952  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:08:59.0751 3952  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:08:59.0782 3952  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:08:59.0892 3952  NetBIOS - ok
10:08:59.0938 3952  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:09:00.0032 3952  NetBT - ok
10:09:00.0048 3952  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:09:00.0079 3952  Netlogon - ok
10:09:00.0110 3952  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:09:00.0219 3952  Netman - ok
10:09:00.0250 3952  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:09:00.0344 3952  netprofm - ok
10:09:00.0375 3952  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:00.0406 3952  NetTcpPortSharing - ok
10:09:00.0422 3952  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:09:00.0453 3952  nfrd960 - ok
10:09:00.0484 3952  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:09:00.0531 3952  NlaSvc - ok
10:09:00.0547 3952  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:09:00.0625 3952  Npfs - ok
10:09:00.0656 3952  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:09:00.0750 3952  nsi - ok
10:09:00.0781 3952  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:09:00.0859 3952  nsiproxy - ok
10:09:00.0937 3952  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:09:01.0108 3952  Ntfs - ok
10:09:01.0155 3952  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:09:01.0233 3952  Null - ok
10:09:01.0561 3952  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:02.0169 3952  nvlddmkm - ok
10:09:02.0278 3952  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
10:09:02.0310 3952  nvpciflt - ok
10:09:02.0341 3952  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:09:02.0372 3952  nvraid - ok
10:09:02.0388 3952  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:09:02.0419 3952  nvstor - ok
10:09:02.0481 3952  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:09:02.0544 3952  nvsvc - ok
10:09:02.0637 3952  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:09:02.0715 3952  nvUpdatusService - ok
10:09:02.0746 3952  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:09:02.0778 3952  nv_agp - ok
10:09:02.0778 3952  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:09:02.0824 3952  ohci1394 - ok
10:09:02.0918 3952  [ 379F3CDCD9917135B7629FA90F87FD1D ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
10:09:03.0043 3952  OODefragAgent - ok
10:09:03.0090 3952  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:03.0105 3952  ose - ok
10:09:03.0246 3952  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:09:03.0480 3952  osppsvc - ok
10:09:03.0526 3952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:09:03.0573 3952  p2pimsvc - ok
10:09:03.0589 3952  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:09:03.0636 3952  p2psvc - ok
10:09:03.0667 3952  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:09:03.0714 3952  Parport - ok
10:09:03.0745 3952  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:09:03.0776 3952  partmgr - ok
10:09:03.0807 3952  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:09:03.0854 3952  PcaSvc - ok
10:09:03.0901 3952  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:09:03.0932 3952  pci - ok
10:09:03.0948 3952  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:09:03.0979 3952  pciide - ok
10:09:04.0010 3952  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:09:04.0041 3952  pcmcia - ok
10:09:04.0104 3952  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:09:04.0135 3952  pcw - ok
10:09:04.0166 3952  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:09:04.0291 3952  PEAUTH - ok
10:09:04.0384 3952  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:09:04.0416 3952  PerfHost - ok
10:09:04.0478 3952  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:09:04.0650 3952  pla - ok
10:09:04.0696 3952  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:09:04.0743 3952  PlugPlay - ok
10:09:04.0806 3952  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:09:04.0837 3952  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:09:04.0837 3952  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:09:04.0852 3952  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:09:04.0899 3952  PNRPAutoReg - ok
10:09:04.0930 3952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:09:04.0962 3952  PNRPsvc - ok
10:09:04.0993 3952  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:09:05.0071 3952  PolicyAgent - ok
10:09:05.0102 3952  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:09:05.0196 3952  Power - ok
10:09:05.0227 3952  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:09:05.0336 3952  PptpMiniport - ok
10:09:05.0367 3952  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:09:05.0398 3952  Processor - ok
10:09:05.0461 3952  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:09:05.0508 3952  ProfSvc - ok
10:09:05.0523 3952  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:05.0539 3952  ProtectedStorage - ok
10:09:05.0570 3952  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:09:05.0648 3952  Psched - ok
10:09:05.0695 3952  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:09:05.0835 3952  ql2300 - ok
10:09:05.0851 3952  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:09:05.0882 3952  ql40xx - ok
10:09:05.0913 3952  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:09:05.0960 3952  QWAVE - ok
10:09:05.0976 3952  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:09:06.0022 3952  QWAVEdrv - ok
10:09:06.0054 3952  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:09:06.0132 3952  RasAcd - ok
10:09:06.0178 3952  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:06.0272 3952  RasAgileVpn - ok
10:09:06.0303 3952  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:09:06.0397 3952  RasAuto - ok
10:09:06.0444 3952  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:06.0553 3952  Rasl2tp - ok
10:09:06.0600 3952  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:09:06.0709 3952  RasMan - ok
10:09:06.0756 3952  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:06.0834 3952  RasPppoe - ok
10:09:06.0865 3952  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:09:06.0958 3952  RasSstp - ok
10:09:07.0005 3952  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:09:07.0114 3952  rdbss - ok
10:09:07.0130 3952  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:07.0177 3952  rdpbus - ok
10:09:07.0208 3952  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:07.0302 3952  RDPCDD - ok
10:09:07.0317 3952  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:09:07.0411 3952  RDPENCDD - ok
10:09:07.0442 3952  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:09:07.0520 3952  RDPREFMP - ok
10:09:07.0582 3952  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:09:07.0598 3952  RdpVideoMiniport - ok
10:09:07.0629 3952  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:09:07.0692 3952  RDPWD - ok
10:09:07.0723 3952  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:09:07.0770 3952  rdyboost - ok
10:09:07.0816 3952  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:09:07.0910 3952  RemoteAccess - ok
10:09:07.0941 3952  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:09:08.0035 3952  RemoteRegistry - ok
10:09:08.0050 3952  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:09:08.0144 3952  RpcEptMapper - ok
10:09:08.0160 3952  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:09:08.0206 3952  RpcLocator - ok
10:09:08.0253 3952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:09:08.0331 3952  RpcSs - ok
10:09:08.0394 3952  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:09:08.0487 3952  rspndr - ok
10:09:08.0550 3952  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
10:09:08.0565 3952  s0016bus - ok
10:09:08.0581 3952  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:09:08.0596 3952  s0016mdfl - ok
10:09:08.0612 3952  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
10:09:08.0628 3952  s0016mdm - ok
10:09:08.0643 3952  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:09:08.0690 3952  s0016mgmt - ok
10:09:08.0690 3952  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
10:09:08.0721 3952  s0016nd5 - ok
10:09:08.0721 3952  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
10:09:08.0752 3952  s0016obex - ok
10:09:08.0768 3952  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
10:09:08.0799 3952  s0016unic - ok
10:09:08.0815 3952  [ E0F0977CAAFDF719929C8CA02A1C5147 ] s115bus         C:\Windows\system32\DRIVERS\s115bus.sys
10:09:08.0846 3952  s115bus - ok
10:09:08.0877 3952  [ 136328E6C3086A19EB3154058BC7B3A3 ] s115mdfl        C:\Windows\system32\DRIVERS\s115mdfl.sys
10:09:08.0893 3952  s115mdfl - ok
10:09:08.0924 3952  [ 54552277DE7EAE1A2E108A4CFF7ABB07 ] s115mdm         C:\Windows\system32\DRIVERS\s115mdm.sys
10:09:08.0940 3952  s115mdm - ok
10:09:08.0986 3952  [ E9B3966836CB9C2107264E44249267DF ] s115mgmt        C:\Windows\system32\DRIVERS\s115mgmt.sys
10:09:09.0018 3952  s115mgmt - ok
10:09:09.0049 3952  [ F6AB3B6E35981C4F3FED4198D3F29674 ] s115obex        C:\Windows\system32\DRIVERS\s115obex.sys
10:09:09.0064 3952  s115obex - ok
10:09:09.0096 3952  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:09:09.0111 3952  SamSs - ok
10:09:09.0174 3952  [ B7E1FF02C6A9BCDE9A34DE801E379844 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
10:09:09.0205 3952  SbieDrv - ok
10:09:09.0236 3952  [ 4B30590ABBBE4138BD4999FDF586AE53 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
10:09:09.0252 3952  SbieSvc - ok
10:09:09.0283 3952  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:09:09.0314 3952  sbp2port - ok
10:09:09.0345 3952  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:09:09.0439 3952  SCardSvr - ok
10:09:09.0470 3952  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:09:09.0548 3952  scfilter - ok
10:09:09.0610 3952  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:09:09.0720 3952  Schedule - ok
10:09:09.0735 3952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:09:09.0813 3952  SCPolicySvc - ok
10:09:09.0829 3952  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:09:09.0876 3952  sdbus - ok
10:09:09.0907 3952  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:09:09.0954 3952  SDRSVC - ok
10:09:09.0985 3952  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:09:10.0078 3952  secdrv - ok
10:09:10.0110 3952  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:09:10.0203 3952  seclogon - ok
10:09:10.0234 3952  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:09:10.0328 3952  SENS - ok
10:09:10.0344 3952  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:09:10.0390 3952  SensrSvc - ok
10:09:10.0406 3952  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:09:10.0453 3952  Serenum - ok
10:09:10.0468 3952  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:09:10.0515 3952  Serial - ok
10:09:10.0546 3952  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:09:10.0593 3952  sermouse - ok
10:09:10.0624 3952  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:09:10.0734 3952  SessionEnv - ok
10:09:10.0765 3952  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:09:10.0812 3952  sffdisk - ok
10:09:10.0858 3952  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:09:10.0890 3952  sffp_mmc - ok
10:09:10.0905 3952  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:09:10.0936 3952  sffp_sd - ok
10:09:10.0952 3952  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:09:10.0999 3952  sfloppy - ok
10:09:11.0061 3952  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:09:11.0139 3952  SharedAccess - ok
10:09:11.0186 3952  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:11.0280 3952  ShellHWDetection - ok
10:09:11.0342 3952  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
10:09:11.0389 3952  SiSGbeLH - ok
10:09:11.0389 3952  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:09:11.0420 3952  SiSRaid2 - ok
10:09:11.0436 3952  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:09:11.0467 3952  SiSRaid4 - ok
10:09:11.0529 3952  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:09:11.0592 3952  SkypeUpdate - ok
10:09:11.0607 3952  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:09:11.0716 3952  Smb - ok
10:09:11.0779 3952  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:09:11.0810 3952  snapman - ok
10:09:11.0826 3952  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:09:11.0872 3952  SNMPTRAP - ok
10:09:11.0950 3952  [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
10:09:12.0091 3952  SNP2UVC - ok
10:09:12.0122 3952  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:09:12.0153 3952  spldr - ok
10:09:12.0184 3952  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:09:12.0231 3952  Spooler - ok
10:09:12.0325 3952  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:09:12.0528 3952  sppsvc - ok
10:09:12.0574 3952  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:09:12.0668 3952  sppuinotify - ok
10:09:12.0730 3952  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
10:09:12.0824 3952  sptd - ok
10:09:12.0871 3952  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:09:12.0949 3952  srv - ok
10:09:12.0980 3952  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:09:13.0058 3952  srv2 - ok
10:09:13.0105 3952  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:09:13.0152 3952  srvnet - ok
10:09:13.0198 3952  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:09:13.0292 3952  SSDPSRV - ok
10:09:13.0308 3952  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:09:13.0401 3952  SstpSvc - ok
10:09:13.0432 3952  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:09:13.0464 3952  stexstor - ok
10:09:13.0479 3952  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:09:13.0526 3952  StillCam - ok
10:09:13.0573 3952  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:09:13.0651 3952  stisvc - ok
10:09:13.0666 3952  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:09:13.0698 3952  swenum - ok
10:09:13.0729 3952  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:09:13.0807 3952  swprv - ok
10:09:13.0885 3952  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:09:13.0978 3952  SysMain - ok
10:09:14.0010 3952  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:14.0041 3952  TabletInputService - ok
10:09:14.0072 3952  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:09:14.0181 3952  TapiSrv - ok
10:09:14.0228 3952  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:09:14.0322 3952  TBS - ok
10:09:14.0384 3952  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:09:14.0556 3952  Tcpip - ok
10:09:14.0618 3952  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:09:14.0680 3952  TCPIP6 - ok
10:09:14.0727 3952  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:09:14.0790 3952  tcpipreg - ok
10:09:14.0821 3952  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:09:14.0852 3952  TDPIPE - ok
10:09:14.0946 3952  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
10:09:15.0055 3952  tdrpman273 - ok
10:09:15.0086 3952  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:09:15.0102 3952  TDTCP - ok
10:09:15.0148 3952  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:09:15.0242 3952  tdx - ok
10:09:15.0304 3952  [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
10:09:15.0320 3952  TeamViewer5 - ok
10:09:15.0367 3952  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:09:15.0382 3952  teamviewervpn - ok
10:09:15.0398 3952  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:09:15.0429 3952  TermDD - ok
10:09:15.0460 3952  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:09:15.0663 3952  TermService - ok
10:09:15.0694 3952  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:09:15.0741 3952  Themes - ok
10:09:15.0772 3952  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:09:15.0850 3952  THREADORDER - ok
10:09:15.0897 3952  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:09:15.0991 3952  timounter - ok
10:09:16.0053 3952  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:09:16.0147 3952  TrkWks - ok
10:09:16.0194 3952  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:16.0287 3952  TrustedInstaller - ok
10:09:16.0334 3952  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:16.0428 3952  tssecsrv - ok
10:09:16.0474 3952  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:09:16.0521 3952  TsUsbFlt - ok
10:09:16.0568 3952  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:09:16.0662 3952  tunnel - ok
10:09:16.0693 3952  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
10:09:16.0708 3952  TurboB - ok
10:09:16.0771 3952  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:09:16.0786 3952  TurboBoost - ok
10:09:16.0833 3952  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:09:16.0880 3952  uagp35 - ok
10:09:16.0911 3952  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:09:17.0020 3952  udfs - ok
10:09:17.0052 3952  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:09:17.0098 3952  UI0Detect - ok
10:09:17.0130 3952  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:09:17.0161 3952  uliagpkx - ok
10:09:17.0176 3952  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:09:17.0208 3952  umbus - ok
10:09:17.0239 3952  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:09:17.0286 3952  UmPass - ok
10:09:17.0379 3952  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:09:17.0473 3952  UNS ( UnsignedFile.Multi.Generic ) - warning
10:09:17.0473 3952  UNS - detected UnsignedFile.Multi.Generic (1)
10:09:17.0520 3952  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:09:17.0613 3952  upnphost - ok
10:09:17.0676 3952  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:09:17.0722 3952  usbaudio - ok
10:09:17.0754 3952  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:17.0785 3952  usbccgp - ok
10:09:17.0800 3952  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:09:17.0847 3952  usbcir - ok
10:09:17.0878 3952  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:09:17.0925 3952  usbehci - ok
10:09:17.0956 3952  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:09:17.0988 3952  usbhub - ok
10:09:18.0003 3952  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:09:18.0034 3952  usbohci - ok
10:09:18.0050 3952  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:09:18.0081 3952  usbprint - ok
10:09:18.0097 3952  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:18.0159 3952  USBSTOR - ok
10:09:18.0159 3952  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:09:18.0206 3952  usbuhci - ok
10:09:18.0222 3952  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:09:18.0284 3952  usbvideo - ok
10:09:18.0315 3952  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:09:18.0393 3952  UxSms - ok
10:09:18.0424 3952  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:09:18.0440 3952  VaultSvc - ok
10:09:18.0456 3952  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:09:18.0487 3952  vdrvroot - ok
10:09:18.0518 3952  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:09:18.0627 3952  vds - ok
10:09:18.0658 3952  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:18.0690 3952  vga - ok
10:09:18.0705 3952  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:09:18.0814 3952  VgaSave - ok
10:09:18.0846 3952  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:09:18.0877 3952  vhdmp - ok
10:09:18.0908 3952  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:09:18.0924 3952  viaide - ok
10:09:18.0955 3952  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:09:18.0986 3952  volmgr - ok
10:09:19.0017 3952  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:09:19.0048 3952  volmgrx - ok
10:09:19.0080 3952  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:09:19.0126 3952  volsnap - ok
10:09:19.0189 3952  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:09:19.0220 3952  vpnagent - ok
10:09:19.0251 3952  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
10:09:19.0267 3952  vpnva - ok
10:09:19.0298 3952  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:09:19.0345 3952  vsmraid - ok
10:09:19.0407 3952  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:09:19.0548 3952  VSS - ok
10:09:19.0563 3952  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:19.0626 3952  vwifibus - ok
10:09:19.0672 3952  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:19.0735 3952  vwififlt - ok
10:09:19.0766 3952  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:09:19.0813 3952  vwifimp - ok
10:09:19.0860 3952  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:09:19.0938 3952  W32Time - ok
10:09:19.0969 3952  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:09:20.0000 3952  WacomPen - ok
10:09:20.0047 3952  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0140 3952  WANARP - ok
10:09:20.0140 3952  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0218 3952  Wanarpv6 - ok
10:09:20.0296 3952  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:20.0374 3952  WatAdminSvc - ok
10:09:20.0437 3952  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:09:20.0546 3952  wbengine - ok
10:09:20.0577 3952  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:09:20.0624 3952  WbioSrvc - ok
10:09:20.0671 3952  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:09:20.0718 3952  wcncsvc - ok
10:09:20.0733 3952  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:20.0780 3952  WcsPlugInService - ok
10:09:20.0827 3952  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:09:20.0842 3952  Wd - ok
10:09:20.0905 3952  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:09:20.0983 3952  Wdf01000 - ok
10:09:21.0014 3952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:09:21.0123 3952  WdiServiceHost - ok
10:09:21.0123 3952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:09:21.0170 3952  WdiSystemHost - ok
10:09:21.0201 3952  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:09:21.0279 3952  WebClient - ok
10:09:21.0295 3952  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:09:21.0420 3952  Wecsvc - ok
10:09:21.0451 3952  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:09:21.0544 3952  wercplsupport - ok
10:09:21.0576 3952  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:09:21.0669 3952  WerSvc - ok
10:09:21.0700 3952  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:21.0778 3952  WfpLwf - ok
10:09:21.0825 3952  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
10:09:21.0872 3952  WimFltr - ok
10:09:21.0903 3952  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:09:21.0934 3952  WIMMount - ok
10:09:21.0981 3952  WinDefend - ok
10:09:21.0997 3952  WinHttpAutoProxySvc - ok
10:09:22.0044 3952  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:09:22.0122 3952  Winmgmt - ok
10:09:22.0200 3952  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:09:22.0371 3952  WinRM - ok
10:09:22.0434 3952  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:22.0496 3952  WinUsb - ok
10:09:22.0543 3952  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:09:22.0636 3952  Wlansvc - ok
10:09:22.0714 3952  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:09:22.0839 3952  wlidsvc - ok
10:09:22.0870 3952  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:09:22.0917 3952  WmiAcpi - ok
10:09:22.0948 3952  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:09:22.0995 3952  wmiApSrv - ok
10:09:23.0026 3952  WMPNetworkSvc - ok
10:09:23.0058 3952  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:09:23.0120 3952  WPCSvc - ok
10:09:23.0151 3952  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:09:23.0182 3952  WPDBusEnum - ok
10:09:23.0229 3952  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:09:23.0323 3952  ws2ifsl - ok
10:09:23.0354 3952  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:09:23.0385 3952  wscsvc - ok
10:09:23.0401 3952  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:09:23.0448 3952  WSDPrintDevice - ok
10:09:23.0448 3952  WSearch - ok
10:09:23.0541 3952  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:09:23.0666 3952  wuauserv - ok
10:09:23.0697 3952  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:09:23.0728 3952  WudfPf - ok
10:09:23.0775 3952  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:23.0822 3952  WUDFRd - ok
10:09:23.0853 3952  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:09:23.0900 3952  wudfsvc - ok
10:09:23.0931 3952  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:09:23.0994 3952  WwanSvc - ok
10:09:24.0025 3952  ================ Scan global ===============================
10:09:24.0072 3952  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:09:24.0103 3952  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0118 3952  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0150 3952  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:09:24.0181 3952  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:09:24.0196 3952  [Global] - ok
10:09:24.0196 3952  ================ Scan MBR ==================================
10:09:24.0992 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:25.0179 3952  \Device\Harddisk3\DR4 - ok
10:09:25.0226 3952  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:09:25.0678 3952  \Device\Harddisk0\DR0 - ok
10:09:25.0678 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:09:26.0224 3952  \Device\Harddisk1\DR1 - ok
10:09:26.0224 3952  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
10:09:31.0014 3952  \Device\Harddisk2\DR3 - ok
10:09:31.0029 3952  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:31.0216 3952  \Device\Harddisk3\DR4 - ok
10:09:31.0216 3952  ================ Scan VBR ==================================
10:09:31.0216 3952  [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0216 3952  \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0279 3952  [ C1EFB675B04D3E0FEFEB0B2A9E55B3D3 ] \Device\Harddisk0\DR0\Partition1
10:09:31.0279 3952  \Device\Harddisk0\DR0\Partition1 - ok
10:09:31.0294 3952  [ E8FBD723A8500F903E608DCF5B339629 ] \Device\Harddisk0\DR0\Partition2
10:09:31.0294 3952  \Device\Harddisk0\DR0\Partition2 - ok
10:09:31.0310 3952  [ 8E37C8177012DCDC8A81A9657CA7B97F ] \Device\Harddisk1\DR1\Partition1
10:09:31.0310 3952  \Device\Harddisk1\DR1\Partition1 - ok
10:09:31.0310 3952  [ 364BE6FAD58CE19E8C0B3E4A5C363247 ] \Device\Harddisk2\DR3\Partition1
10:09:31.0326 3952  \Device\Harddisk2\DR3\Partition1 - ok
10:09:31.0326 3952  [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0326 3952  \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0326 3952  ============================================================
10:09:31.0326 3952  Scan finished
10:09:31.0326 3952  ============================================================
10:09:31.0357 6536  Detected object count: 5
10:09:31.0357 6536  Actual detected object count: 5
10:18:10.0916 6536  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0916 6536  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:10.0931 6536  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0931 6536  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 26.03.2013, 14:26   #14
t'john
/// Helfer-Team
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.03.2013, 15:05   #15
Bri
 
Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Standard

Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.



Ok, super, dass ich "clean" bin.
;-)

Tool-Bereinigung mit OTL: done
Systemwiederherstellung geleert: done

ABER:
Da ich Firefox aber seit dem letzten Windows Update nur im abgesicherten Modus starten kann, kann ich nicht auf die Sicherheits-Zonen zurücksetzen.

Antwort

Themen zu Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.
1clickdownload, adobe reader xi, antivir, avg, avira, bho, bingbar, converter, error, fehler, firefox, flash player, format, helper, home, hängen, install.exe, intranet, libusb0.sys, logfile, mozilla, msiinstaller, nvpciflt.sys, officejet, programm, registry, required, richtlinie, rundll, scan, security, software, starten, svchost.exe, trojaner, windows



Ähnliche Themen: Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.


  1. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  2. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  3. 2 Trojaner gefunden: P2P.Worm und ZbotR.Gen
    Log-Analyse und Auswertung - 23.03.2013 (9)
  4. Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (35)
  5. TR/PSW.Zbot.61440 und TR/Agent.65536.41
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (2)
  6. habe mir tr/agent.kl.25088 , tr/atraps.gen und bos/zeroAccess.gen und tr/psw.fareit.587 eingefangen (trojaner ? )
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (15)
  7. Trojan.SpyEyes, Trojan.ZbotR.Gen, 2x Trojan.Agent gefunden
    Mülltonne - 14.09.2012 (4)
  8. Backdoor.Agent + Spyware.Zbot.DG
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (25)
  9. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  10. Trojaner/ZbotR.Gen und Trojaner/Trash.Gen auf Pc gefunden!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (10)
  11. pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (3)
  12. BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a.
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (18)
  13. TR/PSW.Zbot.132096.Y.12 und Java/Agent.542
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (13)
  14. trojaner TR/Agent.ahe , TR/PCK.Katusha.O.157 , TR/PSW.Zbot.128000.Y.3 , Onlinebanking angegriffen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (12)
  15. 3 tw. unbekannte Trojaner TR/Spy.ZBot.hkp.2, TR/Dropper.Gen und TR/Spy.ZBot.hss
    Plagegeister aller Art und deren Bekämpfung - 25.01.2009 (0)
  16. Trojaner TR/Spy.Zbot.MU und Win32.Agent.pz
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (8)
  17. Win32.Agent.pz bzw. TR/Spy.ZBot.R
    Log-Analyse und Auswertung - 04.10.2007 (6)

Zum Thema Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. - Hallo, ich habe mir im Laufe der letzten Jahre wohl einiges eingefangen und habe das auch immer mit AVIRA bzw. Malewarebytes Anti-Malware, glaube auch SuperAntiSpyware, in den Griff bekommen. In - Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a....
Archiv
Du betrachtest: Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.