Merkwürdige TAN-Abfrage nach Login bei Online-Banking

cosinus · 12.05.2013, 21:17

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Birschu · 12.05.2013, 21:49

Der aswMBR-Scan ist tatsächlich abgebrochen mit der Meldung, dass das Programm wegen eines unbekannten Problems geschlossen wird. Soll ich jetzt trotzdem mit dem TDSS-Killer weitermachen?

cosinus · 12.05.2013, 21:54

Bitte lies die Anleitungen vollständig!
Es gibt einen Hinweis unten zu aswMBR!

Birschu · 12.05.2013, 22:09

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-12 23:18:38
-----------------------------
23:18:38.217    OS Version: Windows 6.1.7601 Service Pack 1
23:18:38.217    Number of processors: 4 586 0x2502
23:18:38.217    ComputerName: ***-PC  UserName: 
23:18:39.337    Initialize success
23:18:50.319    AVAST engine defs: 13051201
23:19:01.922    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:19:01.932    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:19:02.082    Disk 0 MBR read successfully
23:19:02.092    Disk 0 MBR scan
23:19:02.092    Disk 0 unknown MBR code
23:19:02.102    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:19:02.122    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       273397 MB offset 206848
23:19:02.162    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 560123904
23:19:02.182    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 623038464
23:19:02.192    Disk 0 scanning sectors +625139712
23:19:02.402    Disk 0 scanning C:\Windows\system32\drivers
23:19:17.646    Service scanning
23:19:54.742    Modules scanning
23:20:04.634    Disk 0 trace - called modules:
23:20:04.664    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
23:20:04.674    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d50030]
23:20:04.684    3 CLASSPNP.SYS[8b5a759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861af028]
23:20:04.694    Scan finished successfully
23:20:15.158    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
23:20:15.168    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Code:

ATTFilter

23:22:05.0256 4552  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:22:05.0576 4552  ============================================================
23:22:05.0576 4552  Current date / time: 2013/05/12 23:22:05.0576
23:22:05.0576 4552  SystemInfo:
23:22:05.0576 4552  
23:22:05.0576 4552  OS Version: 6.1.7601 ServicePack: 1.0
23:22:05.0576 4552  Product type: Workstation
23:22:05.0586 4552  ComputerName: ***-PC
23:22:05.0586 4552  UserName: ***
23:22:05.0586 4552  Windows directory: C:\Windows
23:22:05.0586 4552  System windows directory: C:\Windows
23:22:05.0586 4552  Processor architecture: Intel x86
23:22:05.0586 4552  Number of processors: 4
23:22:05.0586 4552  Page size: 0x1000
23:22:05.0586 4552  Boot type: Normal boot
23:22:05.0586 4552  ============================================================
23:22:06.0166 4552  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:22:06.0176 4552  ============================================================
23:22:06.0176 4552  \Device\Harddisk0\DR0:
23:22:06.0176 4552  MBR partitions:
23:22:06.0176 4552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:22:06.0176 4552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x215FA800
23:22:06.0176 4552  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2162D000, BlocksNum 0x3C00000
23:22:06.0176 4552  ============================================================
23:22:06.0206 4552  C: <-> \Device\Harddisk0\DR0\Partition2
23:22:06.0266 4552  D: <-> \Device\Harddisk0\DR0\Partition3
23:22:06.0266 4552  ============================================================
23:22:06.0266 4552  Initialize success
23:22:06.0266 4552  ============================================================
23:22:44.0454 1796  ============================================================
23:22:44.0454 1796  Scan started
23:22:44.0454 1796  Mode: Manual; SigCheck; TDLFS; 
23:22:44.0454 1796  ============================================================
23:22:44.0714 1796  ================ Scan system memory ========================
23:22:44.0714 1796  System memory - ok
23:22:44.0714 1796  ================ Scan services =============================
23:22:44.0934 1796  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:22:45.0074 1796  1394ohci - ok
23:22:45.0104 1796  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:22:45.0124 1796  ACPI - ok
23:22:45.0164 1796  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:22:45.0254 1796  AcpiPmi - ok
23:22:45.0384 1796  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:22:45.0414 1796  AdobeARMservice - ok
23:22:45.0494 1796  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:22:45.0514 1796  AdobeFlashPlayerUpdateSvc - ok
23:22:45.0564 1796  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:22:45.0584 1796  adp94xx - ok
23:22:45.0624 1796  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:22:45.0634 1796  adpahci - ok
23:22:45.0654 1796  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:22:45.0664 1796  adpu320 - ok
23:22:45.0694 1796  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:22:45.0764 1796  AeLookupSvc - ok
23:22:45.0824 1796  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:22:45.0904 1796  AFD - ok
23:22:45.0964 1796  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:22:45.0974 1796  agp440 - ok
23:22:46.0014 1796  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:22:46.0024 1796  aic78xx - ok
23:22:46.0074 1796  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:22:46.0164 1796  ALG - ok
23:22:46.0224 1796  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:22:46.0234 1796  aliide - ok
23:22:46.0264 1796  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:22:46.0284 1796  amdagp - ok
23:22:46.0314 1796  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:22:46.0324 1796  amdide - ok
23:22:46.0364 1796  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:22:46.0454 1796  AmdK8 - ok
23:22:46.0474 1796  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:22:46.0534 1796  AmdPPM - ok
23:22:46.0604 1796  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:22:46.0624 1796  amdsata - ok
23:22:46.0644 1796  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:22:46.0664 1796  amdsbs - ok
23:22:46.0674 1796  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:22:46.0694 1796  amdxata - ok
23:22:46.0784 1796  [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
23:22:46.0814 1796  AntiVirMailService - ok
23:22:46.0874 1796  [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:22:46.0884 1796  AntiVirSchedulerService - ok
23:22:46.0954 1796  [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:22:46.0964 1796  AntiVirService - ok
23:22:46.0994 1796  [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:22:47.0014 1796  AntiVirWebService - ok
23:22:47.0064 1796  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:22:47.0124 1796  AppID - ok
23:22:47.0174 1796  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:22:47.0224 1796  AppIDSvc - ok
23:22:47.0274 1796  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:22:47.0344 1796  Appinfo - ok
23:22:47.0454 1796  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:22:47.0484 1796  Apple Mobile Device - ok
23:22:47.0534 1796  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:22:47.0544 1796  arc - ok
23:22:47.0574 1796  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:22:47.0584 1796  arcsas - ok
23:22:47.0624 1796  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:22:47.0744 1796  AsyncMac - ok
23:22:47.0804 1796  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:22:47.0814 1796  atapi - ok
23:22:47.0874 1796  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:22:47.0944 1796  AudioEndpointBuilder - ok
23:22:47.0954 1796  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:22:47.0984 1796  Audiosrv - ok
23:22:48.0054 1796  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:22:48.0064 1796  avgntflt - ok
23:22:48.0114 1796  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:22:48.0134 1796  avipbb - ok
23:22:48.0154 1796  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:22:48.0164 1796  avkmgr - ok
23:22:48.0224 1796  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:22:48.0304 1796  AxInstSV - ok
23:22:48.0344 1796  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:22:48.0424 1796  b06bdrv - ok
23:22:48.0444 1796  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:22:48.0464 1796  b57nd60x - ok
23:22:48.0534 1796  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:22:48.0574 1796  BBSvc - ok
23:22:48.0634 1796  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:22:48.0644 1796  BBUpdate - ok
23:22:48.0674 1796  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:22:48.0734 1796  BDESVC - ok
23:22:48.0784 1796  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:22:48.0844 1796  Beep - ok
23:22:48.0914 1796  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:22:48.0984 1796  BFE - ok
23:22:49.0064 1796  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
23:22:49.0104 1796  BITS - ok
23:22:49.0134 1796  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:22:49.0184 1796  blbdrive - ok
23:22:49.0274 1796  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:22:49.0294 1796  Bonjour Service - ok
23:22:49.0344 1796  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:22:49.0414 1796  bowser - ok
23:22:49.0424 1796  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:22:49.0464 1796  BrFiltLo - ok
23:22:49.0474 1796  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:22:49.0524 1796  BrFiltUp - ok
23:22:49.0574 1796  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:22:49.0604 1796  BridgeMP - ok
23:22:49.0664 1796  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:22:49.0734 1796  Browser - ok
23:22:49.0764 1796  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:22:49.0834 1796  Brserid - ok
23:22:49.0864 1796  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:22:49.0904 1796  BrSerWdm - ok
23:22:49.0944 1796  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:22:49.0994 1796  BrUsbMdm - ok
23:22:50.0024 1796  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:22:50.0064 1796  BrUsbSer - ok
23:22:50.0104 1796  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:22:50.0124 1796  BTHMODEM - ok
23:22:50.0175 1796  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:22:50.0225 1796  bthserv - ok
23:22:50.0345 1796  catchme - ok
23:22:50.0385 1796  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:22:50.0455 1796  cdfs - ok
23:22:50.0515 1796  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:22:50.0555 1796  cdrom - ok
23:22:50.0625 1796  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:22:50.0685 1796  CertPropSvc - ok
23:22:50.0745 1796  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:22:50.0765 1796  circlass - ok
23:22:50.0795 1796  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:22:50.0815 1796  CLFS - ok
23:22:50.0875 1796  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:22:50.0895 1796  clr_optimization_v2.0.50727_32 - ok
23:22:50.0965 1796  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:22:50.0985 1796  clr_optimization_v4.0.30319_32 - ok
23:22:51.0015 1796  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:22:51.0025 1796  CmBatt - ok
23:22:51.0065 1796  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:22:51.0075 1796  cmdide - ok
23:22:51.0125 1796  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:22:51.0155 1796  CNG - ok
23:22:51.0175 1796  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:22:51.0195 1796  Compbatt - ok
23:22:51.0255 1796  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:22:51.0305 1796  CompositeBus - ok
23:22:51.0335 1796  COMSysApp - ok
23:22:51.0375 1796  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:22:51.0395 1796  crcdisk - ok
23:22:51.0455 1796  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:22:51.0525 1796  CryptSvc - ok
23:22:51.0595 1796  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:22:51.0655 1796  DcomLaunch - ok
23:22:51.0695 1796  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:22:51.0755 1796  defragsvc - ok
23:22:51.0835 1796  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:22:51.0885 1796  DfsC - ok
23:22:51.0965 1796  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:22:52.0025 1796  Dhcp - ok
23:22:52.0055 1796  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:22:52.0115 1796  discache - ok
23:22:52.0155 1796  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:22:52.0165 1796  Disk - ok
23:22:52.0205 1796  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:22:52.0275 1796  Dnscache - ok
23:22:52.0305 1796  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:22:52.0375 1796  dot3svc - ok
23:22:52.0415 1796  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:22:52.0475 1796  DPS - ok
23:22:52.0525 1796  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:22:52.0565 1796  drmkaud - ok
23:22:52.0625 1796  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:22:52.0655 1796  DXGKrnl - ok
23:22:52.0705 1796  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:22:52.0765 1796  EapHost - ok
23:22:52.0885 1796  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:22:53.0015 1796  ebdrv - ok
23:22:53.0065 1796  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:22:53.0145 1796  EFS - ok
23:22:53.0215 1796  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:22:53.0335 1796  ehRecvr - ok
23:22:53.0365 1796  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:22:53.0445 1796  ehSched - ok
23:22:53.0485 1796  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:22:53.0505 1796  elxstor - ok
23:22:53.0525 1796  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:22:53.0565 1796  ErrDev - ok
23:22:53.0625 1796  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:22:53.0695 1796  EventSystem - ok
23:22:53.0725 1796  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:22:53.0785 1796  exfat - ok
23:22:53.0875 1796  Fabs - ok
23:22:53.0905 1796  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:22:53.0965 1796  fastfat - ok
23:22:54.0045 1796  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:22:54.0105 1796  Fax - ok
23:22:54.0155 1796  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:22:54.0176 1796  fdc - ok
23:22:54.0196 1796  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:22:54.0246 1796  fdPHost - ok
23:22:54.0286 1796  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:22:54.0336 1796  FDResPub - ok
23:22:54.0366 1796  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:22:54.0376 1796  FileInfo - ok
23:22:54.0406 1796  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:22:54.0456 1796  Filetrace - ok
23:22:54.0576 1796  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
23:22:54.0706 1796  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:22:54.0706 1796  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:22:54.0746 1796  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:22:54.0786 1796  flpydisk - ok
23:22:54.0826 1796  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:22:54.0846 1796  FltMgr - ok
23:22:54.0946 1796  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
23:22:55.0026 1796  FontCache - ok
23:22:55.0076 1796  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:55.0106 1796  FontCache3.0.0.0 - ok
23:22:55.0126 1796  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:22:55.0136 1796  FsDepends - ok
23:22:55.0166 1796  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:22:55.0186 1796  Fs_Rec - ok
23:22:55.0226 1796  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:22:55.0246 1796  fvevol - ok
23:22:55.0266 1796  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:22:55.0286 1796  gagp30kx - ok
23:22:55.0326 1796  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:22:55.0336 1796  GEARAspiWDM - ok
23:22:55.0386 1796  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
23:22:55.0396 1796  ggflt - ok
23:22:55.0416 1796  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
23:22:55.0426 1796  ggsemc - ok
23:22:55.0476 1796  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:22:55.0576 1796  gpsvc - ok
23:22:55.0716 1796  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:22:55.0736 1796  gupdate - ok
23:22:55.0776 1796  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:22:55.0786 1796  gupdatem - ok
23:22:55.0816 1796  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:22:55.0886 1796  hcw85cir - ok
23:22:55.0926 1796  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:22:55.0976 1796  HdAudAddService - ok
23:22:56.0016 1796  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:22:56.0066 1796  HDAudBus - ok
23:22:56.0116 1796  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
23:22:56.0136 1796  HECI - ok
23:22:56.0156 1796  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:22:56.0196 1796  HidBatt - ok
23:22:56.0236 1796  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:22:56.0286 1796  HidBth - ok
23:22:56.0326 1796  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:22:56.0366 1796  HidIr - ok
23:22:56.0406 1796  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
23:22:56.0476 1796  hidserv - ok
23:22:56.0526 1796  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:22:56.0596 1796  HidUsb - ok
23:22:56.0646 1796  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:22:56.0706 1796  hkmsvc - ok
23:22:56.0756 1796  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:22:56.0846 1796  HomeGroupListener - ok
23:22:56.0886 1796  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:22:56.0956 1796  HomeGroupProvider - ok
23:22:57.0026 1796  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:22:57.0046 1796  HpSAMD - ok
23:22:57.0106 1796  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:22:57.0146 1796  HTTP - ok
23:22:57.0197 1796  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:22:57.0207 1796  hwpolicy - ok
23:22:57.0257 1796  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:22:57.0307 1796  i8042prt - ok
23:22:57.0357 1796  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:22:57.0377 1796  iaStor - ok
23:22:57.0417 1796  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:22:57.0437 1796  IAStorDataMgrSvc - ok
23:22:57.0487 1796  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:22:57.0507 1796  iaStorV - ok
23:22:57.0587 1796  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:57.0637 1796  idsvc - ok
23:22:57.0897 1796  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:22:58.0327 1796  igfx - ok
23:22:58.0347 1796  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:22:58.0357 1796  iirsp - ok
23:22:58.0427 1796  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:22:58.0497 1796  IKEEXT - ok
23:22:58.0557 1796  [ 03C0D99BC2913226F1CEA7CB0D984659 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:22:58.0627 1796  Impcd - ok
23:22:58.0737 1796  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:22:58.0847 1796  IntcAzAudAddService - ok
23:22:58.0917 1796  [ BF31740828A26AB451803E3B35432651 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:22:58.0987 1796  IntcDAud - ok
23:22:59.0017 1796  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:22:59.0027 1796  intelide - ok
23:22:59.0077 1796  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:22:59.0117 1796  intelppm - ok
23:22:59.0157 1796  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:22:59.0207 1796  IPBusEnum - ok
23:22:59.0237 1796  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:22:59.0297 1796  IpFilterDriver - ok
23:22:59.0387 1796  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:22:59.0477 1796  iphlpsvc - ok
23:22:59.0507 1796  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:22:59.0557 1796  IPMIDRV - ok
23:22:59.0597 1796  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:22:59.0657 1796  IPNAT - ok
23:22:59.0807 1796  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:22:59.0837 1796  iPod Service - ok
23:22:59.0917 1796  [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv         C:\Windows\system32\drivers\iPodDrv.sys
23:22:59.0947 1796  iPodDrv ( UnsignedFile.Multi.Generic ) - warning
23:22:59.0947 1796  iPodDrv - detected UnsignedFile.Multi.Generic (1)
23:22:59.0987 1796  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:23:00.0057 1796  IRENUM - ok
23:23:00.0107 1796  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:23:00.0117 1796  isapnp - ok
23:23:00.0147 1796  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:23:00.0167 1796  iScsiPrt - ok
23:23:00.0197 1796  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:23:00.0207 1796  kbdclass - ok
23:23:00.0257 1796  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:23:00.0297 1796  kbdhid - ok
23:23:00.0327 1796  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:23:00.0337 1796  KeyIso - ok
23:23:00.0387 1796  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:23:00.0397 1796  KSecDD - ok
23:23:00.0417 1796  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:23:00.0437 1796  KSecPkg - ok
23:23:00.0467 1796  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:23:00.0527 1796  KtmRm - ok
23:23:00.0587 1796  [ 4566FD5F4416E7FEF3600E4B30D086C3 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
23:23:00.0597 1796  L1C - ok
23:23:00.0657 1796  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:23:00.0727 1796  LanmanServer - ok
23:23:00.0747 1796  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:23:00.0817 1796  LanmanWorkstation - ok
23:23:00.0857 1796  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:23:00.0947 1796  lltdio - ok
23:23:00.0987 1796  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:23:01.0047 1796  lltdsvc - ok
23:23:01.0077 1796  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:23:01.0117 1796  lmhosts - ok
23:23:01.0167 1796  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:23:01.0177 1796  LMS - ok
23:23:01.0227 1796  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:23:01.0237 1796  LSI_FC - ok
23:23:01.0277 1796  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:23:01.0287 1796  LSI_SAS - ok
23:23:01.0307 1796  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:23:01.0327 1796  LSI_SAS2 - ok
23:23:01.0337 1796  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:23:01.0347 1796  LSI_SCSI - ok
23:23:01.0377 1796  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:23:01.0437 1796  luafv - ok
23:23:01.0487 1796  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:23:01.0497 1796  Mcx2Svc - ok
23:23:01.0527 1796  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:23:01.0547 1796  megasas - ok
23:23:01.0577 1796  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:23:01.0597 1796  MegaSR - ok
23:23:01.0627 1796  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:23:01.0687 1796  MMCSS - ok
23:23:01.0757 1796  [ 5B9CA81817E046666E7ABF8B9B101545 ] mod7700         C:\Windows\system32\DRIVERS\mod7700.sys
23:23:01.0777 1796  mod7700 - ok
23:23:01.0807 1796  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:23:01.0877 1796  Modem - ok
23:23:01.0917 1796  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:23:01.0957 1796  monitor - ok
23:23:02.0017 1796  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:23:02.0037 1796  mouclass - ok
23:23:02.0067 1796  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:23:02.0097 1796  mouhid - ok
23:23:02.0157 1796  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:23:02.0167 1796  mountmgr - ok
23:23:02.0237 1796  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:23:02.0257 1796  MozillaMaintenance - ok
23:23:02.0267 1796  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:23:02.0287 1796  mpio - ok
23:23:02.0317 1796  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:23:02.0377 1796  mpsdrv - ok
23:23:02.0427 1796  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:23:02.0507 1796  MpsSvc - ok
23:23:02.0567 1796  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:23:02.0617 1796  MRxDAV - ok
23:23:02.0697 1796  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:02.0797 1796  mrxsmb - ok
23:23:02.0837 1796  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:02.0877 1796  mrxsmb10 - ok
23:23:02.0907 1796  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:02.0967 1796  mrxsmb20 - ok
23:23:03.0017 1796  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:23:03.0037 1796  msahci - ok
23:23:03.0077 1796  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:23:03.0097 1796  msdsm - ok
23:23:03.0117 1796  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:23:03.0157 1796  MSDTC - ok
23:23:03.0187 1796  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:23:03.0227 1796  Msfs - ok
23:23:03.0247 1796  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:23:03.0307 1796  mshidkmdf - ok
23:23:03.0337 1796  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:23:03.0347 1796  msisadrv - ok
23:23:03.0377 1796  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:23:03.0437 1796  MSiSCSI - ok
23:23:03.0447 1796  msiserver - ok
23:23:03.0487 1796  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:23:03.0517 1796  MSKSSRV - ok
23:23:03.0537 1796  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:03.0587 1796  MSPCLOCK - ok
23:23:03.0607 1796  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:23:03.0667 1796  MSPQM - ok
23:23:03.0697 1796  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:23:03.0707 1796  MsRPC - ok
23:23:03.0747 1796  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:23:03.0767 1796  mssmbios - ok
23:23:03.0777 1796  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:23:03.0807 1796  MSTEE - ok
23:23:03.0817 1796  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:23:03.0827 1796  MTConfig - ok
23:23:03.0847 1796  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:23:03.0857 1796  Mup - ok
23:23:03.0897 1796  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:23:03.0987 1796  napagent - ok
23:23:04.0027 1796  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:23:04.0057 1796  NativeWifiP - ok
23:23:04.0107 1796  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:23:04.0127 1796  NDIS - ok
23:23:04.0157 1796  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:23:04.0218 1796  NdisCap - ok
23:23:04.0258 1796  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:23:04.0308 1796  NdisTapi - ok
23:23:04.0378 1796  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:23:04.0448 1796  Ndisuio - ok
23:23:04.0498 1796  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:04.0558 1796  NdisWan - ok
23:23:04.0598 1796  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:23:04.0658 1796  NDProxy - ok
23:23:04.0698 1796  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:23:04.0758 1796  NetBIOS - ok
23:23:04.0808 1796  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:23:04.0878 1796  NetBT - ok
23:23:04.0918 1796  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:23:04.0928 1796  Netlogon - ok
23:23:04.0968 1796  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:23:05.0038 1796  Netman - ok
23:23:05.0068 1796  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:23:05.0108 1796  netprofm - ok
23:23:05.0158 1796  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:23:05.0178 1796  NetTcpPortSharing - ok
23:23:05.0198 1796  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:23:05.0219 1796  nfrd960 - ok
23:23:05.0259 1796  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:23:05.0319 1796  NlaSvc - ok
23:23:05.0339 1796  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:23:05.0379 1796  Npfs - ok
23:23:05.0409 1796  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:23:05.0439 1796  nsi - ok
23:23:05.0459 1796  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:23:05.0519 1796  nsiproxy - ok
23:23:05.0589 1796  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:23:05.0629 1796  Ntfs - ok
23:23:05.0649 1796  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:23:05.0679 1796  Null - ok
23:23:05.0709 1796  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:23:05.0719 1796  nvraid - ok
23:23:05.0749 1796  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:23:05.0769 1796  nvstor - ok
23:23:05.0789 1796  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:23:05.0799 1796  nv_agp - ok
23:23:05.0859 1796  [ 6ED44348CA155A86A5B9802DB2CEBC69 ] NxpCap          C:\Windows\system32\DRIVERS\NxpCap.sys
23:23:05.0959 1796  NxpCap - ok
23:23:06.0009 1796  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:23:06.0049 1796  ohci1394 - ok
23:23:06.0149 1796  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:23:06.0169 1796  ose - ok
23:23:06.0399 1796  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:23:06.0619 1796  osppsvc - ok
23:23:06.0649 1796  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:23:06.0739 1796  p2pimsvc - ok
23:23:06.0769 1796  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:23:06.0819 1796  p2psvc - ok
23:23:06.0849 1796  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:23:06.0889 1796  Parport - ok
23:23:06.0939 1796  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:23:06.0949 1796  partmgr - ok
23:23:06.0969 1796  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:23:07.0009 1796  Parvdm - ok
23:23:07.0049 1796  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:23:07.0089 1796  PcaSvc - ok
23:23:07.0129 1796  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:23:07.0149 1796  pci - ok
23:23:07.0159 1796  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:23:07.0179 1796  pciide - ok
23:23:07.0199 1796  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:23:07.0209 1796  pcmcia - ok
23:23:07.0239 1796  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:23:07.0249 1796  pcw - ok
23:23:07.0279 1796  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:23:07.0349 1796  PEAUTH - ok
23:23:07.0459 1796  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:23:07.0549 1796  pla - ok
23:23:07.0609 1796  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:23:07.0679 1796  PlugPlay - ok
23:23:07.0709 1796  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:23:07.0749 1796  PNRPAutoReg - ok
23:23:07.0779 1796  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:23:07.0799 1796  PNRPsvc - ok
23:23:07.0849 1796  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:23:07.0889 1796  PolicyAgent - ok
23:23:07.0929 1796  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:23:07.0969 1796  Power - ok
23:23:07.0999 1796  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:23:08.0029 1796  PptpMiniport - ok
23:23:08.0049 1796  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:23:08.0069 1796  Processor - ok
23:23:08.0129 1796  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:23:08.0199 1796  ProfSvc - ok
23:23:08.0219 1796  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:23:08.0229 1796  ProtectedStorage - ok
23:23:08.0259 1796  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:23:08.0319 1796  Psched - ok
23:23:08.0359 1796  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:23:08.0379 1796  PSI_SVC_2 - ok
23:23:08.0439 1796  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:23:08.0479 1796  ql2300 - ok
23:23:08.0489 1796  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:23:08.0509 1796  ql40xx - ok
23:23:08.0539 1796  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:23:08.0559 1796  QWAVE - ok
23:23:08.0569 1796  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:23:08.0579 1796  QWAVEdrv - ok
23:23:08.0609 1796  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:23:08.0669 1796  RasAcd - ok
23:23:08.0709 1796  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:23:08.0769 1796  RasAgileVpn - ok
23:23:08.0789 1796  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:23:08.0829 1796  RasAuto - ok
23:23:08.0849 1796  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:23:08.0909 1796  Rasl2tp - ok
23:23:08.0949 1796  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:23:09.0009 1796  RasMan - ok
23:23:09.0049 1796  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:23:09.0099 1796  RasPppoe - ok
23:23:09.0149 1796  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:23:09.0199 1796  RasSstp - ok
23:23:09.0260 1796  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:23:09.0320 1796  rdbss - ok
23:23:09.0360 1796  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:23:09.0400 1796  rdpbus - ok
23:23:09.0440 1796  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:23:09.0490 1796  RDPCDD - ok
23:23:09.0540 1796  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:23:09.0590 1796  RDPENCDD - ok
23:23:09.0610 1796  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:23:09.0640 1796  RDPREFMP - ok
23:23:09.0680 1796  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:23:09.0740 1796  RDPWD - ok
23:23:09.0800 1796  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:23:09.0820 1796  rdyboost - ok
23:23:09.0850 1796  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:23:09.0880 1796  RemoteAccess - ok
23:23:09.0920 1796  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:23:09.0980 1796  RemoteRegistry - ok
23:23:10.0010 1796  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:23:10.0070 1796  RpcEptMapper - ok
23:23:10.0090 1796  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:23:10.0130 1796  RpcLocator - ok
23:23:10.0170 1796  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:23:10.0210 1796  RpcSs - ok
23:23:10.0240 1796  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:23:10.0300 1796  rspndr - ok
23:23:10.0360 1796  [ A633399432491BB173BB3CF3B41B9C55 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
23:23:10.0380 1796  RSUSBSTOR - ok
23:23:10.0420 1796  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
23:23:10.0450 1796  rtl8192se - ok
23:23:10.0490 1796  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
23:23:10.0510 1796  s0016bus - ok
23:23:10.0530 1796  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
23:23:10.0540 1796  s0016mdfl - ok
23:23:10.0560 1796  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
23:23:10.0580 1796  s0016mdm - ok
23:23:10.0590 1796  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
23:23:10.0600 1796  s0016mgmt - ok
23:23:10.0620 1796  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
23:23:10.0630 1796  s0016nd5 - ok
23:23:10.0660 1796  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
23:23:10.0670 1796  s0016obex - ok
23:23:10.0710 1796  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
23:23:10.0720 1796  s0016unic - ok
23:23:10.0740 1796  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:23:10.0750 1796  SamSs - ok
23:23:10.0760 1796  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:23:10.0780 1796  sbp2port - ok
23:23:10.0810 1796  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:23:10.0840 1796  SCardSvr - ok
23:23:10.0870 1796  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:23:10.0930 1796  scfilter - ok
23:23:11.0000 1796  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:23:11.0060 1796  Schedule - ok
23:23:11.0090 1796  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:23:11.0120 1796  SCPolicySvc - ok
23:23:11.0180 1796  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:23:11.0280 1796  SDRSVC - ok
23:23:11.0320 1796  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:23:11.0380 1796  secdrv - ok
23:23:11.0410 1796  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:23:11.0480 1796  seclogon - ok
23:23:11.0510 1796  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
23:23:11.0560 1796  SENS - ok
23:23:11.0580 1796  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:23:11.0670 1796  SensrSvc - ok
23:23:11.0720 1796  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:23:11.0750 1796  Serenum - ok
23:23:11.0810 1796  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:23:11.0850 1796  Serial - ok
23:23:11.0900 1796  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:23:11.0910 1796  sermouse - ok
23:23:11.0970 1796  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:23:12.0040 1796  SessionEnv - ok
23:23:12.0080 1796  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:23:12.0140 1796  sffdisk - ok
23:23:12.0170 1796  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:23:12.0210 1796  sffp_mmc - ok
23:23:12.0230 1796  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:23:12.0250 1796  sffp_sd - ok
23:23:12.0270 1796  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:23:12.0300 1796  sfloppy - ok
23:23:12.0350 1796  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:23:12.0420 1796  SharedAccess - ok
23:23:12.0450 1796  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:23:12.0510 1796  ShellHWDetection - ok
23:23:12.0550 1796  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:23:12.0560 1796  sisagp - ok
23:23:12.0590 1796  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:23:12.0600 1796  SiSRaid2 - ok
23:23:12.0610 1796  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:23:12.0620 1796  SiSRaid4 - ok
23:23:12.0710 1796  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:23:12.0790 1796  SkypeUpdate - ok
23:23:12.0820 1796  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:23:12.0850 1796  Smb - ok
23:23:12.0890 1796  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:23:12.0930 1796  SNMPTRAP - ok
23:23:13.0070 1796  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
23:23:13.0100 1796  Sony PC Companion - ok
23:23:13.0110 1796  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:23:13.0130 1796  spldr - ok
23:23:13.0190 1796  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:23:13.0220 1796  Spooler - ok
23:23:13.0330 1796  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:23:13.0460 1796  sppsvc - ok
23:23:13.0530 1796  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:23:13.0580 1796  sppuinotify - ok
23:23:13.0620 1796  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:23:13.0680 1796  srv - ok
23:23:13.0700 1796  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:23:13.0750 1796  srv2 - ok
23:23:13.0780 1796  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:23:13.0820 1796  srvnet - ok
23:23:13.0860 1796  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:23:13.0920 1796  SSDPSRV - ok
23:23:13.0970 1796  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:23:13.0980 1796  ssmdrv - ok
23:23:13.0990 1796  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:23:14.0050 1796  SstpSvc - ok
23:23:14.0090 1796  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:23:14.0100 1796  stexstor - ok
23:23:14.0160 1796  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:23:14.0231 1796  StiSvc - ok
23:23:14.0281 1796  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:23:14.0301 1796  swenum - ok
23:23:14.0331 1796  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:23:14.0371 1796  swprv - ok
23:23:14.0411 1796  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:23:14.0431 1796  SynTP - ok
23:23:14.0501 1796  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:23:14.0541 1796  SysMain - ok
23:23:14.0571 1796  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:23:14.0601 1796  TabletInputService - ok
23:23:14.0631 1796  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:23:14.0671 1796  TapiSrv - ok
23:23:14.0701 1796  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:23:14.0751 1796  TBS - ok
23:23:14.0851 1796  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:23:14.0891 1796  Tcpip - ok
23:23:14.0911 1796  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:23:14.0941 1796  TCPIP6 - ok
23:23:15.0001 1796  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:23:15.0041 1796  tcpipreg - ok
23:23:15.0081 1796  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:23:15.0151 1796  TDPIPE - ok
23:23:15.0191 1796  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:23:15.0231 1796  TDTCP - ok
23:23:15.0281 1796  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:23:15.0331 1796  tdx - ok
23:23:15.0381 1796  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:23:15.0391 1796  TermDD - ok
23:23:15.0431 1796  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:23:15.0511 1796  TermService - ok
23:23:15.0541 1796  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:23:15.0581 1796  Themes - ok
23:23:15.0601 1796  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:23:15.0641 1796  THREADORDER - ok
23:23:15.0661 1796  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:23:15.0721 1796  TrkWks - ok
23:23:15.0801 1796  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:23:15.0841 1796  TrustedInstaller - ok
23:23:15.0891 1796  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:15.0971 1796  tssecsrv - ok
23:23:16.0031 1796  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:23:16.0081 1796  TsUsbFlt - ok
23:23:16.0171 1796  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:23:16.0231 1796  tunnel - ok
23:23:16.0262 1796  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:23:16.0272 1796  uagp35 - ok
23:23:16.0292 1796  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:23:16.0362 1796  udfs - ok
23:23:16.0402 1796  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:23:16.0442 1796  UI0Detect - ok
23:23:16.0512 1796  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:23:16.0522 1796  uliagpkx - ok
23:23:16.0532 1796  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
23:23:16.0552 1796  umbus - ok
23:23:16.0582 1796  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:23:16.0622 1796  UmPass - ok
23:23:16.0732 1796  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:23:16.0792 1796  UNS - ok
23:23:16.0832 1796  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:23:16.0872 1796  upnphost - ok
23:23:16.0912 1796  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:16.0982 1796  usbccgp - ok
23:23:17.0002 1796  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:23:17.0042 1796  usbcir - ok
23:23:17.0072 1796  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:23:17.0092 1796  usbehci - ok
23:23:17.0102 1796  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:23:17.0152 1796  usbhub - ok
23:23:17.0192 1796  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:23:17.0232 1796  usbohci - ok
23:23:17.0292 1796  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:23:17.0312 1796  usbprint - ok
23:23:17.0352 1796  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:23:17.0402 1796  usbscan - ok
23:23:17.0422 1796  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:23:17.0502 1796  USBSTOR - ok
23:23:17.0542 1796  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:23:17.0582 1796  usbuhci - ok
23:23:17.0622 1796  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:23:17.0652 1796  usbvideo - ok
23:23:17.0672 1796  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:23:17.0732 1796  UxSms - ok
23:23:17.0762 1796  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:23:17.0772 1796  VaultSvc - ok
23:23:17.0802 1796  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:23:17.0812 1796  vdrvroot - ok
23:23:17.0862 1796  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:23:17.0932 1796  vds - ok
23:23:17.0962 1796  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:23:17.0982 1796  vga - ok
23:23:18.0002 1796  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:23:18.0032 1796  VgaSave - ok
23:23:18.0072 1796  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:23:18.0082 1796  vhdmp - ok
23:23:18.0102 1796  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:23:18.0112 1796  viaagp - ok
23:23:18.0132 1796  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:23:18.0172 1796  ViaC7 - ok
23:23:18.0202 1796  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:23:18.0222 1796  viaide - ok
23:23:18.0242 1796  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:23:18.0252 1796  volmgr - ok
23:23:18.0282 1796  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:23:18.0302 1796  volmgrx - ok
23:23:18.0322 1796  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:23:18.0332 1796  volsnap - ok
23:23:18.0352 1796  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:23:18.0362 1796  vsmraid - ok
23:23:18.0432 1796  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:23:18.0492 1796  VSS - ok
23:23:18.0522 1796  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:23:18.0572 1796  vwifibus - ok
23:23:18.0612 1796  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:23:18.0632 1796  vwififlt - ok
23:23:18.0652 1796  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:23:18.0672 1796  vwifimp - ok
23:23:18.0702 1796  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:23:18.0772 1796  W32Time - ok
23:23:18.0812 1796  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:23:18.0852 1796  WacomPen - ok
23:23:18.0892 1796  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:23:18.0952 1796  WANARP - ok
23:23:18.0952 1796  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:23:18.0992 1796  Wanarpv6 - ok
23:23:19.0042 1796  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:23:19.0082 1796  wbengine - ok
23:23:19.0102 1796  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:23:19.0152 1796  WbioSrvc - ok
23:23:19.0192 1796  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:23:19.0262 1796  wcncsvc - ok
23:23:19.0292 1796  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:23:19.0332 1796  WcsPlugInService - ok
23:23:19.0372 1796  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:23:19.0382 1796  Wd - ok
23:23:19.0422 1796  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:23:19.0452 1796  Wdf01000 - ok
23:23:19.0472 1796  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:23:19.0552 1796  WdiServiceHost - ok
23:23:19.0562 1796  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:23:19.0572 1796  WdiSystemHost - ok
23:23:19.0622 1796  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:23:19.0662 1796  WebClient - ok
23:23:19.0702 1796  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:23:19.0742 1796  Wecsvc - ok
23:23:19.0752 1796  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:23:19.0812 1796  wercplsupport - ok
23:23:19.0842 1796  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:23:19.0902 1796  WerSvc - ok
23:23:19.0942 1796  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:23:19.0972 1796  WfpLwf - ok
23:23:19.0992 1796  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:23:20.0002 1796  WIMMount - ok
23:23:20.0072 1796  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:23:20.0132 1796  WinDefend - ok
23:23:20.0142 1796  WinHttpAutoProxySvc - ok
23:23:20.0202 1796  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:23:20.0262 1796  Winmgmt - ok
23:23:20.0322 1796  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:23:20.0402 1796  WinRM - ok
23:23:20.0482 1796  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:23:20.0532 1796  WinUsb - ok
23:23:20.0602 1796  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
23:23:20.0612 1796  WisLMSvc - ok
23:23:20.0652 1796  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:23:20.0722 1796  Wlansvc - ok
23:23:20.0822 1796  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:23:20.0862 1796  wlidsvc - ok
23:23:20.0922 1796  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:23:20.0972 1796  WmiAcpi - ok
23:23:21.0022 1796  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:23:21.0072 1796  wmiApSrv - ok
23:23:21.0172 1796  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:23:21.0292 1796  WMPNetworkSvc - ok
23:23:21.0322 1796  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:23:21.0352 1796  WPCSvc - ok
23:23:21.0402 1796  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:23:21.0482 1796  WPDBusEnum - ok
23:23:21.0512 1796  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:23:21.0582 1796  ws2ifsl - ok
23:23:21.0622 1796  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
23:23:21.0672 1796  wscsvc - ok
23:23:21.0672 1796  WSearch - ok
23:23:21.0772 1796  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:23:21.0832 1796  wuauserv - ok
23:23:21.0852 1796  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:23:21.0872 1796  WudfPf - ok
23:23:21.0892 1796  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:23:21.0942 1796  WUDFRd - ok
23:23:21.0992 1796  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:23:22.0032 1796  wudfsvc - ok
23:23:22.0092 1796  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:23:22.0122 1796  WwanSvc - ok
23:23:22.0182 1796  [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
23:23:22.0202 1796  X10Hid - ok
23:23:22.0232 1796  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
23:23:22.0242 1796  x10nets ( UnsignedFile.Multi.Generic ) - warning
23:23:22.0242 1796  x10nets - detected UnsignedFile.Multi.Generic (1)
23:23:22.0252 1796  [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
23:23:22.0262 1796  XUIF - ok
23:23:22.0292 1796  ================ Scan global ===============================
23:23:22.0342 1796  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:23:22.0392 1796  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:23:22.0402 1796  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:23:22.0412 1796  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:23:22.0442 1796  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:23:22.0452 1796  [Global] - ok
23:23:22.0452 1796  ================ Scan MBR ==================================
23:23:22.0462 1796  [ 2E0FE7FC299470E30383716B164CF901 ] \Device\Harddisk0\DR0
23:23:25.0483 1796  \Device\Harddisk0\DR0 - ok
23:23:25.0483 1796  ================ Scan VBR ==================================
23:23:25.0483 1796  [ 43B7F22CBEDED9EB79DF3DE9BC0BDCEC ] \Device\Harddisk0\DR0\Partition1
23:23:25.0493 1796  \Device\Harddisk0\DR0\Partition1 - ok
23:23:25.0523 1796  [ E1F4CAC441C5D581E9F22C7DB53CA607 ] \Device\Harddisk0\DR0\Partition2
23:23:25.0533 1796  \Device\Harddisk0\DR0\Partition2 - ok
23:23:25.0563 1796  [ 7D3B8B28F175E6798FF316D400457ADF ] \Device\Harddisk0\DR0\Partition3
23:23:25.0573 1796  \Device\Harddisk0\DR0\Partition3 - ok
23:23:25.0573 1796  ============================================================
23:23:25.0573 1796  Scan finished
23:23:25.0573 1796  ============================================================
23:23:25.0573 0976  Detected object count: 3
23:23:25.0573 0976  Actual detected object count: 3
23:24:10.0052 0976  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:24:10.0052 0976  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:24:10.0052 0976  iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:24:10.0052 0976  iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:24:10.0052 0976  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:24:10.0052 0976  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 12.05.2013, 22:34

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Birschu · 14.05.2013, 19:58

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by *** on 14.05.2013 at 20:10:07,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\opencandy"



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\minidumps [211 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2013 at 20:11:21,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 14/05/2013 um 20:13:29 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\searchplugins\11-suche.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1359 octets] - [14/05/2013 20:13:29]

########## EOF - C:\AdwCleaner[S1].txt - [1419 octets] ##########

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2013 20:19:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 59,09% Memory free
5,73 Gb Paging File | 4,39 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 217,81 Gb Free Space | 81,58% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\***~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{34C25CAE-683B-47D4-AAA0-856CFB42208D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{5E563452-E8D2-491E-8793-9691F5D196EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M]
 
[2010.08.22 16:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.14 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions
[2013.02.23 16:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.14 20:04:27 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\extensions\toolbar@web.de.xpi
[2013.05.14 20:04:31 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\englische-ergebnisse.xml
[2013.05.14 20:04:31 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\gmx-suche.xml
[2013.05.14 20:04:31 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\lastminute.xml
[2013.05.14 20:04:31 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\webde-suche.xml
[2013.04.11 21:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.11 21:47:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.11 21:47:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.29 16:17:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 20:43:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.29 16:17:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.29 16:17:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.29 16:17:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.29 16:17:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.10 22:13:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Birte Schulenburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84F95E93-CFB7-4836-AA94-CA8AB71B56DC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.14 20:10:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.14 20:09:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.14 20:09:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.12 23:21:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.12 23:20:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe.part
[2013.05.12 22:43:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.11 16:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.11 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.05.10 22:15:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.10 22:15:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.10 22:15:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.05.10 22:02:32 | 005,068,844 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.05.10 21:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.10 21:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.10 21:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.10 21:24:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.10 21:23:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.10 17:31:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.09 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Urlaub
[2013.05.07 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pave
[2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hirol
[2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 20:22:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 20:22:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 20:20:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.14 20:20:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.14 20:20:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.14 20:20:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.14 20:14:55 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.14 20:14:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 20:14:40 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 20:12:51 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.14 20:09:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.14 20:02:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.12 23:21:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.12 23:20:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe.part
[2013.05.12 23:20:15 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.05.12 22:44:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.11 16:36:40 | 012,917,756 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip
[2013.05.11 16:08:40 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.10 22:13:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.10 22:02:51 | 005,068,844 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.05.10 17:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.09 12:40:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.09 12:40:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.07 18:56:19 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.19 23:41:23 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.16 22:06:15 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.14 20:12:51 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.12 23:20:15 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.05.11 16:36:40 | 012,917,756 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip
[2013.05.11 16:08:40 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.10 21:24:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.10 21:24:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.10 21:24:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.10 21:24:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.10 21:24:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.09 12:01:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.16 22:06:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.16 22:06:15 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2011.01.25 21:51:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2013 20:19:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 59,09% Memory free
5,73 Gb Paging File | 4,39 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 217,81 Gb Free Space | 81,58% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
 
Computer Name: BIRTE-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D2B00194-CDC6-41D2-B6E2-031348AA6A84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0470F7F3-087F-430D-BD3A-0E96568C7556}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{07A596CD-E869-4383-9067-B2084A82B0A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2556ED4F-6084-4AE3-9435-76B021AEBBCA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{281AC749-6665-48B6-9D0D-DEC1E2E9DF18}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{76BDD44B-9D6F-4D81-A170-F95BC3042B3B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{CCB25877-DE0F-40B1-B8D5-62667107302C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA16BA91-AD6B-47AE-BAB2-19C176B2F7CA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{EEF61AC1-5102-4CB7-8103-046C28F8590E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"ElsterFormular" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Upgrade
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
 
< End of report >

--- --- ---

cosinus · 15.05.2013, 10:22

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Birschu · 16.05.2013, 20:55

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.15.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

16.05.2013 20:32:37
mbam-log-2013-05-16 (20-32-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216978
Laufzeit: 5 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6810630dbf65ce43b468887ca530c8ff
# engine=13847
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-16 08:11:27
# local_time=2013-05-16 10:11:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1800 16775165 100 97 6784 234154740 0 0
# compatibility_mode=5893 16776573 100 94 6167 120366278 0 0
# scanned=148488
# found=0
# cleaned=0
# scan_time=5496

cosinus · 16.05.2013, 21:26

Hm, wolltest du nicht einen Vollscan mit MBAM machen?

Birschu · 18.05.2013, 09:29

Ups, ja stimmt. Hier jetzt die Datei vom vollständigen Scan:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

18.05.2013 09:23:05
mbam-log-2013-05-18 (09-23-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356492
Laufzeit: 1 Stunde(n), 20 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 19.05.2013, 01:53

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Birschu · 19.05.2013, 10:02

Ich denke, jetzt ist alles wieder ok - vielen Dank für die tolle Hilfe und die Geduld!!!

Die Links zu den Cookiemanagern werde ich mir mal anschauen. Und dann hoffe ich, dass jetzt erstmal alles sauber bleibt.
Kann ich gentlich die ganzen Scan-Programme, die ich mir runtergeladen habe, installiert lassen oder sollte ich sie lieber wieder deinstallieren?

cosinus · 19.05.2013, 19:58

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

12.05.2013, 21:54	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Merkwürdige TAN-Abfrage nach Login bei Online-Banking Bitte lies die Anleitungen vollständig! Es gibt einen Hinweis unten zu aswMBR! __________________ __________________

16.05.2013, 21:26	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hm, wolltest du nicht einen Vollscan mit MBAM machen? __________________ Logfiles bitte immer in CODE-Tags posten

Merkwürdige TAN-Abfrage nach Login bei Online-Banking

Plagegeister aller Art und deren Bekämpfung: Merkwürdige TAN-Abfrage nach Login bei Online-Banking