Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Anti Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.05.2013, 13:06   #1
red_angel
 
System Anti Virus - Standard

System Anti Virus



Hallo, liebe Helfer,
auch ich habe mir System Care Antivirus eingefangen.
Der Administratoraccount kommt nicht mehr ins Internet.
Ich habe nun aber gelesen, man soll nicht die Hinweise der anderen Threads befolgen, daher habe ich erstmal nichts gemacht, außer Punkt 2, Schritt 1 und 2 der Anleitung.

OTL.txt

OTL logfile created on: 24.05.2013 12:50:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free
1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS

Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.24 12:49:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teilnehmer\Desktop\OTL.exe
PRC - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.02.02 01:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 01:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.02 03:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe
MOD - [2010.02.18 09:51:27 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - [2013.04.16 17:47:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.09 18:48:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056C60D5-8BBE-463E-A15C-0A905ABC7CB1}\MpKsle2e68444.sys -- (MpKsle2e68444)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC21CF-9A9B-4DFE-BD30-7E843138E57F}\MpKsld6d4cfda.sys -- (MpKsld6d4cfda)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669806A4-7F9A-45C1-A7CE-2D56ED51AA98}\MpKslcf90afa7.sys -- (MpKslcf90afa7)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BDAE7A8-7C27-4ABA-B80F-2F50663CAF46}\MpKslccbc9a8b.sys -- (MpKslccbc9a8b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A87641E7-074B-421E-A51F-33D7D46F5164}\MpKslb0fa1f9a.sys -- (MpKslb0fa1f9a)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{959A5DFF-6FAC-4F9E-B0AB-B4D63015F2AE}\MpKsl9f126476.sys -- (MpKsl9f126476)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7A43E73-EE7A-49B9-8527-2D7C42E2FF4C}\MpKsl7b710871.sys -- (MpKsl7b710871)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60CD31B5-34FE-46A1-A8C3-727EA82A8245}\MpKsl7237ef53.sys -- (MpKsl7237ef53)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D34291F-34D8-48FE-8ED6-682855D1DAEB}\MpKsl6a532c04.sys -- (MpKsl6a532c04)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5C55BAF-D378-451A-AE3A-A3F13B7A52B1}\MpKsl35d48099.sys -- (MpKsl35d48099)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl2013e79b.sys -- (MpKsl2013e79b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EEA5D51-DD77-4592-8F94-1963CBD54F7D}\MpKsl0f5e3759.sys -- (MpKsl0f5e3759)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl0b0b7015.sys -- (MpKsl0b0b7015)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8A35E2A-8355-4AF8-B14C-5F7E00B5ED80}\MpKsl0128d60a.sys -- (MpKsl0128d60a)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dozent\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009.09.28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.16 16:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.05.13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.05.01 15:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.04.30 21:08:30 | 000,210,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lernstudio-barbarossa.de/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=190712_n_mont_3012_6&babsrc=SP_ss&mntrId=a49549d000000000000090e6ba7bcb72
IE - HKCU\..\SearchScopes\{27CE8DB3-8045-46BD-8403-1D24B79650CB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE485
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8zX7xrLh&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=&SearchSource=2"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.26 13:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Extensions
[2013.02.20 16:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions
[2012.11.28 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}.oldbackup
[2013.02.20 16:08:36 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\sparpilot@sparpilot.com
[2013.01.23 15:24:07 | 000,001,050 | ---- | M] () -- C:\Users\Dozent\AppData\Roaming\mozilla\firefox\profiles\t9wogsya.default\searchplugins\web-search-customized-web-search.xml
[2013.04.16 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.16 17:47:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.22 15:25:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.22 15:25:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.22 15:25:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.22 15:25:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.22 15:25:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.22 15:25:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\RunOnce: [A49C15FB3DB849D00000A49B71654F53] C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe ()
O4 - Startup: C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Downloader.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E455B332-9A38-4180-ABCE-BAE71CE83ADE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.24 12:46:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe
[2013.05.22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.22 15:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53
[2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
[2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
[2013.05.15 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Dozent\Documents\Expert CAE CD-ROM
[2013.04.24 14:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.24 14:02:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.24 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2013.05.24 12:46:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe
[2013.05.24 12:43:21 | 000,000,000 | ---- | M] () -- C:\Users\Dozent\defogger_reenable
[2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 12:20:53 | 704,081,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 15:11:49 | 000,002,048 | ---- | M] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk
[2013.05.16 11:50:08 | 000,483,346 | ---- | M] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF
[2013.05.15 12:01:46 | 000,659,798 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.15 12:01:46 | 000,621,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.15 12:01:46 | 000,132,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.15 12:01:46 | 000,108,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.24 14:03:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk

========== Files Created - No Company Name ==========

[2013.05.24 12:43:21 | 000,000,000 | ---- | C] () -- C:\Users\Dozent\defogger_reenable
[2013.05.22 15:11:48 | 000,002,048 | ---- | C] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk
[2013.05.16 11:49:56 | 000,483,346 | ---- | C] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF
[2013.04.24 14:03:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.22 08:45:41 | 000,002,707 | ---- | C] () -- C:\Users\Dozent\.recently-used.xbel
[2013.02.28 17:15:40 | 000,000,311 | ---- | C] () -- C:\Users\Dozent\.authorrc1
[2012.08.27 12:31:50 | 000,000,002 | ---- | C] () -- C:\Users\Dozent\uz.dat
[2012.07.02 13:24:23 | 000,000,074 | ---- | C] () -- C:\Users\Dozent\geonext.ini
[2010.02.18 09:57:27 | 000,001,444 | ---- | C] () -- C:\Users\Dozent\.zir.cfg
[2010.02.17 14:21:25 | 000,000,680 | RHS- | C] () -- C:\Users\Dozent\ntuser.pol

========== ZeroAccess Check ==========

[2013.01.17 18:56:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB43389$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P6PTQQTG\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.08.27 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Azureus
[2012.07.10 17:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Babylon
[2013.05.22 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Canon
[2013.03.21 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Diron
[2013.02.20 16:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\DynaGeo
[2013.04.09 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Ekexi
[2012.06.19 12:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\EPSON
[2013.04.22 08:45:41 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\gtk-2.0
[2010.02.18 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\KompoZer
[2012.04.25 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\mathegrafix
[2012.06.26 21:45:54 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OmegaT
[2010.02.18 09:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OpenOffice.org
[2013.04.03 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Yhdon
[2012.07.10 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB43389$] -> Error: Cannot create file handle -> Unknown point type

< End of report >




Extra.txt

OTL Extras logfile created on: 24.05.2013 12:50:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free
1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS

Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E931A51-A183-4E66-8562-D82896E74C67}" = BCool Gadget
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Calc 3D Pro_is1" = Calc 3D Pro 2.1.10
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DynaGeo_is1" = DynaGeo 3.8
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series
"Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch
"f(x)-Viewer_is1" = f(x)-Viewer 2.0.1
"GEONExT_is1" = GEONExT 1.74
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KompoZer_is1" = KompoZer 0.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MatheGrafix 9_is1" = MatheGrafix 9 (Version 9.50)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OmegaT 2.5.5_is1" = OmegaT version 2.5.5
"PROHYBRIDR" = 2007 Microsoft Office system
"TIPP10_is1" = TIPP10 Version 2.0.3
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Z.u.L._is1" = Z.u.L. Version 9.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DirectDownloader" = DirectDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2013 11:06:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ~!#5C72.tmp, Version: 5.1.2600.0,
Zeitstempel: 0x51671b05 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012ff96 ID des fehlerhaften
Prozesses: 0x600 Startzeit der fehlerhaften Anwendung: 0x01ce378f49567d38 Pfad der
fehlerhaften Anwendung: C:\Users\TEILNE~1\AppData\Local\Temp\~!#5C72.tmp Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 8851a058-a382-11e2-ba7f-90e6ba7bcb72

Error - 18.04.2013 10:15:26 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x012ea594 ID des fehlerhaften
Prozesses: 0x974 Startzeit der fehlerhaften Anwendung: 0x01ce3c3f01077820 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6a0a5770-a832-11e2-bf36-90e6ba7bcb72

Error - 18.04.2013 10:23:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x004ea594 ID des fehlerhaften
Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01ce3c3ffe819350 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 850774a8-a833-11e2-bf36-90e6ba7bcb72

Error - 23.04.2013 04:02:46 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000d059 ID des fehlerhaften
Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0x01ce3ff8667132e8 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: 2ea72268-abec-11e2-bd28-90e6ba7bcb72

Error - 15.05.2013 05:57:12 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0xca8 Startzeit der fehlerhaften Anwendung: 0x01ce5143a7dd50e8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: cff095e0-bd45-11e2-ba20-90e6ba7bcb72

Error - 15.05.2013 07:14:38 | Computer Name = PC-Raum-1 | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fc4 Startzeit: 01ce5159be434958 Endzeit: 6 Anwendungspfad: C:\Program
Files\Windows Media Player\wmplayer.exe Berichts-ID:

Error - 15.05.2013 10:15:13 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften
Prozesses: 0x92c Startzeit der fehlerhaften Anwendung: 0x01ce517593be0d14 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: db27a574-bd69-11e2-b114-90e6ba7bcb72

Error - 22.05.2013 03:01:19 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften
Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0x01ce56b8eb6ca460 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: 66cd4eb0-c2ad-11e2-a14d-90e6ba7bcb72

Error - 22.05.2013 09:12:18 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650a74 Name des fehlerhaften Moduls: NPSWF32_11_5_502_146.dll,
Version: 11.5.502.146, Zeitstempel: 0x50cfc317 Ausnahmecode: 0x80000003 Fehleroffset:
0x0032fded ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung:
0x01ce56ba5a7313c0 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
Berichtskennung:
3a80c36c-c2e1-11e2-a14d-90e6ba7bcb72

Error - 24.05.2013 06:43:34 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
Zeitstempel: 0x4d6878c3 Name des fehlerhaften Moduls: MediaShellOverlays.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4ff471b8 Ausnahmecode: 0xc0000005 Fehleroffset:
0x6de0c225 ID des fehlerhaften Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung:
0x01ce586923a76390 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad
des fehlerhaften Moduls: MediaShellOverlays.dll Berichtskennung: c7f1628c-c45e-11e2-b2ea-90e6ba7bcb72

[ Media Center Events ]
Error - 08.12.2012 04:07:29 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 09:07:28 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
09:07:28
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 08.12.2012 04:07:30 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 09:07:30 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 10.12.2012 11:07:46 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 16:07:45 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
16:07:45
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 10.12.2012 11:07:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 16:07:48 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 11.12.2012 10:25:37 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 15:25:27 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
15:25:29
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 11.12.2012 10:26:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 15:25:39 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 12.12.2012 06:59:19 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 11:59:18 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
11:59:18
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 12.12.2012 06:59:25 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 11:59:20 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 13.12.2012 08:47:08 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 13:47:07 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
13:47:08
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 13.12.2012 08:47:09 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 13:47:09 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

[ OSession Events ]
Error - 01.09.2010 11:59:26 | Computer Name = PC-Raum-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7726
seconds with 6720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.05.2013 11:35:32 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 16.05.2013 06:36:34 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 16.05.2013 13:47:51 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 22.05.2013 09:15:37 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 22.05.2013 11:39:44 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010
Description =

Error - 22.05.2013 11:42:18 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 23.05.2013 10:23:56 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 24.05.2013 06:26:03 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010
Description =


< End of report >


Gmer.txt

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-24 14:01:29
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\00000032 WDC_WD16 rev.01.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dozent\AppData\Local\Temp\ufrirpob.sys


---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83683599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836A8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc C:\Windows\system32\DRIVERS\cdrom.sys section is executable [0x8B877000, 0x5AEE, 0x68000020]
? C:\Windows\system32\DRIVERS\cdrom.sys suspicious PE modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\svchost.exe[1336] user32.dll!GetCursorPos 770AC198 5 Bytes JMP 001B000A
.text C:\Windows\System32\svchost.exe[1336] user32.dll!DialogBoxIndirectParamAorW 770D551D 5 Bytes JMP 001C000A
.text C:\Windows\System32\svchost.exe[1336] ole32.dll!CoCreateInstance 773A590C 5 Bytes JMP 001A000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!CharToOemA + 3A 770AB1DE 7 Bytes JMP 663C43E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!AdjustWindowRectEx + 117 770B660F 7 Bytes JMP 663C4375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!GetWindowInfo 770B6A82 5 Bytes JMP 6600E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!MenuItemFromPoint + F 770D4B36 7 Bytes JMP 6600E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!wcsncmp + 33B 77B7F420 7 Bytes JMP 65E36D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7726C057 7 Bytes JMP 6618D713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!CloseHandle + 38 7727058F 7 Bytes JMP 6618D736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!GetExitCodeProcess + 2C 772730DD 7 Bytes JMP 65E51C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] GDI32.dll!GetViewportOrgEx + 21C 773085EB 7 Bytes JMP 6618D694 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptAddRefLruEntry + 209E 75D4C679 7 Bytes JMP 005CF630
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptEnumMatchingLruEntries + 188B 75D4E505 7 Bytes JMP 005CF6A0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + 6 77B646B6 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + B 77B646BB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + 6 77B646F6 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + B 77B646FB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + 6 77B64736 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + B 77B6473B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + 6 77B647D6 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + B 77B647DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtMapViewOfSection + B 77B64D1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + 6 77B64DC6 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + B 77B64DCB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + 6 77B64DF6 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + B 77B64DFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKeyEx + B 77B64E0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + 6 77B64E46 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + B 77B64E4B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + B 77B64E7B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + B 77B64E8B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + 6 77B64E96 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + B 77B64E9B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenSection + B 77B64EBB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + B 77B64EFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + 6 77B64F06 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + B 77B64F0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + 6 77B64F16 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + B 77B64F1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + 6 77B65026 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + B 77B6502B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryFullAttributesFile + B 77B650DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + 6 77B65726 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + B 77B6572B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + 6 77B65786 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + B 77B6578B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + 6 77B65AA6 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + B 77B65AAB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessW 7722202D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessA 77222062 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectObject 773061D0 5 Bytes JMP 001505F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextColor 77306622 5 Bytes JMP 00150A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetBkMode 773066CD 5 Bytes JMP 001508F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteObject 773068B4 5 Bytes JMP 001501B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteDC 77306A2C 5 Bytes JMP 00150170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtSelectClipRgn 77306C72 5 Bytes JMP 001502F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipRgn 77306D84 5 Bytes JMP 001505B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetDeviceCaps 77306E03 5 Bytes JMP 001503B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetStretchBltMode 773073CE 5 Bytes JMP 001506B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetCurrentObject 7730777C 5 Bytes JMP 00150370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsW 7730798F 5 Bytes JMP 00150E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!IntersectClipRect 77307CCA 5 Bytes JMP 001503F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextAlign 77307D15 5 Bytes JMP 00150D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextAlign 77307F92 5 Bytes JMP 001509F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutW 77308053 5 Bytes JMP 00150970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetClipBox 773081F2 5 Bytes JMP 00150330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!MoveToEx 77308A16 5 Bytes JMP 00150470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCA 77309975 5 Bytes JMP 001500B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RestoreDC 77309A10 5 Bytes JMP 00150530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SaveDC 77309AD2 5 Bytes JMP 00150570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StretchDIBits 7730AC38 5 Bytes JMP 00150770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceW 7730B4CC 5 Bytes JMP 00150D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32W 7730B535 5 Bytes JMP 00150670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetFontData 7730B8E8 5 Bytes JMP 00150C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCW 7730BD21 5 Bytes JMP 001500F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateICW 7730C660 5 Bytes JMP 00150130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!LineTo 7730CA20 5 Bytes JMP 00150430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetWorldTransform 7730CB42 5 Bytes JMP 001506F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsA 7730CE46 5 Bytes JMP 00150DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Rectangle 7730F5BE 5 Bytes JMP 001509B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetICMMode 7730F8D4 5 Bytes JMP 00150DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutA 77310158 5 Bytes JMP 00150930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32A 773108BB 5 Bytes JMP 00150630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Escape 77310B0D 5 Bytes JMP 00150270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtEscape 77313472 5 Bytes JMP 001502B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceA 77313E49 5 Bytes JMP 00150CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetPolyFillMode 77316CE1 5 Bytes JMP 00150B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetMiterLimit 77316E54 5 Bytes JMP 00150B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ResetDCW 7732031C 5 Bytes JMP 00150AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPage 773207CD 5 Bytes JMP 00150230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetGlyphOutlineW 7732C292 5 Bytes JMP 00150CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateScalableFontResourceW 7732E8EF 5 Bytes JMP 00150BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AddFontResourceW 7732ECEB 5 Bytes JMP 00150BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RemoveFontResourceW 7732F1E1 5 Bytes JMP 00150C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AbortDoc 77334D37 5 Bytes JMP 00150030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndDoc 7733517E 5 Bytes JMP 001501F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartPage 77335269 5 Bytes JMP 00150730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartDocW 77335BB6 5 Bytes JMP 001507F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!BeginPath 7733635D 5 Bytes JMP 00150830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipPath 773363B4 5 Bytes JMP 00150AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CloseFigure 7733640F 5 Bytes JMP 00150070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPath 77336466 5 Bytes JMP 00150A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StrokePath 77336699 5 Bytes JMP 001507B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!FillPath 77336726 5 Bytes JMP 00150870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolylineTo 77336B94 5 Bytes JMP 001504F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyBezierTo 77336C25 5 Bytes JMP 001504B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyDraw 77336CD7 5 Bytes JMP 001508B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ActivateKeyboardLayout 770A817D 5 Bytes JMP 001604F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ScreenToClient 770AC1F2 7 Bytes JMP 00160670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatA 770AE6B1 5 Bytes JMP 001602F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatW 770AEDFD 5 Bytes JMP 001602B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursor 770B52EA 5 Bytes JMP 00160530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MonitorFromWindow 770B590A 7 Bytes JMP 00160630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!PostMessageW 770B6225 5 Bytes JMP 001605F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsWindowVisible 770B6939 7 Bytes JMP 001606B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClientRect 770B74B1 7 Bytes JMP 001605B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MapWindowPoints 770B7915 5 Bytes JMP 00160570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetParent 770B7AB3 7 Bytes JMP 001606F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardData 770C4979 5 Bytes JMP 00160170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EmptyClipboard 770C4A28 5 Bytes JMP 00160130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardData 770C4B47 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EnumClipboardFormats 770C4D98 5 Bytes JMP 001601B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameW 770C7EB2 5 Bytes JMP 00160230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardViewer 770C8F4D 5 Bytes JMP 001604B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameA 770C8F61 5 Bytes JMP 00160270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 5 Bytes JMP 001603F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ChangeClipboardChain 770D3425 5 Bytes JMP 00160430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetTopWindow 770D3A5D 7 Bytes JMP 00160730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CloseClipboard 770D5BA7 5 Bytes JMP 001600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!OpenClipboard 770D5BB9 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsClipboardFormatAvailable 770D5C3A 5 Bytes JMP 001600F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardSequenceNumber 770D5C4E 5 Bytes JMP 00160330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardOwner 770D5C60 5 Bytes JMP 00160370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CountClipboardFormats 770D5DC9 5 Bytes JMP 001601F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursorPos 770EC1D8 5 Bytes JMP 00160770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardViewer 77104B57 5 Bytes JMP 00160470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetPriorityClipboardFormat 77104C59 5 Bytes JMP 001603B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleSetClipboard 773AF2FE 5 Bytes JMP 00170030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleIsCurrentClipboard 773B2489 5 Bytes JMP 00170070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleGetClipboard 773DF825 5 Bytes JMP 001700B0

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85de6698]<< 85de6698
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b5a030] 85b5a030
Trace 3 CLASSPNP.SYS[87bc159e] -> nt!IofCallDriver -> [0x85df3ef8] 85df3ef8
Trace \Driver\00000493[0x85df4350] -> IRP_MJ_CREATE -> 0x85de6698 85de6698

---- Modules - GMER 2.1 ----

Module (noname) (*** hidden *** ) 8B854000-8B869000 (86016 bytes)

---- Processes - GMER 2.1 ----

Process C:\Windows\System32\svchost.exe (*** hidden *** ) 1336

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Files - GMER 2.1 ----

File C:\Windows\$NtUninstallKB43389$\2657797194 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\@ 2048 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\00000004.@ 804 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\201d3dde 198 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\24fb4792 69 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\4cce1f70 2044 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\6715e287 69 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\76603ac3 2415 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\xadqgnnk 108544 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\00000004.@ 2048 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\00000008.@ 1024 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\000000cb.@ 1632 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\80000000.@ 11776 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\80000032.@ 90624 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0X9XI0\iframe3[5].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\st[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\player[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\view[1].htm 198 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCA5XDO69 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCAQS2GKW 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\st[11] 0 bytes

---- EOF - GMER 2.1 ----



Vielen Dank im Voraus für eure Hilfe. Ich muss aber leider sagen, dass ich erst wieder am Montag eure Hinweise befolgen kann.

Alt 24.05.2013, 13:19   #2
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



Hi,
wer keine Windows updates zb macht, muss sich nicht wundern :-(

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\RunOnce: [A49C15FB3DB849D00000A49B71654F53] C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe ()
[2013.05.22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus

:files
C:\ProgramData\A49C15FB3DB849D00000A49B71654F53
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 27.05.2013, 20:32   #3
red_angel
 
System Anti Virus - Standard

System Anti Virus



Ja, hab ich gemacht. Dankeschön bis hierhin erstmal.... Ich kann erst morgen wieder hier schauen.


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\A49C15FB3DB849D00000A49B71654F53 not found.
C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe moved successfully.
C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully.
========== FILES ==========
C:\ProgramData\A49C15FB3DB849D00000A49B71654F53 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dozent
->Temp folder emptied: 166407437 bytes
->Temporary Internet Files folder emptied: 375932941 bytes
->Java cache emptied: 5698039 bytes
->FireFox cache emptied: 86354511 bytes
->Flash cache emptied: 2222 bytes

User: Public

User: Teilnehmer
->Temp folder emptied: 78130752 bytes
->Temporary Internet Files folder emptied: 47715977 bytes
->Java cache emptied: 473248 bytes
->FireFox cache emptied: 70187739 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 643017164 bytes
RecycleBin emptied: 154624 bytes

Total Files Cleaned = 1.406,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05272013_175414

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________

Alt 27.05.2013, 21:33   #4
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



normaler Modus läuft?
dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 10:57   #5
red_angel
 
System Anti Virus - Standard

System Anti Virus



Hallo, wahrscheinlich habe ich das nun von Anfang an falsch gemacht. Denn der Administratoraccount kommt gar nicht ins Internet, daher habe ich mich unter dem anderen Account eingeloggt und diese ganzen Anleitungen befolgt. Das Administrator-Passwort, das ich für Downloads brauchte, musste ich dann hier und da eingeben. Unter diesem anderen Account läuft der normale Modus.

Code:
ATTFilter
11:51:23.0575 0672  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:51:23.0805 0672  ============================================================
11:51:23.0805 0672  Current date / time: 2013/05/28 11:51:23.0805
11:51:23.0805 0672  SystemInfo:
11:51:23.0805 0672  
11:51:23.0805 0672  OS Version: 6.1.7600 ServicePack: 0.0
11:51:23.0805 0672  Product type: Workstation
11:51:23.0805 0672  ComputerName: PC-RAUM-1
11:51:23.0805 0672  UserName: Dozent
11:51:23.0805 0672  Windows directory: C:\Windows
11:51:23.0805 0672  System windows directory: C:\Windows
11:51:23.0805 0672  Processor architecture: Intel x86
11:51:23.0805 0672  Number of processors: 2
11:51:23.0805 0672  Page size: 0x1000
11:51:23.0805 0672  Boot type: Normal boot
11:51:23.0805 0672  ============================================================
11:51:25.0005 0672  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x11EE4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
11:51:25.0005 0672  ============================================================
11:51:25.0005 0672  \Device\Harddisk0\DR0:
11:51:25.0005 0672  MBR partitions:
11:51:25.0005 0672  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:51:25.0005 0672  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
11:51:25.0005 0672  ============================================================
11:51:25.0055 0672  C: <-> \Device\Harddisk0\DR0\Partition2
11:51:25.0115 0672  ============================================================
11:51:25.0115 0672  Initialize success
11:51:25.0115 0672  ============================================================
11:52:07.0445 3376  ============================================================
11:52:07.0445 3376  Scan started
11:52:07.0445 3376  Mode: Manual; SigCheck; TDLFS; 
11:52:07.0445 3376  ============================================================
11:52:08.0505 3376  ================ Scan system memory ========================
11:52:08.0505 3376  System memory - ok
11:52:08.0505 3376  ================ Scan services =============================
11:52:08.0695 3376  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
11:52:08.0825 3376  1394ohci - ok
11:52:08.0865 3376  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
11:52:08.0885 3376  ACPI - ok
11:52:08.0895 3376  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
11:52:08.0975 3376  AcpiPmi - ok
11:52:09.0015 3376  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:52:09.0025 3376  adp94xx - ok
11:52:09.0065 3376  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:52:09.0085 3376  adpahci - ok
11:52:09.0095 3376  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:52:09.0115 3376  adpu320 - ok
11:52:09.0135 3376  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:52:09.0215 3376  AeLookupSvc - ok
11:52:09.0265 3376  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
11:52:09.0345 3376  AFD - ok
11:52:09.0355 3376  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
11:52:09.0365 3376  agp440 - ok
11:52:09.0395 3376  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:52:09.0405 3376  aic78xx - ok
11:52:09.0435 3376  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
11:52:09.0495 3376  ALG - ok
11:52:09.0515 3376  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
11:52:09.0525 3376  aliide - ok
11:52:09.0535 3376  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
11:52:09.0545 3376  amdagp - ok
11:52:09.0555 3376  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
11:52:09.0565 3376  amdide - ok
11:52:09.0595 3376  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:52:09.0625 3376  AmdK8 - ok
11:52:09.0655 3376  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:52:09.0685 3376  AmdPPM - ok
11:52:09.0715 3376  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:52:09.0735 3376  amdsata - ok
11:52:09.0745 3376  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:52:09.0765 3376  amdsbs - ok
11:52:09.0785 3376  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:52:09.0795 3376  amdxata - ok
11:52:09.0815 3376  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
11:52:09.0885 3376  AppID - ok
11:52:09.0905 3376  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:52:10.0035 3376  AppIDSvc - ok
11:52:10.0045 3376  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
11:52:10.0105 3376  Appinfo - ok
11:52:10.0135 3376  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:52:10.0145 3376  arc - ok
11:52:10.0155 3376  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:52:10.0175 3376  arcsas - ok
11:52:10.0185 3376  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:10.0305 3376  AsyncMac - ok
11:52:10.0325 3376  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
11:52:10.0325 3376  atapi - ok
11:52:10.0345 3376  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:52:10.0405 3376  AudioEndpointBuilder - ok
11:52:10.0435 3376  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:52:10.0455 3376  Audiosrv - ok
11:52:10.0475 3376  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:52:10.0535 3376  AxInstSV - ok
11:52:10.0555 3376  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:52:10.0605 3376  b06bdrv - ok
11:52:10.0625 3376  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:52:10.0665 3376  b57nd60x - ok
11:52:10.0695 3376  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:52:10.0735 3376  BDESVC - ok
11:52:10.0775 3376  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:52:10.0815 3376  Beep - ok
11:52:10.0835 3376  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:52:10.0865 3376  blbdrive - ok
11:52:10.0905 3376  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:52:10.0955 3376  bowser - ok
11:52:10.0975 3376  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:52:10.0995 3376  BrFiltLo - ok
11:52:11.0015 3376  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:52:11.0065 3376  BrFiltUp - ok
11:52:11.0105 3376  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
11:52:11.0135 3376  Browser - ok
11:52:11.0165 3376  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:52:11.0215 3376  Brserid - ok
11:52:11.0235 3376  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:11.0285 3376  BrSerWdm - ok
11:52:11.0295 3376  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:11.0325 3376  BrUsbMdm - ok
11:52:11.0345 3376  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:11.0375 3376  BrUsbSer - ok
11:52:11.0395 3376  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:11.0425 3376  BTHMODEM - ok
11:52:11.0445 3376  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
11:52:11.0485 3376  bthserv - ok
11:52:11.0535 3376  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:52:11.0585 3376  cdfs - ok
11:52:11.0605 3376  [ 9E8E9A56FAF5F3C1E1AEA68DD7225403 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:52:11.0605 3376  Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: 9E8E9A56FAF5F3C1E1AEA68DD7225403, Fake md5: BA6E70AA0E6091BC39DE29477D866A77
11:52:11.0605 3376  cdrom ( Virus.Win32.ZAccess.k ) - infected
11:52:11.0605 3376  cdrom - detected Virus.Win32.ZAccess.k (0)
11:52:11.0645 3376  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:52:11.0665 3376  CertPropSvc - ok
11:52:11.0685 3376  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:52:11.0715 3376  circlass - ok
11:52:11.0745 3376  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
11:52:11.0765 3376  CLFS - ok
11:52:11.0825 3376  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:11.0835 3376  clr_optimization_v2.0.50727_32 - ok
11:52:11.0895 3376  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:11.0925 3376  clr_optimization_v4.0.30319_32 - ok
11:52:11.0945 3376  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:11.0955 3376  CmBatt - ok
11:52:11.0985 3376  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
11:52:11.0995 3376  cmdide - ok
11:52:12.0025 3376  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:52:12.0045 3376  CNG - ok
11:52:12.0065 3376  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:52:12.0075 3376  Compbatt - ok
11:52:12.0085 3376  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:52:12.0115 3376  CompositeBus - ok
11:52:12.0115 3376  COMSysApp - ok
11:52:12.0195 3376  cpuz132 - ok
11:52:12.0215 3376  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:52:12.0225 3376  crcdisk - ok
11:52:12.0265 3376  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:52:12.0345 3376  CryptSvc - ok
11:52:12.0375 3376  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:52:12.0475 3376  DcomLaunch - ok
11:52:12.0515 3376  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:52:12.0555 3376  defragsvc - ok
11:52:12.0615 3376  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:52:12.0685 3376  DfsC - ok
11:52:12.0715 3376  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:52:12.0775 3376  Dhcp - ok
11:52:12.0805 3376  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
11:52:12.0845 3376  discache - ok
11:52:12.0875 3376  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:52:12.0885 3376  Disk - ok
11:52:12.0925 3376  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:52:12.0975 3376  Dnscache - ok
11:52:12.0995 3376  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:52:13.0045 3376  dot3svc - ok
11:52:13.0065 3376  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
11:52:13.0105 3376  DPS - ok
11:52:13.0135 3376  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:52:13.0165 3376  drmkaud - ok
11:52:13.0215 3376  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:52:13.0235 3376  DXGKrnl - ok
11:52:13.0275 3376  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
11:52:13.0295 3376  EapHost - ok
11:52:13.0375 3376  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:52:13.0475 3376  ebdrv - ok
11:52:13.0515 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
11:52:13.0595 3376  EFS - ok
11:52:13.0645 3376  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:52:13.0725 3376  ehRecvr - ok
11:52:13.0745 3376  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
11:52:13.0795 3376  ehSched - ok
11:52:13.0815 3376  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:52:13.0835 3376  elxstor - ok
11:52:13.0845 3376  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
11:52:13.0875 3376  ErrDev - ok
11:52:13.0925 3376  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
11:52:13.0965 3376  EventSystem - ok
11:52:14.0005 3376  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
11:52:14.0045 3376  exfat - ok
11:52:14.0075 3376  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:52:14.0095 3376  fastfat - ok
11:52:14.0125 3376  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
11:52:14.0195 3376  Fax - ok
11:52:14.0225 3376  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:52:14.0245 3376  fdc - ok
11:52:14.0275 3376  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
11:52:14.0295 3376  fdPHost - ok
11:52:14.0305 3376  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
11:52:14.0345 3376  FDResPub - ok
11:52:14.0385 3376  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:52:14.0385 3376  FileInfo - ok
11:52:14.0405 3376  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:52:14.0425 3376  Filetrace - ok
11:52:14.0445 3376  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:14.0475 3376  flpydisk - ok
11:52:14.0505 3376  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:52:14.0515 3376  FltMgr - ok
11:52:14.0555 3376  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
11:52:14.0615 3376  FontCache - ok
11:52:14.0665 3376  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:52:14.0675 3376  FontCache3.0.0.0 - ok
11:52:14.0735 3376  [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
11:52:14.0755 3376  ForceWare Intelligent Application Manager (IAM) - ok
11:52:14.0785 3376  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:52:14.0795 3376  FsDepends - ok
11:52:14.0825 3376  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:52:14.0835 3376  Fs_Rec - ok
11:52:14.0865 3376  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:52:14.0875 3376  fvevol - ok
11:52:14.0895 3376  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:52:14.0905 3376  gagp30kx - ok
11:52:14.0935 3376  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
11:52:14.0975 3376  gpsvc - ok
11:52:15.0005 3376  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:52:15.0055 3376  hcw85cir - ok
11:52:15.0085 3376  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:52:15.0115 3376  HdAudAddService - ok
11:52:15.0135 3376  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:52:15.0165 3376  HDAudBus - ok
11:52:15.0185 3376  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:52:15.0215 3376  HidBatt - ok
11:52:15.0235 3376  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:52:15.0275 3376  HidBth - ok
11:52:15.0285 3376  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:52:15.0315 3376  HidIr - ok
11:52:15.0345 3376  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
11:52:15.0365 3376  hidserv - ok
11:52:15.0405 3376  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:52:15.0415 3376  HidUsb - ok
11:52:15.0435 3376  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:52:15.0485 3376  hkmsvc - ok
11:52:15.0515 3376  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:52:15.0525 3376  HomeGroupListener - ok
11:52:15.0555 3376  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:52:15.0585 3376  HomeGroupProvider - ok
11:52:15.0615 3376  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
11:52:15.0625 3376  HpSAMD - ok
11:52:15.0645 3376  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:52:15.0695 3376  HTTP - ok
11:52:15.0775 3376  [ ADFA0D6F486612EEB13E86AEC7D2A25D ] HWiNFO32        C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS
11:52:15.0785 3376  HWiNFO32 - ok
11:52:15.0815 3376  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:52:15.0825 3376  hwpolicy - ok
11:52:15.0835 3376  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:52:15.0875 3376  i8042prt - ok
11:52:15.0915 3376  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:52:15.0925 3376  iaStorV - ok
11:52:15.0965 3376  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:52:15.0995 3376  idsvc - ok
11:52:16.0015 3376  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:52:16.0025 3376  iirsp - ok
11:52:16.0065 3376  [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
11:52:16.0065 3376  IJPLMSVC - ok
11:52:16.0105 3376  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:52:16.0155 3376  IKEEXT - ok
11:52:16.0225 3376  [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:52:16.0295 3376  IntcAzAudAddService - ok
11:52:16.0315 3376  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
11:52:16.0325 3376  intelide - ok
11:52:16.0335 3376  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:52:16.0365 3376  intelppm - ok
11:52:16.0385 3376  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:52:16.0425 3376  IPBusEnum - ok
11:52:16.0445 3376  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:16.0495 3376  IpFilterDriver - ok
11:52:16.0515 3376  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:52:16.0545 3376  IPMIDRV - ok
11:52:16.0545 3376  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:52:16.0585 3376  IPNAT - ok
11:52:16.0605 3376  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:52:16.0615 3376  IRENUM - ok
11:52:16.0635 3376  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
11:52:16.0645 3376  isapnp - ok
11:52:16.0675 3376  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:52:16.0695 3376  iScsiPrt - ok
11:52:16.0725 3376  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:16.0735 3376  kbdclass - ok
11:52:16.0745 3376  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:52:16.0775 3376  kbdhid - ok
11:52:16.0805 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
11:52:16.0815 3376  KeyIso - ok
11:52:16.0835 3376  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:52:16.0845 3376  KSecDD - ok
11:52:16.0875 3376  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:52:16.0885 3376  KSecPkg - ok
11:52:16.0925 3376  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:52:16.0965 3376  KtmRm - ok
11:52:17.0015 3376  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:52:17.0045 3376  LanmanServer - ok
11:52:17.0075 3376  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:52:17.0115 3376  LanmanWorkstation - ok
11:52:17.0145 3376  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:52:17.0175 3376  lltdio - ok
11:52:17.0205 3376  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:52:17.0225 3376  lltdsvc - ok
11:52:17.0265 3376  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:52:17.0305 3376  lmhosts - ok
11:52:17.0335 3376  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:52:17.0345 3376  LSI_FC - ok
11:52:17.0385 3376  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:52:17.0395 3376  LSI_SAS - ok
11:52:17.0405 3376  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:52:17.0415 3376  LSI_SAS2 - ok
11:52:17.0425 3376  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:52:17.0435 3376  LSI_SCSI - ok
11:52:17.0455 3376  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
11:52:17.0505 3376  luafv - ok
11:52:17.0595 3376  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:52:17.0605 3376  MBAMProtector - ok
11:52:17.0675 3376  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:52:17.0685 3376  MBAMScheduler - ok
11:52:17.0725 3376  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:52:17.0745 3376  MBAMService - ok
11:52:17.0775 3376  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:52:17.0785 3376  Mcx2Svc - ok
11:52:17.0805 3376  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:52:17.0815 3376  megasas - ok
11:52:17.0835 3376  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:52:17.0845 3376  MegaSR - ok
11:52:17.0885 3376  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
11:52:17.0925 3376  MMCSS - ok
11:52:17.0955 3376  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
11:52:18.0005 3376  Modem - ok
11:52:18.0035 3376  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:52:18.0065 3376  monitor - ok
11:52:18.0095 3376  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:52:18.0105 3376  mouclass - ok
11:52:18.0115 3376  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:52:18.0145 3376  mouhid - ok
11:52:18.0175 3376  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:52:18.0175 3376  mountmgr - ok
11:52:18.0215 3376  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:52:18.0225 3376  MozillaMaintenance - ok
11:52:18.0265 3376  [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:52:18.0275 3376  MpFilter - ok
11:52:18.0295 3376  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
11:52:18.0305 3376  mpio - ok
11:52:18.0365 3376  MpKsl0128d60a - ok
11:52:18.0365 3376  MpKsl0b0b7015 - ok
11:52:18.0375 3376  MpKsl0f5e3759 - ok
11:52:18.0385 3376  MpKsl2013e79b - ok
11:52:18.0395 3376  MpKsl35d48099 - ok
11:52:18.0405 3376  MpKsl6a532c04 - ok
11:52:18.0425 3376  MpKsl7237ef53 - ok
11:52:18.0435 3376  MpKsl7b710871 - ok
11:52:18.0435 3376  MpKsl9f126476 - ok
11:52:18.0445 3376  MpKslb0fa1f9a - ok
11:52:18.0455 3376  MpKslccbc9a8b - ok
11:52:18.0465 3376  MpKslcf90afa7 - ok
11:52:18.0475 3376  MpKsld6d4cfda - ok
11:52:18.0485 3376  MpKsle2e68444 - ok
11:52:18.0515 3376  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:52:18.0565 3376  mpsdrv - ok
11:52:18.0595 3376  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:52:18.0625 3376  MRxDAV - ok
11:52:18.0655 3376  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:18.0705 3376  mrxsmb - ok
11:52:18.0725 3376  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:18.0755 3376  mrxsmb10 - ok
11:52:18.0785 3376  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:18.0795 3376  mrxsmb20 - ok
11:52:18.0815 3376  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
11:52:18.0825 3376  msahci - ok
11:52:18.0835 3376  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
11:52:18.0855 3376  msdsm - ok
11:52:18.0885 3376  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
11:52:18.0915 3376  MSDTC - ok
11:52:18.0965 3376  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:52:18.0985 3376  Msfs - ok
11:52:18.0995 3376  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:52:19.0035 3376  mshidkmdf - ok
11:52:19.0065 3376  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
11:52:19.0075 3376  msisadrv - ok
11:52:19.0105 3376  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:52:19.0145 3376  MSiSCSI - ok
11:52:19.0155 3376  msiserver - ok
11:52:19.0175 3376  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:52:19.0225 3376  MSKSSRV - ok
11:52:19.0245 3376  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:19.0285 3376  MSPCLOCK - ok
11:52:19.0315 3376  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:52:19.0345 3376  MSPQM - ok
11:52:19.0385 3376  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:52:19.0395 3376  MsRPC - ok
11:52:19.0415 3376  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:52:19.0425 3376  mssmbios - ok
11:52:19.0435 3376  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:52:19.0455 3376  MSTEE - ok
11:52:19.0465 3376  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:52:19.0475 3376  MTConfig - ok
11:52:19.0495 3376  [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
11:52:19.0545 3376  MTsensor - ok
11:52:19.0585 3376  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:52:19.0595 3376  Mup - ok
11:52:19.0625 3376  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
11:52:19.0675 3376  napagent - ok
11:52:19.0705 3376  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:52:19.0735 3376  NativeWifiP - ok
11:52:19.0775 3376  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:52:19.0795 3376  NDIS - ok
11:52:19.0815 3376  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:19.0855 3376  NdisCap - ok
11:52:19.0875 3376  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:19.0895 3376  NdisTapi - ok
11:52:19.0905 3376  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:19.0935 3376  Ndisuio - ok
11:52:19.0945 3376  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:19.0975 3376  NdisWan - ok
11:52:19.0985 3376  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:52:20.0025 3376  NDProxy - ok
11:52:20.0045 3376  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:52:20.0085 3376  NetBIOS - ok
11:52:20.0115 3376  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:52:20.0135 3376  NetBT - ok
11:52:20.0155 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
11:52:20.0165 3376  Netlogon - ok
11:52:20.0205 3376  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
11:52:20.0245 3376  Netman - ok
11:52:20.0275 3376  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
11:52:20.0305 3376  netprofm - ok
11:52:20.0335 3376  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:20.0345 3376  NetTcpPortSharing - ok
11:52:20.0365 3376  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:52:20.0375 3376  nfrd960 - ok
11:52:20.0415 3376  [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:52:20.0425 3376  NisDrv - ok
11:52:20.0465 3376  [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:52:20.0485 3376  NisSrv - ok
11:52:20.0505 3376  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:52:20.0545 3376  NlaSvc - ok
11:52:20.0585 3376  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:52:20.0605 3376  Npfs - ok
11:52:20.0665 3376  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
11:52:20.0725 3376  nsi - ok
11:52:20.0755 3376  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:52:20.0795 3376  nsiproxy - ok
11:52:20.0845 3376  [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
11:52:20.0865 3376  nSvcIp - ok
11:52:20.0965 3376  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:52:21.0025 3376  Ntfs - ok
11:52:21.0065 3376  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
11:52:21.0095 3376  Null - ok
11:52:21.0125 3376  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
11:52:21.0175 3376  NVENETFD - ok
11:52:21.0345 3376  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:52:21.0575 3376  nvlddmkm - ok
11:52:21.0615 3376  [ D22E432E402499AC264A113D7168B91F ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
11:52:21.0625 3376  NVNET - ok
11:52:21.0685 3376  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:52:21.0695 3376  nvraid - ok
11:52:21.0715 3376  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:52:21.0735 3376  nvstor - ok
11:52:21.0765 3376  [ 92A8601DDFA4A926FE629FA12CB2BC61 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
11:52:21.0765 3376  nvstor32 - ok
11:52:21.0785 3376  [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:52:21.0795 3376  nvsvc - ok
11:52:21.0825 3376  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
11:52:21.0835 3376  nv_agp - ok
11:52:21.0895 3376  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:52:21.0915 3376  odserv - ok
11:52:21.0935 3376  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:52:21.0965 3376  ohci1394 - ok
11:52:21.0995 3376  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:22.0005 3376  ose - ok
11:52:22.0045 3376  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:52:22.0105 3376  p2pimsvc - ok
11:52:22.0145 3376  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:52:22.0165 3376  p2psvc - ok
11:52:22.0195 3376  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:52:22.0235 3376  Parport - ok
11:52:22.0275 3376  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:52:22.0285 3376  partmgr - ok
11:52:22.0305 3376  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:52:22.0335 3376  Parvdm - ok
11:52:22.0365 3376  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:52:22.0385 3376  PcaSvc - ok
11:52:22.0395 3376  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
11:52:22.0415 3376  pci - ok
11:52:22.0435 3376  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
11:52:22.0445 3376  pciide - ok
11:52:22.0475 3376  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:22.0505 3376  pcmcia - ok
11:52:22.0565 3376  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
11:52:22.0595 3376  pcw - ok
11:52:22.0685 3376  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:52:22.0715 3376  PEAUTH - ok
11:52:22.0795 3376  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
11:52:22.0885 3376  pla - ok
11:52:22.0925 3376  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:52:22.0975 3376  PlugPlay - ok
11:52:22.0985 3376  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:52:23.0015 3376  PNRPAutoReg - ok
11:52:23.0045 3376  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:52:23.0055 3376  PNRPsvc - ok
11:52:23.0095 3376  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:52:23.0135 3376  PolicyAgent - ok
11:52:23.0185 3376  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
11:52:23.0205 3376  Power - ok
11:52:23.0235 3376  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:52:23.0275 3376  PptpMiniport - ok
11:52:23.0305 3376  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:52:23.0345 3376  Processor - ok
11:52:23.0365 3376  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
11:52:23.0435 3376  ProfSvc - ok
11:52:23.0455 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:52:23.0465 3376  ProtectedStorage - ok
11:52:23.0495 3376  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:52:23.0515 3376  Psched - ok
11:52:23.0555 3376  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:52:23.0605 3376  ql2300 - ok
11:52:23.0615 3376  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:23.0625 3376  ql40xx - ok
11:52:23.0665 3376  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
11:52:23.0695 3376  QWAVE - ok
11:52:23.0735 3376  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:52:23.0745 3376  QWAVEdrv - ok
11:52:23.0765 3376  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:52:23.0805 3376  RasAcd - ok
11:52:23.0835 3376  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:23.0875 3376  RasAgileVpn - ok
11:52:23.0905 3376  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
11:52:23.0945 3376  RasAuto - ok
11:52:23.0975 3376  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:24.0015 3376  Rasl2tp - ok
11:52:24.0045 3376  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
11:52:24.0075 3376  RasMan - ok
11:52:24.0075 3376  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:24.0115 3376  RasPppoe - ok
11:52:24.0145 3376  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:52:24.0165 3376  RasSstp - ok
11:52:24.0195 3376  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:52:24.0215 3376  rdbss - ok
11:52:24.0225 3376  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:24.0245 3376  rdpbus - ok
11:52:24.0255 3376  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:24.0275 3376  RDPCDD - ok
11:52:24.0295 3376  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:52:24.0315 3376  RDPENCDD - ok
11:52:24.0325 3376  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:52:24.0355 3376  RDPREFMP - ok
11:52:24.0385 3376  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:52:24.0445 3376  RDPWD - ok
11:52:24.0475 3376  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:52:24.0485 3376  rdyboost - ok
11:52:24.0535 3376  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:52:24.0585 3376  RemoteAccess - ok
11:52:24.0625 3376  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:52:24.0665 3376  RemoteRegistry - ok
11:52:24.0695 3376  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:52:24.0735 3376  RpcEptMapper - ok
11:52:24.0775 3376  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
11:52:24.0795 3376  RpcLocator - ok
11:52:24.0825 3376  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
11:52:24.0845 3376  RpcSs - ok
11:52:24.0875 3376  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:52:24.0925 3376  rspndr - ok
11:52:24.0945 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
11:52:24.0955 3376  SamSs - ok
11:52:24.0975 3376  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
11:52:24.0985 3376  sbp2port - ok
11:52:25.0015 3376  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:52:25.0045 3376  SCardSvr - ok
11:52:25.0065 3376  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:52:25.0085 3376  scfilter - ok
11:52:25.0125 3376  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
11:52:25.0195 3376  Schedule - ok
11:52:25.0225 3376  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:52:25.0255 3376  SCPolicySvc - ok
11:52:25.0265 3376  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:52:25.0325 3376  SDRSVC - ok
11:52:25.0345 3376  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:52:25.0395 3376  secdrv - ok
11:52:25.0415 3376  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
11:52:25.0465 3376  seclogon - ok
11:52:25.0485 3376  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
11:52:25.0525 3376  SENS - ok
11:52:25.0545 3376  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:52:25.0595 3376  SensrSvc - ok
11:52:25.0605 3376  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:52:25.0615 3376  Serenum - ok
11:52:25.0625 3376  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:52:25.0665 3376  Serial - ok
11:52:25.0685 3376  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:52:25.0695 3376  sermouse - ok
11:52:25.0735 3376  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
11:52:25.0785 3376  SessionEnv - ok
11:52:25.0815 3376  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
11:52:25.0845 3376  sffdisk - ok
11:52:25.0875 3376  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:52:25.0905 3376  sffp_mmc - ok
11:52:25.0925 3376  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
11:52:25.0975 3376  sffp_sd - ok
11:52:25.0995 3376  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:26.0015 3376  sfloppy - ok
11:52:26.0045 3376  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:52:26.0095 3376  ShellHWDetection - ok
11:52:26.0115 3376  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
11:52:26.0125 3376  sisagp - ok
11:52:26.0125 3376  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:26.0145 3376  SiSRaid2 - ok
11:52:26.0155 3376  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:26.0165 3376  SiSRaid4 - ok
11:52:26.0185 3376  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:52:26.0235 3376  Smb - ok
11:52:26.0275 3376  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:52:26.0285 3376  SNMPTRAP - ok
11:52:26.0305 3376  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:52:26.0315 3376  spldr - ok
11:52:26.0345 3376  [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler         C:\Windows\System32\spoolsv.exe
11:52:26.0405 3376  Spooler - ok
11:52:26.0495 3376  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:52:26.0595 3376  sppsvc - ok
11:52:26.0615 3376  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:52:26.0645 3376  sppuinotify - ok
11:52:26.0675 3376  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:52:26.0715 3376  srv - ok
11:52:26.0755 3376  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:52:26.0785 3376  srv2 - ok
11:52:26.0835 3376  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:52:26.0865 3376  srvnet - ok
11:52:26.0895 3376  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:52:26.0945 3376  SSDPSRV - ok
11:52:26.0965 3376  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:52:26.0995 3376  SstpSvc - ok
11:52:27.0035 3376  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:52:27.0045 3376  stexstor - ok
11:52:27.0085 3376  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:52:27.0125 3376  StiSvc - ok
11:52:27.0165 3376  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:52:27.0175 3376  swenum - ok
11:52:27.0205 3376  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
11:52:27.0235 3376  swprv - ok
11:52:27.0275 3376  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
11:52:27.0325 3376  SysMain - ok
11:52:27.0345 3376  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:52:27.0385 3376  TabletInputService - ok
11:52:27.0405 3376  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:52:27.0445 3376  TapiSrv - ok
11:52:27.0465 3376  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
11:52:27.0505 3376  TBS - ok
11:52:27.0575 3376  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:52:27.0615 3376  Tcpip - ok
11:52:27.0645 3376  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:52:27.0665 3376  TCPIP6 - ok
11:52:27.0725 3376  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:52:27.0795 3376  tcpipreg - ok
11:52:27.0815 3376  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:52:27.0905 3376  TDPIPE - ok
11:52:27.0935 3376  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:52:27.0975 3376  TDTCP - ok
11:52:27.0995 3376  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:52:28.0035 3376  tdx - ok
11:52:28.0065 3376  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:52:28.0075 3376  TermDD - ok
11:52:28.0105 3376  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
11:52:28.0155 3376  TermService - ok
11:52:28.0185 3376  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
11:52:28.0195 3376  Themes - ok
11:52:28.0215 3376  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:52:28.0235 3376  THREADORDER - ok
11:52:28.0275 3376  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
11:52:28.0315 3376  TrkWks - ok
11:52:28.0375 3376  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:52:28.0405 3376  TrustedInstaller - ok
11:52:28.0435 3376  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:28.0475 3376  tssecsrv - ok
11:52:28.0515 3376  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:52:28.0565 3376  tunnel - ok
11:52:28.0595 3376  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:52:28.0605 3376  uagp35 - ok
11:52:28.0635 3376  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:52:28.0665 3376  udfs - ok
11:52:28.0695 3376  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:52:28.0725 3376  UI0Detect - ok
11:52:28.0755 3376  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
11:52:28.0765 3376  uliagpkx - ok
11:52:28.0775 3376  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:52:28.0795 3376  umbus - ok
11:52:28.0805 3376  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:52:28.0845 3376  UmPass - ok
11:52:28.0865 3376  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
11:52:28.0915 3376  upnphost - ok
11:52:28.0935 3376  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
11:52:29.0015 3376  usbccgp - ok
11:52:29.0035 3376  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
11:52:29.0065 3376  usbcir - ok
11:52:29.0095 3376  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:52:29.0115 3376  usbehci - ok
11:52:29.0135 3376  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:52:29.0155 3376  usbhub - ok
11:52:29.0165 3376  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:52:29.0195 3376  usbohci - ok
11:52:29.0215 3376  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:52:29.0235 3376  usbprint - ok
11:52:29.0265 3376  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:52:29.0295 3376  usbscan - ok
11:52:29.0325 3376  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:29.0395 3376  USBSTOR - ok
11:52:29.0415 3376  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:52:29.0435 3376  usbuhci - ok
11:52:29.0475 3376  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
11:52:29.0495 3376  UxSms - ok
11:52:29.0505 3376  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
11:52:29.0515 3376  VaultSvc - ok
11:52:29.0535 3376  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
11:52:29.0545 3376  vdrvroot - ok
11:52:29.0575 3376  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
11:52:29.0605 3376  vds - ok
11:52:29.0635 3376  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:29.0665 3376  vga - ok
11:52:29.0695 3376  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:52:29.0715 3376  VgaSave - ok
11:52:29.0735 3376  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
11:52:29.0755 3376  vhdmp - ok
11:52:29.0775 3376  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
11:52:29.0785 3376  viaagp - ok
11:52:29.0795 3376  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:52:29.0825 3376  ViaC7 - ok
11:52:29.0845 3376  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
11:52:29.0855 3376  viaide - ok
11:52:29.0875 3376  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
11:52:29.0885 3376  volmgr - ok
11:52:29.0905 3376  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:52:29.0925 3376  volmgrx - ok
11:52:29.0935 3376  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
11:52:29.0955 3376  volsnap - ok
11:52:29.0965 3376  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:29.0975 3376  vsmraid - ok
11:52:30.0025 3376  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
11:52:30.0085 3376  VSS - ok
11:52:30.0115 3376  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:52:30.0125 3376  vwifibus - ok
11:52:30.0145 3376  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
11:52:30.0195 3376  W32Time - ok
11:52:30.0225 3376  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:52:30.0235 3376  WacomPen - ok
11:52:30.0255 3376  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:52:30.0285 3376  WANARP - ok
11:52:30.0295 3376  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:52:30.0315 3376  Wanarpv6 - ok
11:52:30.0375 3376  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:30.0415 3376  WatAdminSvc - ok
11:52:30.0465 3376  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
11:52:30.0555 3376  wbengine - ok
11:52:30.0575 3376  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:52:30.0595 3376  WbioSrvc - ok
11:52:30.0625 3376  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:52:30.0655 3376  wcncsvc - ok
11:52:30.0675 3376  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:52:30.0715 3376  WcsPlugInService - ok
11:52:30.0755 3376  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:52:30.0765 3376  Wd - ok
11:52:30.0795 3376  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:52:30.0815 3376  Wdf01000 - ok
11:52:30.0835 3376  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:52:30.0865 3376  WdiServiceHost - ok
11:52:30.0875 3376  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:52:30.0885 3376  WdiSystemHost - ok
11:52:30.0925 3376  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
11:52:30.0985 3376  WebClient - ok
11:52:31.0005 3376  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:52:31.0035 3376  Wecsvc - ok
11:52:31.0045 3376  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:52:31.0085 3376  wercplsupport - ok
11:52:31.0115 3376  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:52:31.0135 3376  WerSvc - ok
11:52:31.0175 3376  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:31.0195 3376  WfpLwf - ok
11:52:31.0205 3376  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:52:31.0215 3376  WIMMount - ok
11:52:31.0225 3376  WinHttpAutoProxySvc - ok
11:52:31.0305 3376  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:52:31.0335 3376  Winmgmt - ok
11:52:31.0385 3376  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:52:31.0455 3376  WinRM - ok
11:52:31.0505 3376  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:52:31.0535 3376  Wlansvc - ok
11:52:31.0545 3376  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:52:31.0555 3376  WmiAcpi - ok
11:52:31.0595 3376  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:52:31.0625 3376  wmiApSrv - ok
11:52:31.0685 3376  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:52:31.0755 3376  WMPNetworkSvc - ok
11:52:31.0785 3376  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:52:31.0805 3376  WPCSvc - ok
11:52:31.0815 3376  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:52:31.0835 3376  WPDBusEnum - ok
11:52:31.0855 3376  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:52:31.0895 3376  ws2ifsl - ok
11:52:31.0905 3376  WSearch - ok
11:52:31.0935 3376  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:52:31.0975 3376  WudfPf - ok
11:52:32.0005 3376  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:32.0035 3376  WUDFRd - ok
11:52:32.0045 3376  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:52:32.0085 3376  wudfsvc - ok
11:52:32.0155 3376  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:52:32.0185 3376  WwanSvc - ok
11:52:32.0195 3376  ================ Scan global ===============================
11:52:32.0245 3376  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
11:52:32.0285 3376  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
11:52:32.0295 3376  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
11:52:32.0335 3376  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:52:32.0355 3376  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:52:32.0355 3376  [Global] - ok
11:52:32.0365 3376  ================ Scan MBR ==================================
11:52:32.0375 3376  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:52:32.0665 3376  \Device\Harddisk0\DR0 - ok
11:52:32.0665 3376  ================ Scan VBR ==================================
11:52:32.0665 3376  [ 14EFABAB0569D2C740D249759F92DC5E ] \Device\Harddisk0\DR0\Partition1
11:52:32.0665 3376  \Device\Harddisk0\DR0\Partition1 - ok
11:52:32.0695 3376  [ 504AF3E3E13403BB8E3398252F8F29E6 ] \Device\Harddisk0\DR0\Partition2
11:52:32.0695 3376  \Device\Harddisk0\DR0\Partition2 - ok
11:52:32.0705 3376  ============================================================
11:52:32.0705 3376  Scan finished
11:52:32.0705 3376  ============================================================
11:52:32.0715 2240  Detected object count: 1
11:52:32.0715 2240  Actual detected object count: 1
11:53:05.0705 2240  cdrom ( Virus.Win32.ZAccess.k ) - skipped by user
11:53:05.0705 2240  cdrom ( Virus.Win32.ZAccess.k ) - User select action: Skip 
11:53:27.0625 3696  Deinitialize success
         


Geändert von red_angel (28.05.2013 um 11:06 Uhr)

Alt 28.05.2013, 11:08   #6
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



ok, konfiguriere wie eben, wähle, wenn möglich, cure, sonst delete.
Dann neustarten und erneut nach den Einstellungen scannen, Log posten
__________________
--> System Anti Virus

Alt 28.05.2013, 11:16   #7
red_angel
 
System Anti Virus - Standard

System Anti Virus



OK...

Code:
ATTFilter
12:12:26.0186 2380  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:12:26.0342 2380  ============================================================
12:12:26.0342 2380  Current date / time: 2013/05/28 12:12:26.0342
12:12:26.0342 2380  SystemInfo:
12:12:26.0342 2380  
12:12:26.0342 2380  OS Version: 6.1.7600 ServicePack: 0.0
12:12:26.0342 2380  Product type: Workstation
12:12:26.0342 2380  ComputerName: PC-RAUM-1
12:12:26.0342 2380  UserName: Dozent
12:12:26.0342 2380  Windows directory: C:\Windows
12:12:26.0342 2380  System windows directory: C:\Windows
12:12:26.0342 2380  Processor architecture: Intel x86
12:12:26.0342 2380  Number of processors: 2
12:12:26.0342 2380  Page size: 0x1000
12:12:26.0342 2380  Boot type: Normal boot
12:12:26.0342 2380  ============================================================
12:12:27.0090 2380  BG loaded
12:12:27.0418 2380  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x11EE4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
12:12:27.0418 2380  ============================================================
12:12:27.0418 2380  \Device\Harddisk0\DR0:
12:12:27.0418 2380  MBR partitions:
12:12:27.0418 2380  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:12:27.0418 2380  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
12:12:27.0418 2380  ============================================================
12:12:27.0449 2380  C: <-> \Device\Harddisk0\DR0\Partition2
12:12:27.0449 2380  ============================================================
12:12:27.0449 2380  Initialize success
12:12:27.0449 2380  ============================================================
12:12:39.0929 2472  ============================================================
12:12:39.0929 2472  Scan started
12:12:39.0929 2472  Mode: Manual; SigCheck; TDLFS; 
12:12:39.0929 2472  ============================================================
12:12:41.0692 2472  ================ Scan system memory ========================
12:12:41.0692 2472  System memory - ok
12:12:41.0692 2472  ================ Scan services =============================
12:12:41.0895 2472  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:12:42.0020 2472  1394ohci - ok
12:12:42.0051 2472  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
12:12:42.0066 2472  ACPI - ok
12:12:42.0082 2472  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
12:12:42.0144 2472  AcpiPmi - ok
12:12:42.0191 2472  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:12:42.0207 2472  adp94xx - ok
12:12:42.0238 2472  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:12:42.0254 2472  adpahci - ok
12:12:42.0269 2472  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:12:42.0285 2472  adpu320 - ok
12:12:42.0316 2472  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:12:42.0363 2472  AeLookupSvc - ok
12:12:42.0410 2472  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
12:12:42.0456 2472  AFD - ok
12:12:42.0472 2472  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
12:12:42.0488 2472  agp440 - ok
12:12:42.0503 2472  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:12:42.0519 2472  aic78xx - ok
12:12:42.0534 2472  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:12:42.0597 2472  ALG - ok
12:12:42.0612 2472  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
12:12:42.0628 2472  aliide - ok
12:12:42.0644 2472  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
12:12:42.0659 2472  amdagp - ok
12:12:42.0675 2472  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
12:12:42.0690 2472  amdide - ok
12:12:42.0706 2472  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:12:42.0737 2472  AmdK8 - ok
12:12:42.0768 2472  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:12:42.0800 2472  AmdPPM - ok
12:12:42.0846 2472  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:12:42.0862 2472  amdsata - ok
12:12:42.0878 2472  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:12:42.0893 2472  amdsbs - ok
12:12:42.0924 2472  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:12:42.0940 2472  amdxata - ok
12:12:42.0956 2472  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
12:12:43.0018 2472  AppID - ok
12:12:43.0049 2472  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:12:43.0143 2472  AppIDSvc - ok
12:12:43.0174 2472  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
12:12:43.0221 2472  Appinfo - ok
12:12:43.0252 2472  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:12:43.0252 2472  arc - ok
12:12:43.0283 2472  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:12:43.0299 2472  arcsas - ok
12:12:43.0314 2472  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:12:43.0424 2472  AsyncMac - ok
12:12:43.0439 2472  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:12:43.0455 2472  atapi - ok
12:12:43.0470 2472  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:12:43.0517 2472  AudioEndpointBuilder - ok
12:12:43.0548 2472  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:12:43.0580 2472  Audiosrv - ok
12:12:43.0595 2472  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:12:43.0658 2472  AxInstSV - ok
12:12:43.0689 2472  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:12:43.0751 2472  b06bdrv - ok
12:12:43.0767 2472  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:12:43.0798 2472  b57nd60x - ok
12:12:43.0829 2472  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:12:43.0892 2472  BDESVC - ok
12:12:43.0923 2472  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:12:43.0938 2472  Beep - ok
12:12:43.0970 2472  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:12:44.0001 2472  blbdrive - ok
12:12:44.0032 2472  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:12:44.0048 2472  bowser - ok
12:12:44.0063 2472  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:12:44.0094 2472  BrFiltLo - ok
12:12:44.0126 2472  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:12:44.0157 2472  BrFiltUp - ok
12:12:44.0188 2472  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
12:12:44.0235 2472  Browser - ok
12:12:44.0266 2472  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:12:44.0313 2472  Brserid - ok
12:12:44.0344 2472  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:12:44.0375 2472  BrSerWdm - ok
12:12:44.0391 2472  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:12:44.0422 2472  BrUsbMdm - ok
12:12:44.0438 2472  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:12:44.0469 2472  BrUsbSer - ok
12:12:44.0484 2472  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:12:44.0531 2472  BTHMODEM - ok
12:12:44.0562 2472  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:12:44.0625 2472  bthserv - ok
12:12:44.0672 2472  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:12:44.0718 2472  cdfs - ok
12:12:44.0734 2472  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:12:44.0765 2472  cdrom - ok
12:12:44.0828 2472  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:12:44.0859 2472  CertPropSvc - ok
12:12:44.0890 2472  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:12:44.0906 2472  circlass - ok
12:12:44.0921 2472  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:12:44.0937 2472  CLFS - ok
12:12:44.0984 2472  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:44.0999 2472  clr_optimization_v2.0.50727_32 - ok
12:12:45.0062 2472  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:45.0093 2472  clr_optimization_v4.0.30319_32 - ok
12:12:45.0124 2472  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:12:45.0140 2472  CmBatt - ok
12:12:45.0155 2472  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
12:12:45.0171 2472  cmdide - ok
12:12:45.0202 2472  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:12:45.0249 2472  CNG - ok
12:12:45.0264 2472  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:12:45.0264 2472  Compbatt - ok
12:12:45.0280 2472  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:12:45.0311 2472  CompositeBus - ok
12:12:45.0311 2472  COMSysApp - ok
12:12:45.0389 2472  cpuz132 - ok
12:12:45.0405 2472  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:12:45.0420 2472  crcdisk - ok
12:12:45.0452 2472  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:12:45.0514 2472  CryptSvc - ok
12:12:45.0545 2472  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:12:45.0608 2472  DcomLaunch - ok
12:12:45.0639 2472  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:12:45.0686 2472  defragsvc - ok
12:12:45.0732 2472  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:12:45.0779 2472  DfsC - ok
12:12:45.0810 2472  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:12:45.0873 2472  Dhcp - ok
12:12:45.0904 2472  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:12:45.0935 2472  discache - ok
12:12:45.0982 2472  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:12:45.0998 2472  Disk - ok
12:12:46.0029 2472  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:12:46.0076 2472  Dnscache - ok
12:12:46.0107 2472  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:12:46.0138 2472  dot3svc - ok
12:12:46.0185 2472  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
12:12:46.0232 2472  DPS - ok
12:12:46.0247 2472  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:12:46.0294 2472  drmkaud - ok
12:12:46.0325 2472  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:12:46.0356 2472  DXGKrnl - ok
12:12:46.0388 2472  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:12:46.0419 2472  EapHost - ok
12:12:46.0481 2472  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:12:46.0575 2472  ebdrv - ok
12:12:46.0622 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
12:12:46.0684 2472  EFS - ok
12:12:46.0731 2472  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:12:46.0778 2472  ehRecvr - ok
12:12:46.0793 2472  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:12:46.0856 2472  ehSched - ok
12:12:46.0871 2472  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:12:46.0902 2472  elxstor - ok
12:12:46.0918 2472  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
12:12:46.0934 2472  ErrDev - ok
12:12:46.0996 2472  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:12:47.0074 2472  EventSystem - ok
12:12:47.0105 2472  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:12:47.0152 2472  exfat - ok
12:12:47.0183 2472  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:12:47.0214 2472  fastfat - ok
12:12:47.0230 2472  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
12:12:47.0277 2472  Fax - ok
12:12:47.0292 2472  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:12:47.0324 2472  fdc - ok
12:12:47.0355 2472  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:12:47.0386 2472  fdPHost - ok
12:12:47.0402 2472  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:12:47.0448 2472  FDResPub - ok
12:12:47.0480 2472  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:12:47.0495 2472  FileInfo - ok
12:12:47.0511 2472  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:12:47.0526 2472  Filetrace - ok
12:12:47.0542 2472  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:12:47.0558 2472  flpydisk - ok
12:12:47.0589 2472  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:12:47.0604 2472  FltMgr - ok
12:12:47.0651 2472  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
12:12:47.0698 2472  FontCache - ok
12:12:47.0760 2472  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:47.0760 2472  FontCache3.0.0.0 - ok
12:12:47.0823 2472  [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:12:47.0854 2472  ForceWare Intelligent Application Manager (IAM) - ok
12:12:47.0901 2472  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:12:47.0901 2472  FsDepends - ok
12:12:47.0932 2472  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:12:47.0948 2472  Fs_Rec - ok
12:12:47.0979 2472  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:12:47.0994 2472  fvevol - ok
12:12:47.0994 2472  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:12:48.0010 2472  gagp30kx - ok
12:12:48.0041 2472  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
12:12:48.0088 2472  gpsvc - ok
12:12:48.0119 2472  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:12:48.0166 2472  hcw85cir - ok
12:12:48.0197 2472  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:12:48.0228 2472  HdAudAddService - ok
12:12:48.0244 2472  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:12:48.0275 2472  HDAudBus - ok
12:12:48.0291 2472  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:12:48.0322 2472  HidBatt - ok
12:12:48.0353 2472  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:12:48.0369 2472  HidBth - ok
12:12:48.0384 2472  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:12:48.0416 2472  HidIr - ok
12:12:48.0447 2472  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:12:48.0478 2472  hidserv - ok
12:12:48.0494 2472  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:12:48.0509 2472  HidUsb - ok
12:12:48.0525 2472  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:12:48.0572 2472  hkmsvc - ok
12:12:48.0587 2472  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:12:48.0603 2472  HomeGroupListener - ok
12:12:48.0634 2472  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:12:48.0665 2472  HomeGroupProvider - ok
12:12:48.0696 2472  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
12:12:48.0712 2472  HpSAMD - ok
12:12:48.0728 2472  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:12:48.0774 2472  HTTP - ok
12:12:48.0868 2472  [ ADFA0D6F486612EEB13E86AEC7D2A25D ] HWiNFO32        C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS
12:12:48.0868 2472  HWiNFO32 - ok
12:12:48.0899 2472  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:12:48.0915 2472  hwpolicy - ok
12:12:48.0930 2472  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:12:48.0946 2472  i8042prt - ok
12:12:48.0993 2472  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:12:49.0008 2472  iaStorV - ok
12:12:49.0040 2472  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:12:49.0071 2472  idsvc - ok
12:12:49.0086 2472  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:12:49.0102 2472  iirsp - ok
12:12:49.0133 2472  [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
12:12:49.0149 2472  IJPLMSVC - ok
12:12:49.0180 2472  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:12:49.0227 2472  IKEEXT - ok
12:12:49.0320 2472  [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:12:49.0398 2472  IntcAzAudAddService - ok
12:12:49.0430 2472  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
12:12:49.0430 2472  intelide - ok
12:12:49.0461 2472  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:12:49.0492 2472  intelppm - ok
12:12:49.0523 2472  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:12:49.0570 2472  IPBusEnum - ok
12:12:49.0586 2472  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:12:49.0632 2472  IpFilterDriver - ok
12:12:49.0664 2472  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:12:49.0679 2472  IPMIDRV - ok
12:12:49.0695 2472  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:12:49.0726 2472  IPNAT - ok
12:12:49.0773 2472  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:12:49.0788 2472  IRENUM - ok
12:12:49.0788 2472  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
12:12:49.0835 2472  isapnp - ok
12:12:49.0851 2472  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:12:49.0866 2472  iScsiPrt - ok
12:12:49.0882 2472  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:12:49.0898 2472  kbdclass - ok
12:12:49.0913 2472  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:12:49.0960 2472  kbdhid - ok
12:12:49.0960 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
12:12:49.0976 2472  KeyIso - ok
12:12:50.0007 2472  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:12:50.0022 2472  KSecDD - ok
12:12:50.0054 2472  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:12:50.0069 2472  KSecPkg - ok
12:12:50.0116 2472  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:12:50.0178 2472  KtmRm - ok
12:12:50.0225 2472  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:12:50.0256 2472  LanmanServer - ok
12:12:50.0272 2472  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:12:50.0303 2472  LanmanWorkstation - ok
12:12:50.0350 2472  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:12:50.0381 2472  lltdio - ok
12:12:50.0412 2472  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:12:50.0444 2472  lltdsvc - ok
12:12:50.0475 2472  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:12:50.0506 2472  lmhosts - ok
12:12:50.0537 2472  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:12:50.0553 2472  LSI_FC - ok
12:12:50.0584 2472  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:12:50.0600 2472  LSI_SAS - ok
12:12:50.0600 2472  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:12:50.0615 2472  LSI_SAS2 - ok
12:12:50.0615 2472  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:12:50.0631 2472  LSI_SCSI - ok
12:12:50.0646 2472  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:12:50.0693 2472  luafv - ok
12:12:50.0756 2472  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:12:50.0756 2472  MBAMProtector - ok
12:12:50.0834 2472  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:12:50.0865 2472  MBAMScheduler - ok
12:12:50.0896 2472  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:12:50.0912 2472  MBAMService - ok
12:12:50.0974 2472  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:12:50.0990 2472  Mcx2Svc - ok
12:12:51.0005 2472  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:12:51.0021 2472  megasas - ok
12:12:51.0036 2472  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:12:51.0052 2472  MegaSR - ok
12:12:51.0083 2472  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:12:51.0130 2472  MMCSS - ok
12:12:51.0161 2472  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:12:51.0192 2472  Modem - ok
12:12:51.0224 2472  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:12:51.0255 2472  monitor - ok
12:12:51.0286 2472  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:12:51.0286 2472  mouclass - ok
12:12:51.0302 2472  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:12:51.0333 2472  mouhid - ok
12:12:51.0364 2472  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:12:51.0380 2472  mountmgr - ok
12:12:51.0411 2472  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:12:51.0426 2472  MozillaMaintenance - ok
12:12:51.0458 2472  [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:12:51.0473 2472  MpFilter - ok
12:12:51.0504 2472  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
12:12:51.0504 2472  mpio - ok
12:12:51.0567 2472  MpKsl0128d60a - ok
12:12:51.0567 2472  MpKsl0b0b7015 - ok
12:12:51.0582 2472  MpKsl0f5e3759 - ok
12:12:51.0582 2472  MpKsl2013e79b - ok
12:12:51.0598 2472  MpKsl35d48099 - ok
12:12:51.0598 2472  MpKsl6a532c04 - ok
12:12:51.0614 2472  MpKsl7237ef53 - ok
12:12:51.0614 2472  MpKsl7b710871 - ok
12:12:51.0629 2472  MpKsl9f126476 - ok
12:12:51.0629 2472  MpKslb0fa1f9a - ok
12:12:51.0645 2472  MpKslccbc9a8b - ok
12:12:51.0645 2472  MpKslcf90afa7 - ok
12:12:51.0660 2472  MpKsld6d4cfda - ok
12:12:51.0660 2472  MpKsle2e68444 - ok
12:12:51.0692 2472  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:12:51.0754 2472  mpsdrv - ok
12:12:51.0785 2472  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:12:51.0816 2472  MRxDAV - ok
12:12:51.0832 2472  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:12:51.0863 2472  mrxsmb - ok
12:12:51.0894 2472  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:12:51.0926 2472  mrxsmb10 - ok
12:12:51.0957 2472  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:12:51.0957 2472  mrxsmb20 - ok
12:12:51.0972 2472  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
12:12:51.0988 2472  msahci - ok
12:12:52.0004 2472  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
12:12:52.0019 2472  msdsm - ok
12:12:52.0050 2472  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:12:52.0082 2472  MSDTC - ok
12:12:52.0113 2472  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:12:52.0144 2472  Msfs - ok
12:12:52.0160 2472  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:12:52.0191 2472  mshidkmdf - ok
12:12:52.0222 2472  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
12:12:52.0222 2472  msisadrv - ok
12:12:52.0253 2472  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:12:52.0300 2472  MSiSCSI - ok
12:12:52.0300 2472  msiserver - ok
12:12:52.0331 2472  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:12:52.0378 2472  MSKSSRV - ok
12:12:52.0409 2472  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:12:52.0440 2472  MSPCLOCK - ok
12:12:52.0472 2472  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:12:52.0503 2472  MSPQM - ok
12:12:52.0534 2472  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:12:52.0550 2472  MsRPC - ok
12:12:52.0565 2472  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:12:52.0565 2472  mssmbios - ok
12:12:52.0581 2472  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:12:52.0612 2472  MSTEE - ok
12:12:52.0612 2472  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:12:52.0628 2472  MTConfig - ok
12:12:52.0643 2472  [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:12:52.0690 2472  MTsensor - ok
12:12:52.0721 2472  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:12:52.0721 2472  Mup - ok
12:12:52.0752 2472  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
12:12:52.0799 2472  napagent - ok
12:12:52.0830 2472  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:12:52.0877 2472  NativeWifiP - ok
12:12:52.0924 2472  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:12:52.0955 2472  NDIS - ok
12:12:52.0971 2472  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:12:53.0018 2472  NdisCap - ok
12:12:53.0033 2472  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:12:53.0064 2472  NdisTapi - ok
12:12:53.0080 2472  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:12:53.0096 2472  Ndisuio - ok
12:12:53.0127 2472  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:12:53.0142 2472  NdisWan - ok
12:12:53.0158 2472  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:12:53.0220 2472  NDProxy - ok
12:12:53.0236 2472  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:12:53.0283 2472  NetBIOS - ok
12:12:53.0314 2472  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:12:53.0345 2472  NetBT - ok
12:12:53.0376 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
12:12:53.0392 2472  Netlogon - ok
12:12:53.0423 2472  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:12:53.0486 2472  Netman - ok
12:12:53.0517 2472  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:12:53.0532 2472  netprofm - ok
12:12:53.0564 2472  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:12:53.0579 2472  NetTcpPortSharing - ok
12:12:53.0595 2472  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:12:53.0626 2472  nfrd960 - ok
12:12:53.0657 2472  [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:12:53.0688 2472  NisDrv - ok
12:12:53.0720 2472  [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
12:12:53.0735 2472  NisSrv - ok
12:12:53.0829 2472  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:12:53.0891 2472  NlaSvc - ok
12:12:53.0922 2472  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:12:53.0938 2472  Npfs - ok
12:12:53.0954 2472  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:12:53.0969 2472  nsi - ok
12:12:53.0985 2472  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:12:54.0032 2472  nsiproxy - ok
12:12:54.0078 2472  [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:12:54.0094 2472  nSvcIp - ok
12:12:54.0188 2472  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:12:54.0219 2472  Ntfs - ok
12:12:54.0250 2472  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:12:54.0281 2472  Null - ok
12:12:54.0312 2472  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:12:54.0328 2472  NVENETFD - ok
12:12:54.0827 2472  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:12:55.0108 2472  nvlddmkm - ok
12:12:55.0155 2472  [ D22E432E402499AC264A113D7168B91F ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
12:12:55.0264 2472  NVNET - ok
12:12:55.0280 2472  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:12:55.0311 2472  nvraid - ok
12:12:55.0326 2472  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:12:55.0326 2472  nvstor - ok
12:12:55.0358 2472  [ 92A8601DDFA4A926FE629FA12CB2BC61 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
12:12:55.0358 2472  nvstor32 - ok
12:12:55.0404 2472  [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:12:55.0420 2472  nvsvc - ok
12:12:55.0436 2472  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
12:12:55.0451 2472  nv_agp - ok
12:12:55.0514 2472  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:12:55.0529 2472  odserv - ok
12:12:55.0545 2472  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:12:55.0576 2472  ohci1394 - ok
12:12:55.0607 2472  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:55.0623 2472  ose - ok
12:12:55.0685 2472  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:12:55.0748 2472  p2pimsvc - ok
12:12:55.0779 2472  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:12:55.0794 2472  p2psvc - ok
12:12:55.0841 2472  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:12:55.0888 2472  Parport - ok
12:12:55.0919 2472  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:12:55.0919 2472  partmgr - ok
12:12:55.0935 2472  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:12:55.0966 2472  Parvdm - ok
12:12:55.0982 2472  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:12:55.0997 2472  PcaSvc - ok
12:12:56.0028 2472  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
12:12:56.0044 2472  pci - ok
12:12:56.0044 2472  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
12:12:56.0060 2472  pciide - ok
12:12:56.0091 2472  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:12:56.0106 2472  pcmcia - ok
12:12:56.0122 2472  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:12:56.0138 2472  pcw - ok
12:12:56.0169 2472  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:12:56.0200 2472  PEAUTH - ok
12:12:56.0247 2472  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
12:12:56.0325 2472  pla - ok
12:12:56.0418 2472  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:12:56.0450 2472  PlugPlay - ok
12:12:56.0481 2472  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:12:56.0496 2472  PNRPAutoReg - ok
12:12:56.0528 2472  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:12:56.0543 2472  PNRPsvc - ok
12:12:56.0574 2472  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:12:56.0621 2472  PolicyAgent - ok
12:12:56.0652 2472  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
12:12:56.0699 2472  Power - ok
12:12:56.0715 2472  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:12:56.0762 2472  PptpMiniport - ok
12:12:56.0793 2472  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:12:56.0824 2472  Processor - ok
12:12:56.0855 2472  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
12:12:56.0918 2472  ProfSvc - ok
12:12:56.0933 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:12:56.0933 2472  ProtectedStorage - ok
12:12:56.0964 2472  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:12:56.0980 2472  Psched - ok
12:12:57.0027 2472  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:12:57.0074 2472  ql2300 - ok
12:12:57.0089 2472  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:12:57.0105 2472  ql40xx - ok
12:12:57.0152 2472  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:12:57.0198 2472  QWAVE - ok
12:12:57.0230 2472  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:12:57.0230 2472  QWAVEdrv - ok
12:12:57.0245 2472  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:12:57.0292 2472  RasAcd - ok
12:12:57.0339 2472  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:12:57.0370 2472  RasAgileVpn - ok
12:12:57.0401 2472  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:12:57.0448 2472  RasAuto - ok
12:12:57.0479 2472  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:12:57.0526 2472  Rasl2tp - ok
12:12:57.0573 2472  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
12:12:57.0588 2472  RasMan - ok
12:12:57.0604 2472  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:12:57.0651 2472  RasPppoe - ok
12:12:57.0682 2472  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:12:57.0713 2472  RasSstp - ok
12:12:57.0729 2472  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:12:57.0760 2472  rdbss - ok
12:12:57.0791 2472  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:12:57.0807 2472  rdpbus - ok
12:12:57.0822 2472  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:12:57.0854 2472  RDPCDD - ok
12:12:57.0854 2472  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:12:57.0885 2472  RDPENCDD - ok
12:12:57.0900 2472  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:12:57.0916 2472  RDPREFMP - ok
12:12:57.0947 2472  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:12:57.0994 2472  RDPWD - ok
12:12:58.0041 2472  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:12:58.0041 2472  rdyboost - ok
12:12:58.0088 2472  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:12:58.0134 2472  RemoteAccess - ok
12:12:58.0181 2472  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:12:58.0212 2472  RemoteRegistry - ok
12:12:58.0244 2472  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:12:58.0290 2472  RpcEptMapper - ok
12:12:58.0306 2472  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:12:58.0337 2472  RpcLocator - ok
12:12:58.0368 2472  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
12:12:58.0384 2472  RpcSs - ok
12:12:58.0415 2472  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:12:58.0462 2472  rspndr - ok
12:12:58.0493 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
12:12:58.0493 2472  SamSs - ok
12:12:58.0509 2472  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
12:12:58.0524 2472  sbp2port - ok
12:12:58.0556 2472  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:12:58.0571 2472  SCardSvr - ok
12:12:58.0587 2472  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:12:58.0618 2472  scfilter - ok
12:12:58.0649 2472  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
12:12:58.0743 2472  Schedule - ok
12:12:58.0774 2472  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:12:58.0805 2472  SCPolicySvc - ok
12:12:58.0836 2472  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:12:58.0883 2472  SDRSVC - ok
12:12:58.0914 2472  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:12:58.0961 2472  secdrv - ok
12:12:58.0992 2472  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:12:59.0024 2472  seclogon - ok
12:12:59.0055 2472  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:12:59.0086 2472  SENS - ok
12:12:59.0117 2472  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:12:59.0164 2472  SensrSvc - ok
12:12:59.0180 2472  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:12:59.0180 2472  Serenum - ok
12:12:59.0195 2472  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:12:59.0226 2472  Serial - ok
12:12:59.0258 2472  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:12:59.0273 2472  sermouse - ok
12:12:59.0289 2472  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
12:12:59.0336 2472  SessionEnv - ok
12:12:59.0367 2472  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:12:59.0398 2472  sffdisk - ok
12:12:59.0414 2472  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:12:59.0445 2472  sffp_mmc - ok
12:12:59.0476 2472  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:12:59.0492 2472  sffp_sd - ok
12:12:59.0523 2472  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:12:59.0538 2472  sfloppy - ok
12:12:59.0570 2472  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:12:59.0601 2472  ShellHWDetection - ok
12:12:59.0632 2472  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
12:12:59.0648 2472  sisagp - ok
12:12:59.0648 2472  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:12:59.0663 2472  SiSRaid2 - ok
12:12:59.0679 2472  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:12:59.0679 2472  SiSRaid4 - ok
12:12:59.0694 2472  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:12:59.0741 2472  Smb - ok
12:12:59.0772 2472  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:12:59.0772 2472  SNMPTRAP - ok
12:12:59.0804 2472  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:12:59.0804 2472  spldr - ok
12:12:59.0835 2472  [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler         C:\Windows\System32\spoolsv.exe
12:12:59.0882 2472  Spooler - ok
12:12:59.0960 2472  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:13:00.0053 2472  sppsvc - ok
12:13:00.0084 2472  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:13:00.0116 2472  sppuinotify - ok
12:13:00.0147 2472  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:13:00.0162 2472  srv - ok
12:13:00.0209 2472  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:13:00.0225 2472  srv2 - ok
12:13:00.0272 2472  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:13:00.0303 2472  srvnet - ok
12:13:00.0334 2472  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:13:00.0381 2472  SSDPSRV - ok
12:13:00.0396 2472  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:13:00.0428 2472  SstpSvc - ok
12:13:00.0474 2472  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:13:00.0490 2472  stexstor - ok
12:13:00.0537 2472  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:13:00.0568 2472  StiSvc - ok
12:13:00.0599 2472  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:13:00.0599 2472  swenum - ok
12:13:00.0615 2472  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:13:00.0646 2472  swprv - ok
12:13:00.0677 2472  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
12:13:00.0724 2472  SysMain - ok
12:13:00.0740 2472  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:00.0771 2472  TabletInputService - ok
12:13:00.0786 2472  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:13:00.0833 2472  TapiSrv - ok
12:13:00.0880 2472  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:13:00.0911 2472  TBS - ok
12:13:00.0974 2472  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:13:01.0020 2472  Tcpip - ok
12:13:01.0036 2472  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:13:01.0067 2472  TCPIP6 - ok
12:13:01.0083 2472  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:13:01.0130 2472  tcpipreg - ok
12:13:01.0161 2472  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:13:01.0208 2472  TDPIPE - ok
12:13:01.0239 2472  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:13:01.0270 2472  TDTCP - ok
12:13:01.0286 2472  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:13:01.0332 2472  tdx - ok
12:13:01.0364 2472  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:13:01.0364 2472  TermDD - ok
12:13:01.0395 2472  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
12:13:01.0457 2472  TermService - ok
12:13:01.0473 2472  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:13:01.0488 2472  Themes - ok
12:13:01.0504 2472  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:13:01.0520 2472  THREADORDER - ok
12:13:01.0551 2472  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:13:01.0613 2472  TrkWks - ok
12:13:01.0660 2472  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:01.0691 2472  TrustedInstaller - ok
12:13:01.0722 2472  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:01.0769 2472  tssecsrv - ok
12:13:01.0816 2472  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:13:01.0863 2472  tunnel - ok
12:13:01.0894 2472  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:13:01.0910 2472  uagp35 - ok
12:13:01.0941 2472  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:13:01.0972 2472  udfs - ok
12:13:01.0988 2472  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:13:02.0019 2472  UI0Detect - ok
12:13:02.0050 2472  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
12:13:02.0066 2472  uliagpkx - ok
12:13:02.0066 2472  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:13:02.0081 2472  umbus - ok
12:13:02.0097 2472  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:13:02.0128 2472  UmPass - ok
12:13:02.0159 2472  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:13:02.0206 2472  upnphost - ok
12:13:02.0237 2472  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
12:13:02.0284 2472  usbccgp - ok
12:13:02.0315 2472  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:13:02.0346 2472  usbcir - ok
12:13:02.0378 2472  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:13:02.0393 2472  usbehci - ok
12:13:02.0409 2472  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:13:02.0424 2472  usbhub - ok
12:13:02.0440 2472  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:13:02.0471 2472  usbohci - ok
12:13:02.0502 2472  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:13:02.0518 2472  usbprint - ok
12:13:02.0549 2472  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:13:02.0580 2472  usbscan - ok
12:13:02.0596 2472  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:02.0643 2472  USBSTOR - ok
12:13:02.0658 2472  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:13:02.0690 2472  usbuhci - ok
12:13:02.0736 2472  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:13:02.0752 2472  UxSms - ok
12:13:02.0768 2472  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
12:13:02.0768 2472  VaultSvc - ok
12:13:02.0799 2472  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
12:13:02.0799 2472  vdrvroot - ok
12:13:02.0861 2472  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
12:13:02.0892 2472  vds - ok
12:13:02.0924 2472  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:02.0955 2472  vga - ok
12:13:02.0986 2472  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:13:03.0002 2472  VgaSave - ok
12:13:03.0017 2472  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
12:13:03.0033 2472  vhdmp - ok
12:13:03.0064 2472  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
12:13:03.0064 2472  viaagp - ok
12:13:03.0080 2472  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:13:03.0111 2472  ViaC7 - ok
12:13:03.0126 2472  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
12:13:03.0142 2472  viaide - ok
12:13:03.0158 2472  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
12:13:03.0173 2472  volmgr - ok
12:13:03.0189 2472  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:13:03.0204 2472  volmgrx - ok
12:13:03.0220 2472  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
12:13:03.0236 2472  volsnap - ok
12:13:03.0236 2472  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:13:03.0251 2472  vsmraid - ok
12:13:03.0298 2472  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
12:13:03.0345 2472  VSS - ok
12:13:03.0376 2472  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:13:03.0392 2472  vwifibus - ok
12:13:03.0407 2472  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:13:03.0454 2472  W32Time - ok
12:13:03.0470 2472  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:13:03.0485 2472  WacomPen - ok
12:13:03.0501 2472  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:13:03.0516 2472  WANARP - ok
12:13:03.0532 2472  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:13:03.0548 2472  Wanarpv6 - ok
12:13:03.0610 2472  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:03.0657 2472  WatAdminSvc - ok
12:13:03.0688 2472  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
12:13:03.0782 2472  wbengine - ok
12:13:03.0797 2472  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:13:03.0813 2472  WbioSrvc - ok
12:13:03.0875 2472  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:13:03.0891 2472  wcncsvc - ok
12:13:03.0906 2472  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:03.0969 2472  WcsPlugInService - ok
12:13:04.0000 2472  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:13:04.0016 2472  Wd - ok
12:13:04.0047 2472  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:13:04.0062 2472  Wdf01000 - ok
12:13:04.0078 2472  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:13:04.0125 2472  WdiServiceHost - ok
12:13:04.0125 2472  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:13:04.0140 2472  WdiSystemHost - ok
12:13:04.0203 2472  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
12:13:04.0250 2472  WebClient - ok
12:13:04.0281 2472  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:13:04.0296 2472  Wecsvc - ok
12:13:04.0312 2472  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:13:04.0359 2472  wercplsupport - ok
12:13:04.0390 2472  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:13:04.0406 2472  WerSvc - ok
12:13:04.0437 2472  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:04.0452 2472  WfpLwf - ok
12:13:04.0468 2472  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:13:04.0484 2472  WIMMount - ok
12:13:04.0499 2472  WinHttpAutoProxySvc - ok
12:13:04.0562 2472  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:13:04.0593 2472  Winmgmt - ok
12:13:04.0718 2472  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:13:04.0796 2472  WinRM - ok
12:13:04.0983 2472  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:13:05.0014 2472  Wlansvc - ok
12:13:05.0030 2472  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:13:05.0045 2472  WmiAcpi - ok
12:13:05.0076 2472  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:13:05.0108 2472  wmiApSrv - ok
12:13:05.0170 2472  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:13:05.0248 2472  WMPNetworkSvc - ok
12:13:05.0279 2472  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:13:05.0295 2472  WPCSvc - ok
12:13:05.0295 2472  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:13:05.0310 2472  WPDBusEnum - ok
12:13:05.0342 2472  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:13:05.0373 2472  ws2ifsl - ok
12:13:05.0373 2472  WSearch - ok
12:13:05.0404 2472  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:13:05.0466 2472  WudfPf - ok
12:13:05.0498 2472  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:05.0513 2472  WUDFRd - ok
12:13:05.0544 2472  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:13:05.0560 2472  wudfsvc - ok
12:13:05.0591 2472  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:13:05.0607 2472  WwanSvc - ok
12:13:05.0607 2472  ================ Scan global ===============================
12:13:05.0669 2472  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:13:05.0700 2472  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:13:05.0716 2472  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:13:05.0763 2472  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:13:05.0778 2472  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:13:05.0778 2472  [Global] - ok
12:13:05.0794 2472  ================ Scan MBR ==================================
12:13:05.0794 2472  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:13:06.0527 2472  \Device\Harddisk0\DR0 - ok
12:13:06.0543 2472  ================ Scan VBR ==================================
12:13:06.0543 2472  [ 14EFABAB0569D2C740D249759F92DC5E ] \Device\Harddisk0\DR0\Partition1
12:13:06.0558 2472  \Device\Harddisk0\DR0\Partition1 - ok
12:13:06.0574 2472  [ 504AF3E3E13403BB8E3398252F8F29E6 ] \Device\Harddisk0\DR0\Partition2
12:13:06.0574 2472  \Device\Harddisk0\DR0\Partition2 - ok
12:13:06.0574 2472  ============================================================
12:13:06.0574 2472  Scan finished
12:13:06.0574 2472  ============================================================
12:13:06.0590 2464  Detected object count: 0
12:13:06.0590 2464  Actual detected object count: 0
         

Alt 28.05.2013, 11:18   #8
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



Hi,
nutzt du den PC fürs onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 11:33   #9
red_angel
 
System Anti Virus - Standard

System Anti Virus



Ja, ich habe ihn vor Kurzem noch ab und an zu solchen Zwecken genutzt. Dann konnte ich aber nicht mehr in meinen ebay Account. Mein Username wurde durch seltsame, teils chinesische Zeichen, dargestellt. Und nach Eingabe des Passworts kam ich zwar auf die Startseite, doch bei dem Versuch, in "mein Ebay" o.ä. zu kommen, sollte ich immer wieder mein Passwort eingeben.
Als ich einmal online Banking machen wollte, stand auf der Startseite ein Hinweis, es gäbe eine neue Sicherheitsüberprüfung, die einige Sekunden (oder Minuten) dauern würde. Danach wurde ich gebeten, eine Testüberweisung auf ein angegebenes Konto zu tätigen.
Seitdem habe ich weder Banking noch Online Shopping hier betrieben.

Dieser PC steht an meinem Arbeitsplatz. Es gibt aber weitere Personen, die Zugang zu diesem haben. Seit oben erwähnten Vorgängen hat sich jemand, die hier PC-Kurse gibt, den PC wohl angeblich angesehen und ihn angeblich "auf Vordermann" gebracht.
Meine Passworte fürs Banking und ebay habe ich in der Zwischenzeit an meinem privaten PC geändert. Ich habe es hier nicht wieder versucht, mich einzuloggen.

Der PC funktionierte zwischenzeitlich, wenn auch teils sehr langsam, bis dass eben in dem Administratoraccount letzte Woche nichts mehr ging.

Alt 28.05.2013, 13:55   #10
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



Also wenn ihr denjenigen noch bezahlt habt dafür war das rausgeschmissenes Geld.
Hier war das Rootkit.tdss drauf.
ich würde niemals an nem fremden PC onlinebanking machen, undkeine Mails abrufen das is viel zu unsicher.
1. habt ihr ne it abteilung?

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Ich würde den, da ihr daran außerdem arbeitet einmal neu aufsetzen und absichern, anleitungen bekommt ihr, müsst ihr aber mit dem cheff absprechen denke ich.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 19:30   #11
red_angel
 
System Anti Virus - Standard

System Anti Virus



Ich arbeite hier in einer Zweigstelle, die Zentrale sitzt in Kaiserslautern. Ob die da eine IT-Abteilung haben, weiß ich nicht, aber die machen sich nicht die Mühe, hier her zu kommen. Und wenn, dann würde man ewig darauf warten.
Ich würde also gerne die Bereinigung mitmachen. Sie möchten ja hier, dass alles ok ist.
Also vielen Dank im Voraus. Ich muss nur sagen, dass ich die Schritte nicht jeden Tag ausführen kann.

Vielen Dank!!

Alt 28.05.2013, 20:26   #12
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



Hi,
dass solltet ihr rausfinden ob die Firmenzentrale da Richtlinien hatt, unter Umständen kannst du dir sonst ärger einhandeln, zumal Rootkits sensible Daten stehlen können, wie zb Passwörter.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 21:17   #13
red_angel
 
System Anti Virus - Standard

System Anti Virus



Aber wenn das Ding da drauf ist und ich es entfernen möchte, kann das doch nur gut sein.... Keine Ahnung, was die "Expertin" vorher gemacht hatte, aber sie hatte auch nicht erst bei der Zentrale nachgefragt.

Alt 28.05.2013, 21:26   #14
markusg
/// Malware-holic
 
System Anti Virus - Standard

System Anti Virus



hi,
aber wie gesagt, haben Firmen spezielle Richtlinien, bzw sollten sie.
2. wenn wir die Malware evtl. nicht vollständig entfernen, kann das evtl. falls ihr ne IT-Abteilung habt ärger für dich geben, da du das nicht gemeldet hast.
3. wird eure IT-Abteilung dafür bezahlt das zu tun, und deswegen haben wir das hier auch so geregelt, dass wir bei solchen PC's nicht reinigen, wenn es denn eine solche gibt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.05.2013, 14:19   #15
red_angel
 
System Anti Virus - Standard

System Anti Virus



Ok, ich versuche mich mal zu erkundigen.

Haben denn dieser Rootkit und System Anti Virus etwas miteinander zu tun? Und woher kommen diese?

Danke

Antwort

Themen zu System Anti Virus
0x8007042, 7-zip, antivirus, bho, classpnp.sys, error, explorer, firefox, flash player, format, home, install.exe, logfile, mozilla, ntdll.dll, ntopenkeyex, nvidia, object, realtek, registry, rundll, scan, security, software, svchost.exe, system, system anti virus, system care, temp, updates, virus, warnung, windows



Ähnliche Themen: System Anti Virus


  1. System doctor 2014 -> Google -> Spyhunter 4 -> Malebytes Anti Root kit
    Log-Analyse und Auswertung - 15.06.2013 (11)
  2. System Care Anti Virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (5)
  3. System Care Anti Virus
    Plagegeister aller Art und deren Bekämpfung - 27.05.2013 (31)
  4. System Care Anti Virus...auch mich hat es erwischt
    Log-Analyse und Auswertung - 27.05.2013 (12)
  5. 100 Euro Virus / IDP.Trojan.4724C1BC / AVG Anti-Virus nicht aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (18)
  6. Nach Troja: System läßt bei keinem Anti-Virus/Spy Programm Echtzeitschutz mehr zu
    Log-Analyse und Auswertung - 09.10.2012 (22)
  7. Anti-Virus Free Edition 2011 - Findet Virus namens Hacktool.QXO
    Mülltonne - 11.11.2011 (0)
  8. Malwarebytes Anti-Malware und System-Volume-Information
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (37)
  9. Anti Virus Anti Spyware 2011 - Nach der Anleitung von AdminBot / DaGuRu gelöscht
    Log-Analyse und Auswertung - 03.04.2011 (1)
  10. Welcher Virus? Anti-Virus startet nicht mehr, MalWare Go
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (1)
  11. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
  12. Anti-Malware Doctor entfernt, unklar ob das System clean ist
    Log-Analyse und Auswertung - 30.08.2010 (22)
  13. Antimalware Doctor - Probleme mit System trotz Entfernung durch Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (9)
  14. Anti Viren System
    Antiviren-, Firewall- und andere Schutzprogramme - 07.01.2010 (1)
  15. System Security 2009 Rogue Anti Spyware
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (0)
  16. System Anti Virus 2008 - Hilfe bitte!
    Log-Analyse und Auswertung - 07.10.2008 (1)
  17. Trojaner getarnt als Anti virus System
    Mülltonne - 22.06.2007 (0)

Zum Thema System Anti Virus - Hallo, liebe Helfer, auch ich habe mir System Care Antivirus eingefangen. Der Administratoraccount kommt nicht mehr ins Internet. Ich habe nun aber gelesen, man soll nicht die Hinweise der anderen - System Anti Virus...
Archiv
Du betrachtest: System Anti Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.