Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2013, 19:10   #1
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Seit ein paar Tagen habe ich offenbar den Virus/Trojaner win32.downloader.gen auf meinem PC. Jedenfalls teilt mir das Spybot S&D mit. Diese Malware markiert und behebt dann angeblich das Problem, nach Neustart und erneuter Suche wird dieses Virus aber wieder gefunden usw...

ich weiß wohl, dass es da recht komplizerte Reinigungsmethoden gibt, die mir als Laie ehrlich gesagt wie ein Eingriff am offenen Herzen vorkommen

Gibt es nicht auch eine einfachere Möglichkeit, ein Tool etc..pp..im Internet wird auf diverse verwiesen, z.B.

hxxp://www.securitystronghold.com/de/gates/remove-win32-downloader-gen.html

hxxp://entfernenvirusspyware.wordpress.com/tag/uninstall-win32-downloader-gen-worm-virus/

ist so etwas zu trauen?

Wie gefährlich ist dieses Virus (wenn er drauf bliebe...der Computer scheint sich ab und an aufzuhängen, reagiert aber sonst "normal"). Microsoft Security Essentials hat beim vollständigen Scan noch nichts gefunden..

Alt 15.06.2013, 19:18   #2
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hi
diesen anleitungen ist nicht zu trauen,gen ist eine Generische erkennung für millionen schädlinge.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 16.06.2013, 19:48   #3
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Okay,da bin ich gespannt..
hier der OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.06.2013 20:32:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kai Adler\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 62,95% Memory free
8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,95 Gb Total Space | 137,96 Gb Free Space | 61,33% Space Free | Partition Type: NTFS
Drive D: | 225,71 Gb Total Space | 225,61 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: KAIADLER-PC | User Name: Kai Adler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kai Adler\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Kai Adler\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://home.sweetim.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{FD5CD67F-DA82-6C3B-A049-4E82BBB6B6E2}: "URL" = hxxp://www.etypestart.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=697&product_id=730&affiliate_id=&channel=&toolbar_id=205&toolbar_version=2.4.0&install_country=DE&install_date=20111116&user_guid=7724C79C281E46888893EEA98E36EAB3&machine_id=3891525243659266a4be483741db3a9f&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN52606543843611294&UM=&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.15 20:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.15 20:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 21:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.15 20:49:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.15 20:49:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 21:28:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.10 20:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai Adler\AppData\Roaming\mozilla\Extensions
[2011.01.10 20:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai Adler\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.31 20:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai Adler\AppData\Roaming\mozilla\Firefox\Profiles\o5j8apcs.default\extensions
[2013.05.11 11:27:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kai Adler\AppData\Roaming\mozilla\firefox\profiles\o5j8apcs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.20 19:16:30 | 000,001,034 | ---- | M] () -- C:\Users\Kai Adler\AppData\Roaming\mozilla\firefox\profiles\o5j8apcs.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2011.11.16 11:22:28 | 000,001,391 | ---- | M] () -- C:\Users\Kai Adler\AppData\Roaming\mozilla\firefox\profiles\o5j8apcs.default\searchplugins\yahoo-zugo.xml
[2013.06.15 20:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.15 20:49:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.15 20:49:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.06.15 20:49:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.06.01 12:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.01 12:09:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.01 19:45:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - Extension: Docs = C:\Users\Kai Adler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Kai Adler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Kai Adler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Kai Adler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Kai Adler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5195F366-6BCF-4F53-A425-45CCE20D40AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.15 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\Kai Adler\AppData\Roaming\Malwarebytes
[2013.06.15 20:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.15 20:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.15 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kai Adler\AppData\Local\Programs
[2013.06.14 21:27:02 | 000,000,000 | ---D | C] -- C:\Users\Kai Adler\AppData\Local\Google
[2013.06.14 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Kai Adler\AppData\Roaming\SUPERAntiSpyware.com
[2013.06.14 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.06.14 21:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.06.14 21:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.06.14 21:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.06.01 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Kai Adler\.swt
[2013.06.01 18:03:23 | 000,000,000 | ---D | C] -- C:\Flashtool
[2013.06.01 11:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.06.01 11:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.06.01 11:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013.05.31 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2013.05.31 19:20:32 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013.05.31 19:20:32 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013.05.31 19:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013.05.31 19:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013.05.22 21:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.22 21:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[7 C:\Users\Kai Adler\Desktop\*.tmp files -> C:\Users\Kai Adler\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 20:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 20:18:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 10:01:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 10:01:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 09:53:50 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 21:38:41 | 001,506,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.15 21:38:41 | 000,656,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.15 21:38:41 | 000,618,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.15 21:38:41 | 000,131,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.15 21:38:41 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.15 21:23:23 | 000,001,737 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.13 14:57:33 | 000,244,772 | ---- | M] () -- C:\Users\Kai Adler\Desktop\Fotoerlaubnis.pdf
[2013.05.31 19:28:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013.05.31 19:28:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013.05.31 19:20:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013.05.31 19:20:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013.05.31 08:31:56 | 000,000,938 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.22 21:17:57 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.18 15:00:27 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[7 C:\Users\Kai Adler\Desktop\*.tmp files -> C:\Users\Kai Adler\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.13 14:57:33 | 000,244,772 | ---- | C] () -- C:\Users\Kai Adler\Desktop\Fotoerlaubnis.pdf
[2013.05.31 19:28:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013.05.31 19:28:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013.04.13 13:02:57 | 000,010,495 | ---- | C] () -- C:\Users\Kai Adler\Markus99_elster_2048.pfx
[2013.02.19 21:24:38 | 000,015,428 | ---- | C] () -- C:\Users\Kai Adler\RefEdit.exd
[2012.10.15 17:57:56 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.09.08 21:04:02 | 000,001,737 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.02 15:29:40 | 000,000,938 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.07.02 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Buhl Data Service
[2012.10.15 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Canon
[2012.09.30 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\CD-LabelPrint
[2011.06.30 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\ChessBase
[2012.08.01 12:48:54 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.31 10:36:40 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\DVDVideoSoft
[2011.10.31 18:12:37 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.07 20:14:58 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Ekkin
[2011.11.16 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\eType
[2013.04.10 20:31:15 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\FreeVideoConverter
[2012.09.07 10:56:10 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Novuym
[2012.09.07 19:55:40 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Nuti
[2011.01.07 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\OEM
[2011.01.07 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Packard Bell
[2013.06.15 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Samsung
[2013.06.16 10:22:59 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\SoftGrid Client
[2011.07.02 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\TeamViewer
[2011.01.10 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Thunderbird
[2011.01.07 18:27:15 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Tific
[2011.01.07 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\TP
[2012.08.01 15:31:52 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\trackCaster
[2012.09.05 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\TuneUp Software
[2012.07.13 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\WildTangent
[2011.01.13 10:41:26 | 000,000,000 | ---D | M] -- C:\Users\Kai Adler\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.07 22:19:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.13 13:13:33 | 000,000,000 | ---D | M] -- C:\book
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.07 15:25:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.06.15 20:49:12 | 000,000,000 | ---D | M] -- C:\Flashtool
[2010.08.25 15:21:35 | 000,000,000 | ---D | M] -- C:\Intel
[2013.06.15 20:44:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.07 15:26:23 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.15 20:44:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.15 20:44:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.06.15 20:44:55 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.07 15:25:14 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.07 15:25:14 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.06.16 20:34:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.14 19:53:17 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.29 17:19:02 | 000,000,000 | ---D | M] -- C:\Tivola
[2012.11.19 04:03:40 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.15 21:30:19 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.29 17:17:24 | 000,000,296 | ---- | C] () -- C:\Windows\Tasks\AppleSoftwareUpdate.job
[2012.04.08 18:48:52 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20621_none_39f398b8542b6259\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.04.13 13:03:03 | 000,010,495 | ---- | M] () -- C:\Users\Kai Adler\Markus99_elster_2048.pfx
[2013.06.16 20:39:22 | 003,145,728 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat
[2013.06.16 20:39:22 | 000,262,144 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat.LOG1
[2011.01.07 15:25:23 | 000,000,000 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat.LOG2
[2011.01.07 20:22:40 | 000,065,536 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.01.07 20:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.01.07 20:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.06.27 22:35:26 | 000,065,536 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{082c6132-a08a-11e0-811b-d027880ecaf2}.TM.blf
[2011.06.27 22:35:26 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{082c6132-a08a-11e0-811b-d027880ecaf2}.TMContainer00000000000000000001.regtrans-ms
[2011.06.27 22:35:26 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\NTUSER.DAT{082c6132-a08a-11e0-811b-d027880ecaf2}.TMContainer00000000000000000002.regtrans-ms
[2012.09.07 22:17:44 | 000,065,536 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{55e93759-f918-11e1-ba12-d027880ecaf2}.TM.blf
[2012.09.07 22:17:44 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{55e93759-f918-11e1-ba12-d027880ecaf2}.TMContainer00000000000000000001.regtrans-ms
[2012.09.07 22:17:44 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{55e93759-f918-11e1-ba12-d027880ecaf2}.TMContainer00000000000000000002.regtrans-ms
[2013.06.15 20:55:06 | 000,065,536 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{96db0031-d5e2-11e2-8fd8-d027880ecaf2}.TM.blf
[2013.06.15 20:55:06 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{96db0031-d5e2-11e2-8fd8-d027880ecaf2}.TMContainer00000000000000000001.regtrans-ms
[2013.06.15 20:55:06 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{96db0031-d5e2-11e2-8fd8-d027880ecaf2}.TMContainer00000000000000000002.regtrans-ms
[2012.09.07 22:46:20 | 000,065,536 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{b12f0c58-f928-11e1-a92d-d027880ecaf2}.TM.blf
[2012.09.07 22:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{b12f0c58-f928-11e1-a92d-d027880ecaf2}.TMContainer00000000000000000001.regtrans-ms
[2012.09.07 22:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.dat{b12f0c58-f928-11e1-a92d-d027880ecaf2}.TMContainer00000000000000000002.regtrans-ms
[2011.01.07 15:25:23 | 000,000,020 | -HS- | M] () -- C:\Users\Kai Adler\ntuser.ini
[2013.02.19 21:24:38 | 000,015,428 | ---- | M] () -- C:\Users\Kai Adler\RefEdit.exd
[2012.10.15 18:02:51 | 000,000,000 | ---- | M] () -- C:\Users\Kai Adler\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

----------------
und hier Extra.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2013 20:32:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kai Adler\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 62,95% Memory free
8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,95 Gb Total Space | 137,96 Gb Free Space | 61,33% Space Free | Partition Type: NTFS
Drive D: | 225,71 Gb Total Space | 225,61 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: KAIADLER-PC | User Name: Kai Adler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2167AA09-5362-4C5B-98BC-08AE0DA40D61}" = rport=445 | protocol=6 | dir=out | app=system | 
"{246C3DF7-733D-44DE-8944-12DF4D65B69A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{286F8898-5510-48D8-A630-F2CE49F802C0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2E022F0A-EC66-4DC4-9E59-C599319B501F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{363E8CD4-9A0D-4B55-B702-FAF1C90B4177}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A381650-4BB8-48F0-957D-8133C00DDC5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4ABE5768-39A2-439F-B34A-E2DFE01C5636}" = lport=137 | protocol=17 | dir=in | app=system | 
"{587C63B1-9D5A-4C61-9A88-4DDFFF5848BC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5892E59E-8D1A-4B65-B85E-2DD8F0659D69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{755C360B-F328-4788-A4C4-A7204F99AC18}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{7B4787F4-F1C9-4686-A9B7-362A623FC810}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7D83317C-846A-4D88-A605-BC0E2E38EF3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FA7F5E7-2653-4085-95A8-A0B8EE57C048}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{82D0918B-247F-4BD5-A218-FE78A574B93C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8BCB9C25-4EAF-4D5A-816A-77B7FDB5DF8E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{920083E7-456E-4B93-A863-4F4908833241}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{94441B4B-6356-4E3B-8A38-9689E65EC40E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9A2C686F-8A83-40EB-9652-270F73D2957A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8B305C1-EDC6-424C-BA2D-15F0A8258705}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ABC91A6E-27E8-455C-BFFA-CEFA0ED010D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD229945-A27D-487A-9F55-890883F26FDA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BE5BB16D-1C4E-408F-8C24-7618651226AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8D83556-E092-429C-BC47-F14B304742AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D79A9A57-DB16-44A5-A87B-50138F65C21E}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{D79ED712-3A80-489D-96D0-18360CBC3B76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5A10FF5-6426-452E-8075-B9E931FFDC2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2E2E5BA-5A64-4047-BA09-03150C8B2155}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A0C7DF2-E778-4C21-873E-64BF5863E56F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{173F0C16-0AFB-41FE-A36C-7B27CBFD4F5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{19C9223E-ED10-4A71-A54D-9A9D04DE3F6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1B0C676B-18BD-454A-A7F1-F7278837D2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AF00BDC-7073-4D8E-9FB0-1858709D4606}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3220E50C-FCD3-4A3F-81C2-D5944D2BD387}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{37750614-D4BA-4BCC-92F9-A4E690116834}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AA5CB7C-5F87-4851-AC2A-405A9B7AF6AD}" = protocol=17 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | 
"{4C142672-FB69-490B-9803-40D96FB267A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{51AAC30D-E3CD-47E2-B5BC-4702FC26FCF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6ABF6F8D-3872-40CE-84AB-832E9C190D1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6ED891EC-E8AD-426D-9691-C545C2BB1D9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{70ECF925-2821-4CE6-8894-4227B3A09004}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{842E306F-874D-43D0-9EB3-D77CE9D368F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{976B0DB8-9649-47ED-8FF0-32260A054D4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A00B314-DCDB-4729-9F2A-89DC2ED573A6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9EF4B347-3D4F-464C-9880-7D4B1D3D781D}" = protocol=6 | dir=out | app=system | 
"{AB0E1386-596B-47E7-9947-D7846AF22AE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B1B05553-A539-47B0-AE69-4359854BC792}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B96E466A-87AF-4752-8868-2EA822452048}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB5EBEC1-314E-4841-9B52-B1E08F5C3B7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0BEF996-213A-456C-9B00-4BC8358B443D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3D970E9-4269-479C-ABB9-8D86226E4733}" = protocol=6 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | 
"{D4E9DBB2-9635-4F80-B445-2CEEE1F3CB09}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DDC44954-120C-4A3F-9849-C418899DD654}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E352EDE0-8018-4B03-B866-9B693A795C49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ECDE968E-4D02-4A19-9876-617B86FACDE0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"TCP Query User{A0A5B330-98B1-4701-B829-6F1E99E049B2}C:\users\kai adler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kai adler\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{810B7A41-8937-466D-88B5-635C805EF6C6}C:\users\kai adler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kai adler\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7b672b81-21b2-4cb4-9f0a-1075eb7a72cd}" = Nero 9 Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Canon iP4600 series Benutzerregistrierung" = Canon iP4600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"dlancockpit" = devolo dLAN Cockpit
"dm-Fotowelt" = dm-Fotowelt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MailStore Home_is1" = MailStore Home 4.2.0.5431
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"trackCaster" = trackCaster
"VLC media player" = VLC media player 1.1.5
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2013 10:14:17 | Computer Name = KaiAdler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0,
 Zeitstempel: 0x3a9cdbe7  Name des fehlerhaften Moduls: WINWORD.EXE, Version: 10.0.2627.0,
 Zeitstempel: 0x3a9cdbe7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001d015  ID des fehlerhaften
 Prozesses: 0xa54  Startzeit der fehlerhaften Anwendung: 0x01ce5f9b561df4b3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
Berichtskennung:
 b57ab5c3-cb8e-11e2-ba5e-d027880ecaf2
 
Error - 04.06.2013 03:21:40 | Computer Name = KaiAdler-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.06.2013 03:22:07 | Computer Name = KaiAdler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0,
 Zeitstempel: 0x3a9cdbe7  Name des fehlerhaften Moduls: WINWORD.EXE, Version: 10.0.2627.0,
 Zeitstempel: 0x3a9cdbe7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001d015  ID des fehlerhaften
 Prozesses: 0x9a4  Startzeit der fehlerhaften Anwendung: 0x01ce60f425ba7f03  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
Berichtskennung:
 75f547aa-cce7-11e2-b5b3-d027880ecaf2
 
Error - 06.06.2013 15:32:36 | Computer Name = KaiAdler-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 09.06.2013 15:15:24 | Computer Name = KaiAdler-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 14.06.2013 05:51:58 | Computer Name = KaiAdler-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.06.2013 14:53:57 | Computer Name = KaiAdler-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.06.2013 15:06:14 | Computer Name = KaiAdler-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.06.2013 14:28:39 | Computer Name = KaiAdler-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.06.2013 14:30:17 | Computer Name = KaiAdler-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11e8    Startzeit:
 01ce6abebd8c4a39    Endzeit: 3    Anwendungspfad: C:\Users\Kai Adler\Downloads\OTL.exe    Berichts-ID:
   
 
[ System Events ]
Error - 15.06.2013 15:30:55 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.06.2013 15:30:55 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.06.2013 15:30:55 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.06.2013 15:30:55 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.06.2013 15:33:42 | Computer Name = KaiAdler-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 15.06.2013 15:35:04 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.06.2013 15:35:04 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 16.06.2013 03:54:38 | Computer Name = KaiAdler-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 16.06.2013 03:56:19 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 16.06.2013 03:56:19 | Computer Name = KaiAdler-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
--- --- ---
__________________

Alt 17.06.2013, 14:11   #4
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 14:37   #5
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



okay, that's it..ist schon ein komisches Gefühl, das Innenleben seines PCs hier auszubreiten..aber wenn's der Wahrheitsfindung dient..



15:32:53.0566 3624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:32:53.0735 3624 ============================================================
15:32:53.0735 3624 Current date / time: 2013/06/17 15:32:53.0735
15:32:53.0735 3624 SystemInfo:
15:32:53.0735 3624
15:32:53.0735 3624 OS Version: 6.1.7601 ServicePack: 1.0
15:32:53.0735 3624 Product type: Workstation
15:32:53.0735 3624 ComputerName: KAIADLER-PC
15:32:53.0736 3624 UserName: Kai Adler
15:32:53.0736 3624 Windows directory: C:\Windows
15:32:53.0736 3624 System windows directory: C:\Windows
15:32:53.0736 3624 Running under WOW64
15:32:53.0736 3624 Processor architecture: Intel x64
15:32:53.0736 3624 Number of processors: 2
15:32:53.0736 3624 Page size: 0x1000
15:32:53.0736 3624 Boot type: Normal boot
15:32:53.0736 3624 ============================================================
15:32:56.0848 3624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:56.0875 3624 ============================================================
15:32:56.0875 3624 \Device\Harddisk0\DR0:
15:32:56.0876 3624 MBR partitions:
15:32:56.0876 3624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:32:56.0876 3624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C1E7000
15:32:56.0876 3624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E019800, BlocksNum 0x1C36C000
15:32:56.0876 3624 ============================================================
15:32:56.0914 3624 C: <-> \Device\Harddisk0\DR0\Partition2
15:32:56.0950 3624 D: <-> \Device\Harddisk0\DR0\Partition3
15:32:56.0951 3624 ============================================================
15:32:56.0951 3624 Initialize success
15:32:56.0951 3624 ============================================================
15:33:16.0255 3356 ============================================================
15:33:16.0255 3356 Scan started
15:33:16.0255 3356 Mode: Manual;
15:33:16.0255 3356 ============================================================
15:33:17.0902 3356 ================ Scan system memory ========================
15:33:17.0902 3356 System memory - ok
15:33:17.0903 3356 ================ Scan services =============================
15:33:18.0010 3356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:33:18.0015 3356 1394ohci - ok
15:33:18.0038 3356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:33:18.0043 3356 ACPI - ok
15:33:18.0063 3356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:33:18.0064 3356 AcpiPmi - ok
15:33:18.0144 3356 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:33:18.0149 3356 AdobeActiveFileMonitor8.0 - ok
15:33:18.0259 3356 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:33:18.0263 3356 AdobeFlashPlayerUpdateSvc - ok
15:33:18.0307 3356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:33:18.0315 3356 adp94xx - ok
15:33:18.0360 3356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:33:18.0366 3356 adpahci - ok
15:33:18.0382 3356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:33:18.0386 3356 adpu320 - ok
15:33:18.0411 3356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:33:18.0412 3356 AeLookupSvc - ok
15:33:18.0469 3356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:33:18.0476 3356 AFD - ok
15:33:18.0509 3356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:33:18.0512 3356 agp440 - ok
15:33:18.0532 3356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:33:18.0535 3356 ALG - ok
15:33:18.0550 3356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:33:18.0552 3356 aliide - ok
15:33:18.0563 3356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:33:18.0564 3356 amdide - ok
15:33:18.0609 3356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:33:18.0610 3356 AmdK8 - ok
15:33:18.0627 3356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:33:18.0629 3356 AmdPPM - ok
15:33:18.0645 3356 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:33:18.0647 3356 amdsata - ok
15:33:18.0657 3356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:33:18.0660 3356 amdsbs - ok
15:33:18.0678 3356 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:33:18.0678 3356 amdxata - ok
15:33:18.0727 3356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:33:18.0729 3356 AppID - ok
15:33:18.0754 3356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:33:18.0756 3356 AppIDSvc - ok
15:33:18.0788 3356 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:33:18.0790 3356 Appinfo - ok
15:33:18.0813 3356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:33:18.0815 3356 arc - ok
15:33:18.0825 3356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:33:18.0828 3356 arcsas - ok
15:33:18.0863 3356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:18.0864 3356 AsyncMac - ok
15:33:18.0893 3356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:33:18.0893 3356 atapi - ok
15:33:18.0937 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:33:18.0944 3356 AudioEndpointBuilder - ok
15:33:18.0955 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:33:18.0959 3356 AudioSrv - ok
15:33:19.0000 3356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:33:19.0003 3356 AxInstSV - ok
15:33:19.0043 3356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:33:19.0050 3356 b06bdrv - ok
15:33:19.0101 3356 [ A375AA8F1549BA51CFBCBD9A4AE0C2D3 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:33:19.0104 3356 b57nd60a - ok
15:33:19.0158 3356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:33:19.0161 3356 BDESVC - ok
15:33:19.0171 3356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:33:19.0172 3356 Beep - ok
15:33:19.0235 3356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:33:19.0245 3356 BFE - ok
15:33:19.0271 3356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:33:19.0281 3356 BITS - ok
15:33:19.0311 3356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:33:19.0313 3356 blbdrive - ok
15:33:19.0334 3356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:33:19.0336 3356 bowser - ok
15:33:19.0347 3356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:33:19.0349 3356 BrFiltLo - ok
15:33:19.0368 3356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:33:19.0369 3356 BrFiltUp - ok
15:33:19.0410 3356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:33:19.0413 3356 Browser - ok
15:33:19.0433 3356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:33:19.0439 3356 Brserid - ok
15:33:19.0446 3356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:33:19.0448 3356 BrSerWdm - ok
15:33:19.0457 3356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:33:19.0458 3356 BrUsbMdm - ok
15:33:19.0465 3356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:33:19.0466 3356 BrUsbSer - ok
15:33:19.0479 3356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:33:19.0481 3356 BTHMODEM - ok
15:33:19.0503 3356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:33:19.0504 3356 bthserv - ok
15:33:19.0539 3356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:33:19.0541 3356 cdfs - ok
15:33:19.0582 3356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:33:19.0584 3356 cdrom - ok
15:33:19.0624 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:33:19.0626 3356 CertPropSvc - ok
15:33:19.0637 3356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:33:19.0639 3356 circlass - ok
15:33:19.0664 3356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:33:19.0668 3356 CLFS - ok
15:33:19.0729 3356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:19.0732 3356 clr_optimization_v2.0.50727_32 - ok
15:33:19.0765 3356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:19.0768 3356 clr_optimization_v2.0.50727_64 - ok
15:33:19.0845 3356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:33:19.0876 3356 clr_optimization_v4.0.30319_32 - ok
15:33:19.0896 3356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:33:19.0899 3356 clr_optimization_v4.0.30319_64 - ok
15:33:19.0913 3356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:33:19.0915 3356 CmBatt - ok
15:33:19.0968 3356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:33:19.0969 3356 cmdide - ok
15:33:20.0008 3356 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:33:20.0014 3356 CNG - ok
15:33:20.0050 3356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:33:20.0052 3356 Compbatt - ok
15:33:20.0087 3356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:33:20.0089 3356 CompositeBus - ok
15:33:20.0108 3356 COMSysApp - ok
15:33:20.0147 3356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:33:20.0148 3356 crcdisk - ok
15:33:20.0204 3356 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:33:20.0208 3356 CryptSvc - ok
15:33:20.0294 3356 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:33:20.0306 3356 cvhsvc - ok
15:33:20.0349 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:33:20.0359 3356 DcomLaunch - ok
15:33:20.0393 3356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:33:20.0398 3356 defragsvc - ok
15:33:20.0509 3356 [ D2600494C45B98ADFDAE290205AD7CD3 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
15:33:20.0725 3356 DevoloNetworkService - ok
15:33:20.0774 3356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:33:20.0776 3356 DfsC - ok
15:33:20.0814 3356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:33:20.0817 3356 Dhcp - ok
15:33:20.0845 3356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:33:20.0846 3356 discache - ok
15:33:20.0886 3356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:33:20.0887 3356 Disk - ok
15:33:20.0912 3356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:33:20.0914 3356 Dnscache - ok
15:33:20.0947 3356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:33:20.0951 3356 dot3svc - ok
15:33:20.0981 3356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:33:20.0984 3356 DPS - ok
15:33:21.0017 3356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:33:21.0019 3356 drmkaud - ok
15:33:21.0068 3356 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:33:21.0078 3356 DXGKrnl - ok
15:33:21.0111 3356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:33:21.0114 3356 EapHost - ok
15:33:21.0186 3356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:33:21.0247 3356 ebdrv - ok
15:33:21.0282 3356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:33:21.0284 3356 EFS - ok
15:33:21.0374 3356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:33:21.0384 3356 ehRecvr - ok
15:33:21.0408 3356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:33:21.0410 3356 ehSched - ok
15:33:21.0436 3356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:33:21.0444 3356 elxstor - ok
15:33:21.0470 3356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:33:21.0472 3356 ErrDev - ok
15:33:21.0531 3356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:33:21.0535 3356 EventSystem - ok
15:33:21.0547 3356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:33:21.0550 3356 exfat - ok
15:33:21.0566 3356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:33:21.0569 3356 fastfat - ok
15:33:21.0615 3356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:33:21.0623 3356 Fax - ok
15:33:21.0643 3356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:33:21.0645 3356 fdc - ok
15:33:21.0663 3356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:33:21.0664 3356 fdPHost - ok
15:33:21.0673 3356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:33:21.0675 3356 FDResPub - ok
15:33:21.0688 3356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:33:21.0689 3356 FileInfo - ok
15:33:21.0700 3356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:33:21.0701 3356 Filetrace - ok
15:33:21.0736 3356 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:33:21.0746 3356 FLEXnet Licensing Service - ok
15:33:21.0765 3356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:33:21.0767 3356 flpydisk - ok
15:33:21.0804 3356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:33:21.0807 3356 FltMgr - ok
15:33:21.0863 3356 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:33:21.0882 3356 FontCache - ok
15:33:21.0926 3356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:33:21.0929 3356 FontCache3.0.0.0 - ok
15:33:21.0955 3356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:33:21.0957 3356 FsDepends - ok
15:33:21.0993 3356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:33:21.0994 3356 Fs_Rec - ok
15:33:22.0043 3356 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:33:22.0046 3356 fvevol - ok
15:33:22.0066 3356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:33:22.0069 3356 gagp30kx - ok
15:33:22.0152 3356 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
15:33:22.0156 3356 GameConsoleService - ok
15:33:22.0203 3356 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
15:33:22.0204 3356 ggflt - ok
15:33:22.0232 3356 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
15:33:22.0234 3356 ggsemc - ok
15:33:22.0279 3356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:33:22.0291 3356 gpsvc - ok
15:33:22.0328 3356 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
15:33:22.0329 3356 GREGService - ok
15:33:22.0359 3356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:33:22.0361 3356 hcw85cir - ok
15:33:22.0416 3356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:33:22.0422 3356 HdAudAddService - ok
15:33:22.0460 3356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:33:22.0463 3356 HDAudBus - ok
15:33:22.0492 3356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:33:22.0494 3356 HidBatt - ok
15:33:22.0512 3356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:33:22.0515 3356 HidBth - ok
15:33:22.0536 3356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:33:22.0538 3356 HidIr - ok
15:33:22.0564 3356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:33:22.0566 3356 hidserv - ok
15:33:22.0600 3356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:33:22.0601 3356 HidUsb - ok
15:33:22.0630 3356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:33:22.0634 3356 hkmsvc - ok
15:33:22.0667 3356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:33:22.0672 3356 HomeGroupListener - ok
15:33:22.0715 3356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:33:22.0720 3356 HomeGroupProvider - ok
15:33:22.0752 3356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:33:22.0754 3356 HpSAMD - ok
15:33:22.0805 3356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:33:22.0813 3356 HTTP - ok
15:33:22.0828 3356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:33:22.0829 3356 hwpolicy - ok
15:33:22.0863 3356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:33:22.0865 3356 i8042prt - ok
15:33:22.0887 3356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:33:22.0893 3356 iaStorV - ok
15:33:22.0939 3356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:22.0949 3356 idsvc - ok
15:33:23.0083 3356 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:33:23.0194 3356 igfx - ok
15:33:23.0217 3356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:33:23.0219 3356 iirsp - ok
15:33:23.0256 3356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:33:23.0265 3356 IKEEXT - ok
15:33:23.0344 3356 [ 52D9171838BB92319F23656F502916E9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:33:23.0364 3356 IntcAzAudAddService - ok
15:33:23.0397 3356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:33:23.0398 3356 intelide - ok
15:33:23.0440 3356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:33:23.0441 3356 intelppm - ok
15:33:23.0475 3356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:33:23.0478 3356 IPBusEnum - ok
15:33:23.0514 3356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:23.0516 3356 IpFilterDriver - ok
15:33:23.0559 3356 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:33:23.0568 3356 iphlpsvc - ok
15:33:23.0588 3356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:33:23.0590 3356 IPMIDRV - ok
15:33:23.0616 3356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:33:23.0619 3356 IPNAT - ok
15:33:23.0655 3356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:33:23.0656 3356 IRENUM - ok
15:33:23.0673 3356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:33:23.0675 3356 isapnp - ok
15:33:23.0699 3356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:33:23.0704 3356 iScsiPrt - ok
15:33:23.0744 3356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:33:23.0745 3356 kbdclass - ok
15:33:23.0777 3356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:33:23.0779 3356 kbdhid - ok
15:33:23.0788 3356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:33:23.0790 3356 KeyIso - ok
15:33:23.0822 3356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:33:23.0824 3356 KSecDD - ok
15:33:23.0855 3356 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:33:23.0856 3356 KSecPkg - ok
15:33:23.0885 3356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:33:23.0886 3356 ksthunk - ok
15:33:23.0904 3356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:33:23.0908 3356 KtmRm - ok
15:33:23.0963 3356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:33:23.0968 3356 LanmanServer - ok
15:33:23.0985 3356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:33:23.0990 3356 LanmanWorkstation - ok
15:33:24.0030 3356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:33:24.0032 3356 lltdio - ok
15:33:24.0056 3356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:33:24.0063 3356 lltdsvc - ok
15:33:24.0069 3356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:33:24.0072 3356 lmhosts - ok
15:33:24.0102 3356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:33:24.0104 3356 LSI_FC - ok
15:33:24.0124 3356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:33:24.0127 3356 LSI_SAS - ok
15:33:24.0142 3356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:33:24.0144 3356 LSI_SAS2 - ok
15:33:24.0160 3356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:33:24.0163 3356 LSI_SCSI - ok
15:33:24.0197 3356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:33:24.0199 3356 luafv - ok
15:33:24.0249 3356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:33:24.0252 3356 Mcx2Svc - ok
15:33:24.0267 3356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:33:24.0269 3356 megasas - ok
15:33:24.0286 3356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:33:24.0291 3356 MegaSR - ok
15:33:24.0315 3356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:33:24.0318 3356 MMCSS - ok
15:33:24.0328 3356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:33:24.0330 3356 Modem - ok
15:33:24.0374 3356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:33:24.0375 3356 monitor - ok
15:33:24.0421 3356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:33:24.0422 3356 mouclass - ok
15:33:24.0452 3356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:33:24.0453 3356 mouhid - ok
15:33:24.0492 3356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:33:24.0495 3356 mountmgr - ok
15:33:24.0584 3356 [ BA7BC321BFEF85B525A9417693B1FF09 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:33:24.0587 3356 MozillaMaintenance - ok
15:33:24.0625 3356 [ E6BA8E5A4A871899E23D64573EF58EE9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:33:24.0627 3356 MpFilter - ok
15:33:24.0652 3356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:33:24.0655 3356 mpio - ok
15:33:24.0693 3356 [ 98B09A4F2C462441030B83A80A3F6FB3 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
15:33:24.0694 3356 MpNWMon - ok
15:33:24.0726 3356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:33:24.0728 3356 mpsdrv - ok
15:33:24.0777 3356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:33:24.0790 3356 MpsSvc - ok
15:33:24.0819 3356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:33:24.0822 3356 MRxDAV - ok
15:33:24.0848 3356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:24.0850 3356 mrxsmb - ok
15:33:24.0889 3356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:24.0892 3356 mrxsmb10 - ok
15:33:24.0905 3356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:24.0907 3356 mrxsmb20 - ok
15:33:24.0938 3356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:33:24.0945 3356 msahci - ok
15:33:25.0002 3356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:33:25.0035 3356 msdsm - ok
15:33:25.0059 3356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:33:25.0076 3356 MSDTC - ok
15:33:25.0158 3356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:33:25.0175 3356 Msfs - ok
15:33:25.0196 3356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:33:25.0214 3356 mshidkmdf - ok
15:33:25.0235 3356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:33:25.0236 3356 msisadrv - ok
15:33:25.0296 3356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:33:25.0301 3356 MSiSCSI - ok
15:33:25.0308 3356 msiserver - ok
15:33:25.0348 3356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:33:25.0349 3356 MSKSSRV - ok
15:33:25.0446 3356 [ 64E69A217D861776CA848B453FB96D71 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:33:25.0446 3356 MsMpSvc - ok
15:33:25.0451 3356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:25.0454 3356 MSPCLOCK - ok
15:33:25.0458 3356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:33:25.0461 3356 MSPQM - ok
15:33:25.0534 3356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:33:25.0545 3356 MsRPC - ok
15:33:25.0576 3356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:33:25.0577 3356 mssmbios - ok
15:33:25.0629 3356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:33:25.0636 3356 MSTEE - ok
15:33:25.0644 3356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:33:25.0649 3356 MTConfig - ok
15:33:25.0688 3356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:33:25.0688 3356 Mup - ok
15:33:25.0767 3356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:33:25.0790 3356 napagent - ok
15:33:25.0848 3356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:33:25.0865 3356 NativeWifiP - ok
15:33:25.0943 3356 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:33:25.0969 3356 NDIS - ok
15:33:25.0995 3356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:33:25.0996 3356 NdisCap - ok
15:33:26.0046 3356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:26.0058 3356 NdisTapi - ok
15:33:26.0102 3356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:26.0103 3356 Ndisuio - ok
15:33:26.0147 3356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:26.0161 3356 NdisWan - ok
15:33:26.0205 3356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:33:26.0217 3356 NDProxy - ok
15:33:26.0308 3356 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:33:26.0325 3356 Nero BackItUp Scheduler 4.0 - ok
15:33:26.0374 3356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:33:26.0376 3356 NetBIOS - ok
15:33:26.0415 3356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:33:26.0419 3356 NetBT - ok
15:33:26.0426 3356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:33:26.0427 3356 Netlogon - ok
15:33:26.0487 3356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:33:26.0492 3356 Netman - ok
15:33:26.0508 3356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:33:26.0518 3356 netprofm - ok
15:33:26.0566 3356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:33:26.0593 3356 NetTcpPortSharing - ok
15:33:26.0667 3356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:33:26.0679 3356 nfrd960 - ok
15:33:26.0719 3356 [ 3713E8452B88D3E0BE095E06B6FBC776 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:33:26.0720 3356 NisDrv - ok
15:33:26.0760 3356 [ C67E39D2968400B38F54A10822E6EACF ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:33:26.0764 3356 NisSrv - ok
15:33:26.0829 3356 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:33:26.0845 3356 NlaSvc - ok
15:33:26.0867 3356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:33:26.0869 3356 Npfs - ok
15:33:27.0095 3356 [ 49697C2C761ACB5C0DE99CC8FE93E95B ] NPF_devolo C:\Windows\sysWOW64\drivers\npf_devolo.sys
15:33:27.0114 3356 NPF_devolo - ok
15:33:27.0141 3356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:33:27.0145 3356 nsi - ok
15:33:27.0166 3356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:33:27.0167 3356 nsiproxy - ok
15:33:27.0219 3356 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:33:27.0245 3356 Ntfs - ok
15:33:27.0278 3356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:33:27.0279 3356 Null - ok
15:33:27.0343 3356 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:33:27.0346 3356 NVHDA - ok
15:33:27.0536 3356 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:33:27.0585 3356 nvlddmkm - ok
15:33:27.0627 3356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:33:27.0630 3356 nvraid - ok
15:33:27.0640 3356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:33:27.0643 3356 nvstor - ok
15:33:27.0698 3356 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:33:27.0712 3356 nvsvc - ok
15:33:27.0804 3356 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:33:27.0830 3356 nvUpdatusService - ok
15:33:27.0871 3356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:33:27.0874 3356 nv_agp - ok
15:33:27.0893 3356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:33:27.0895 3356 ohci1394 - ok
15:33:27.0925 3356 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:33:27.0928 3356 ose - ok
15:33:28.0041 3356 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:33:28.0120 3356 osppsvc - ok
15:33:28.0155 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:33:28.0159 3356 p2pimsvc - ok
15:33:28.0175 3356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:33:28.0181 3356 p2psvc - ok
15:33:28.0202 3356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:33:28.0204 3356 Parport - ok
15:33:28.0229 3356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:33:28.0230 3356 partmgr - ok
15:33:28.0241 3356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:33:28.0244 3356 PcaSvc - ok
15:33:28.0278 3356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:33:28.0281 3356 pci - ok
15:33:28.0297 3356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:33:28.0299 3356 pciide - ok
15:33:28.0316 3356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:33:28.0319 3356 pcmcia - ok
15:33:28.0331 3356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:33:28.0332 3356 pcw - ok
15:33:28.0354 3356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:33:28.0360 3356 PEAUTH - ok
15:33:28.0386 3356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:33:28.0388 3356 PerfHost - ok
15:33:28.0445 3356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:33:28.0480 3356 pla - ok
15:33:28.0528 3356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:33:28.0537 3356 PlugPlay - ok
15:33:28.0562 3356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:33:28.0565 3356 PNRPAutoReg - ok
15:33:28.0580 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:33:28.0583 3356 PNRPsvc - ok
15:33:28.0605 3356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:33:28.0612 3356 PolicyAgent - ok
15:33:28.0646 3356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:33:28.0650 3356 Power - ok
15:33:28.0662 3356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:33:28.0664 3356 PptpMiniport - ok
15:33:28.0679 3356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:33:28.0681 3356 Processor - ok
15:33:28.0707 3356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:33:28.0710 3356 ProfSvc - ok
15:33:28.0724 3356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:33:28.0725 3356 ProtectedStorage - ok
15:33:28.0757 3356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:33:28.0759 3356 Psched - ok
15:33:28.0806 3356 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:33:28.0807 3356 PxHlpa64 - ok
15:33:28.0837 3356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:33:28.0863 3356 ql2300 - ok
15:33:28.0869 3356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:33:28.0871 3356 ql40xx - ok
15:33:28.0901 3356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:33:28.0910 3356 QWAVE - ok
15:33:28.0923 3356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:33:28.0924 3356 QWAVEdrv - ok
15:33:28.0941 3356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:33:28.0943 3356 RasAcd - ok
15:33:28.0993 3356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:33:28.0995 3356 RasAgileVpn - ok
15:33:29.0004 3356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:33:29.0007 3356 RasAuto - ok
15:33:29.0039 3356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:29.0041 3356 Rasl2tp - ok
15:33:29.0055 3356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:33:29.0059 3356 RasMan - ok
15:33:29.0075 3356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:29.0077 3356 RasPppoe - ok
15:33:29.0084 3356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:33:29.0085 3356 RasSstp - ok
15:33:29.0119 3356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:33:29.0122 3356 rdbss - ok
15:33:29.0140 3356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:33:29.0141 3356 rdpbus - ok
15:33:29.0154 3356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:29.0155 3356 RDPCDD - ok
15:33:29.0196 3356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:33:29.0197 3356 RDPENCDD - ok
15:33:29.0213 3356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:33:29.0215 3356 RDPREFMP - ok
15:33:29.0286 3356 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:33:29.0288 3356 RdpVideoMiniport - ok
15:33:29.0323 3356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:33:29.0328 3356 RDPWD - ok
15:33:29.0364 3356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:33:29.0368 3356 rdyboost - ok
15:33:29.0392 3356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:33:29.0396 3356 RemoteAccess - ok
15:33:29.0426 3356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:33:29.0432 3356 RemoteRegistry - ok
15:33:29.0442 3356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:33:29.0447 3356 RpcEptMapper - ok
15:33:29.0468 3356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:33:29.0470 3356 RpcLocator - ok
15:33:29.0511 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:33:29.0515 3356 RpcSs - ok
15:33:29.0535 3356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:33:29.0537 3356 rspndr - ok
15:33:29.0548 3356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:33:29.0549 3356 SamSs - ok
15:33:29.0581 3356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:33:29.0583 3356 sbp2port - ok
15:33:29.0669 3356 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:33:29.0695 3356 SBSDWSCService - ok
15:33:29.0726 3356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:33:29.0732 3356 SCardSvr - ok
15:33:29.0771 3356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:33:29.0773 3356 scfilter - ok
15:33:29.0824 3356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:33:29.0851 3356 Schedule - ok
15:33:29.0888 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:33:29.0889 3356 SCPolicySvc - ok
15:33:29.0902 3356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:33:29.0907 3356 SDRSVC - ok
15:33:29.0947 3356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:33:29.0949 3356 secdrv - ok
15:33:29.0966 3356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:33:29.0970 3356 seclogon - ok
15:33:30.0001 3356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:33:30.0005 3356 SENS - ok
15:33:30.0019 3356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:33:30.0024 3356 SensrSvc - ok
15:33:30.0039 3356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:33:30.0040 3356 Serenum - ok
15:33:30.0079 3356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:33:30.0082 3356 Serial - ok
15:33:30.0112 3356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:33:30.0114 3356 sermouse - ok
15:33:30.0162 3356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:33:30.0166 3356 SessionEnv - ok
15:33:30.0191 3356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:33:30.0193 3356 sffdisk - ok
15:33:30.0208 3356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:33:30.0209 3356 sffp_mmc - ok
15:33:30.0220 3356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:33:30.0221 3356 sffp_sd - ok
15:33:30.0232 3356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:33:30.0234 3356 sfloppy - ok
15:33:30.0290 3356 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:33:30.0295 3356 Sftfs - ok
15:33:30.0339 3356 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:33:30.0344 3356 sftlist - ok
15:33:30.0363 3356 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:33:30.0366 3356 Sftplay - ok
15:33:30.0375 3356 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:33:30.0375 3356 Sftredir - ok
15:33:30.0388 3356 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:33:30.0389 3356 Sftvol - ok
15:33:30.0400 3356 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:33:30.0403 3356 sftvsa - ok
15:33:30.0432 3356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:33:30.0437 3356 SharedAccess - ok
15:33:30.0467 3356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:33:30.0473 3356 ShellHWDetection - ok
15:33:30.0515 3356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:33:30.0517 3356 SiSRaid2 - ok
15:33:30.0534 3356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:33:30.0536 3356 SiSRaid4 - ok
15:33:30.0742 3356 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:33:30.0810 3356 Skype C2C Service - ok
15:33:30.0892 3356 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:33:30.0895 3356 SkypeUpdate - ok
15:33:30.0933 3356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:33:30.0936 3356 Smb - ok
15:33:30.0996 3356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:33:30.0999 3356 SNMPTRAP - ok
15:33:31.0006 3356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:33:31.0007 3356 spldr - ok
15:33:31.0050 3356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:33:31.0058 3356 Spooler - ok
15:33:31.0137 3356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:33:31.0190 3356 sppsvc - ok
15:33:31.0197 3356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:33:31.0199 3356 sppuinotify - ok
15:33:31.0231 3356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:33:31.0236 3356 srv - ok
15:33:31.0253 3356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:33:31.0258 3356 srv2 - ok
15:33:31.0269 3356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:33:31.0271 3356 srvnet - ok
15:33:31.0303 3356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:33:31.0306 3356 SSDPSRV - ok
15:33:31.0317 3356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:33:31.0320 3356 SstpSvc - ok
15:33:31.0380 3356 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:33:31.0386 3356 Stereo Service - ok
15:33:31.0411 3356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:33:31.0413 3356 stexstor - ok
15:33:31.0463 3356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:33:31.0475 3356 stisvc - ok
15:33:31.0500 3356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:33:31.0501 3356 swenum - ok
15:33:31.0528 3356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:33:31.0539 3356 swprv - ok
15:33:31.0604 3356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:33:31.0634 3356 SysMain - ok
15:33:31.0664 3356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:33:31.0668 3356 TabletInputService - ok
15:33:31.0698 3356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:33:31.0703 3356 TapiSrv - ok
15:33:31.0713 3356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:33:31.0715 3356 TBS - ok
15:33:31.0794 3356 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:33:31.0829 3356 Tcpip - ok
15:33:31.0877 3356 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:33:31.0891 3356 TCPIP6 - ok
15:33:31.0927 3356 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:33:31.0929 3356 tcpipreg - ok
15:33:31.0954 3356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:33:31.0956 3356 TDPIPE - ok
15:33:31.0991 3356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:33:31.0993 3356 TDTCP - ok
15:33:32.0022 3356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:33:32.0024 3356 tdx - ok
15:33:32.0038 3356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:33:32.0038 3356 TermDD - ok
15:33:32.0062 3356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:33:32.0071 3356 TermService - ok
15:33:32.0086 3356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:33:32.0088 3356 Themes - ok
15:33:32.0116 3356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:33:32.0117 3356 THREADORDER - ok
15:33:32.0130 3356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:33:32.0133 3356 TrkWks - ok
15:33:32.0184 3356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:33:32.0188 3356 TrustedInstaller - ok
15:33:32.0221 3356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:32.0223 3356 tssecsrv - ok
15:33:32.0265 3356 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:33:32.0268 3356 TsUsbFlt - ok
15:33:32.0315 3356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:33:32.0318 3356 tunnel - ok
15:33:32.0344 3356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:33:32.0346 3356 uagp35 - ok
15:33:32.0387 3356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:33:32.0394 3356 udfs - ok
15:33:32.0421 3356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:33:32.0426 3356 UI0Detect - ok
15:33:32.0440 3356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:33:32.0443 3356 uliagpkx - ok
15:33:32.0476 3356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:33:32.0478 3356 umbus - ok
15:33:32.0491 3356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:33:32.0492 3356 UmPass - ok
15:33:32.0537 3356 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
15:33:32.0541 3356 Updater Service - ok
15:33:32.0563 3356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:33:32.0572 3356 upnphost - ok
15:33:32.0625 3356 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:33:32.0628 3356 usbaudio - ok
15:33:32.0663 3356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:32.0666 3356 usbccgp - ok
15:33:32.0713 3356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:33:32.0716 3356 usbcir - ok
15:33:32.0743 3356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:33:32.0745 3356 usbehci - ok
15:33:32.0777 3356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:33:32.0783 3356 usbhub - ok
15:33:32.0813 3356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:33:32.0815 3356 usbohci - ok
15:33:32.0861 3356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:33:32.0863 3356 usbprint - ok
15:33:32.0905 3356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:33:32.0907 3356 usbscan - ok
15:33:32.0938 3356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:33:32.0941 3356 USBSTOR - ok
15:33:32.0969 3356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:33:32.0971 3356 usbuhci - ok
15:33:33.0007 3356 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:33:33.0011 3356 usbvideo - ok
15:33:33.0031 3356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:33:33.0034 3356 UxSms - ok
15:33:33.0040 3356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:33:33.0042 3356 VaultSvc - ok
15:33:33.0079 3356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:33:33.0080 3356 vdrvroot - ok
15:33:33.0120 3356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:33:33.0131 3356 vds - ok
15:33:33.0186 3356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:33.0188 3356 vga - ok
15:33:33.0209 3356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:33:33.0211 3356 VgaSave - ok
15:33:33.0244 3356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:33:33.0249 3356 vhdmp - ok
15:33:33.0268 3356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:33:33.0270 3356 viaide - ok
15:33:33.0287 3356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:33:33.0289 3356 volmgr - ok
15:33:33.0309 3356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:33:33.0313 3356 volmgrx - ok
15:33:33.0329 3356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:33:33.0332 3356 volsnap - ok
15:33:33.0369 3356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:33:33.0372 3356 vsmraid - ok
15:33:33.0429 3356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:33:33.0464 3356 VSS - ok
15:33:33.0482 3356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:33:33.0483 3356 vwifibus - ok
15:33:33.0505 3356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:33:33.0511 3356 W32Time - ok
15:33:33.0518 3356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:33:33.0520 3356 WacomPen - ok
15:33:33.0566 3356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:33:33.0568 3356 WANARP - ok
15:33:33.0572 3356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:33:33.0573 3356 Wanarpv6 - ok
15:33:33.0612 3356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:33:33.0637 3356 wbengine - ok
15:33:33.0644 3356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:33:33.0648 3356 WbioSrvc - ok
15:33:33.0678 3356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:33:33.0683 3356 wcncsvc - ok
15:33:33.0698 3356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:33:33.0701 3356 WcsPlugInService - ok
15:33:33.0720 3356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:33:33.0722 3356 Wd - ok
15:33:33.0758 3356 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:33:33.0765 3356 Wdf01000 - ok
15:33:33.0774 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:33:33.0777 3356 WdiServiceHost - ok
15:33:33.0781 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:33:33.0783 3356 WdiSystemHost - ok
15:33:33.0820 3356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:33:33.0825 3356 WebClient - ok
15:33:33.0837 3356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:33:33.0842 3356 Wecsvc - ok
15:33:33.0855 3356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:33:33.0857 3356 wercplsupport - ok
15:33:33.0891 3356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:33:33.0894 3356 WerSvc - ok
15:33:33.0903 3356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:33:33.0904 3356 WfpLwf - ok
15:33:33.0918 3356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:33:33.0919 3356 WIMMount - ok
15:33:33.0933 3356 WinDefend - ok
15:33:33.0952 3356 WinHttpAutoProxySvc - ok
15:33:34.0008 3356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:33:34.0013 3356 Winmgmt - ok
15:33:34.0068 3356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:33:34.0103 3356 WinRM - ok
15:33:34.0153 3356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:33:34.0156 3356 WinUsb - ok
15:33:34.0193 3356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:33:34.0205 3356 Wlansvc - ok
15:33:34.0237 3356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:33:34.0237 3356 WmiAcpi - ok
15:33:34.0262 3356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:33:34.0265 3356 wmiApSrv - ok
15:33:34.0310 3356 WMPNetworkSvc - ok
15:33:34.0318 3356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:33:34.0321 3356 WPCSvc - ok
15:33:34.0350 3356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:33:34.0354 3356 WPDBusEnum - ok
15:33:34.0371 3356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:33:34.0372 3356 ws2ifsl - ok
15:33:34.0389 3356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:33:34.0393 3356 wscsvc - ok
15:33:34.0397 3356 WSearch - ok
15:33:34.0484 3356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:33:34.0527 3356 wuauserv - ok
15:33:34.0559 3356 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:33:34.0561 3356 WudfPf - ok
15:33:34.0597 3356 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:34.0600 3356 WUDFRd - ok
15:33:34.0615 3356 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:33:34.0619 3356 wudfsvc - ok
15:33:34.0650 3356 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:33:34.0654 3356 WwanSvc - ok
15:33:34.0672 3356 ================ Scan global ===============================
15:33:34.0694 3356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:33:34.0730 3356 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:33:34.0738 3356 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:33:34.0763 3356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:33:34.0775 3356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:33:34.0780 3356 [Global] - ok
15:33:34.0781 3356 ================ Scan MBR ==================================
15:33:34.0791 3356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:33:34.0952 3356 \Device\Harddisk0\DR0 - ok
15:33:34.0953 3356 ================ Scan VBR ==================================
15:33:34.0956 3356 [ 24AEC5CB50D045B18A3582EC964E331C ] \Device\Harddisk0\DR0\Partition1
15:33:34.0957 3356 \Device\Harddisk0\DR0\Partition1 - ok
15:33:34.0964 3356 [ 8125D7ABB15F64520ED4F5D306FA893A ] \Device\Harddisk0\DR0\Partition2
15:33:34.0966 3356 \Device\Harddisk0\DR0\Partition2 - ok
15:33:34.0984 3356 [ 74F36D1828618BEB103863ACAC4C1AB8 ] \Device\Harddisk0\DR0\Partition3
15:33:34.0985 3356 \Device\Harddisk0\DR0\Partition3 - ok
15:33:34.0986 3356 ============================================================
15:33:34.0986 3356 Scan finished
15:33:34.0986 3356 ============================================================
15:33:34.0997 1356 Detected object count: 0
15:33:34.0997 1356 Actual detected object count: 0

ach so, es wurden offenbar keine verdächtigen Objekte gefunden..no threats found...


Alt 17.06.2013, 14:38   #6
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



bitte tdss killer nach Anleitung konfigurieren und ausführen
__________________
--> Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?

Alt 17.06.2013, 15:26   #7
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



okay, jetzt richtig eingestellt, offenbar wieder ohne Fund:


16:17:24.0677 4172 ============================================================
16:17:24.0678 4172 Scan started
16:17:24.0678 4172 Mode: Manual; SigCheck; TDLFS;
16:17:24.0678 4172 ============================================================
16:17:24.0976 4172 ================ Scan system memory ========================
16:17:24.0976 4172 System memory - ok
16:17:24.0977 4172 ================ Scan services =============================
16:17:25.0073 4172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:17:25.0185 4172 1394ohci - ok
16:17:25.0208 4172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:17:25.0234 4172 ACPI - ok
16:17:25.0250 4172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:17:25.0289 4172 AcpiPmi - ok
16:17:25.0373 4172 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
16:17:25.0445 4172 AdobeActiveFileMonitor8.0 - ok
16:17:25.0538 4172 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:17:25.0639 4172 AdobeFlashPlayerUpdateSvc - ok
16:17:25.0676 4172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:17:25.0718 4172 adp94xx - ok
16:17:25.0746 4172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:17:25.0767 4172 adpahci - ok
16:17:25.0777 4172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:17:25.0798 4172 adpu320 - ok
16:17:25.0823 4172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:17:25.0930 4172 AeLookupSvc - ok
16:17:25.0971 4172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:17:26.0033 4172 AFD - ok
16:17:26.0063 4172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:17:26.0097 4172 agp440 - ok
16:17:26.0128 4172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:17:26.0261 4172 ALG - ok
16:17:26.0279 4172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:17:26.0294 4172 aliide - ok
16:17:26.0300 4172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:17:26.0315 4172 amdide - ok
16:17:26.0338 4172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:17:26.0377 4172 AmdK8 - ok
16:17:26.0398 4172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:17:26.0435 4172 AmdPPM - ok
16:17:26.0458 4172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:17:26.0474 4172 amdsata - ok
16:17:26.0486 4172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:17:26.0507 4172 amdsbs - ok
16:17:26.0523 4172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:17:26.0539 4172 amdxata - ok
16:17:26.0564 4172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:17:26.0651 4172 AppID - ok
16:17:26.0691 4172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:17:26.0764 4172 AppIDSvc - ok
16:17:26.0800 4172 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:17:26.0881 4172 Appinfo - ok
16:17:26.0908 4172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:17:26.0929 4172 arc - ok
16:17:26.0937 4172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:17:26.0955 4172 arcsas - ok
16:17:26.0966 4172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:17:27.0019 4172 AsyncMac - ok
16:17:27.0055 4172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:17:27.0087 4172 atapi - ok
16:17:27.0132 4172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:17:27.0214 4172 AudioEndpointBuilder - ok
16:17:27.0224 4172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:17:27.0271 4172 AudioSrv - ok
16:17:27.0303 4172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:17:27.0403 4172 AxInstSV - ok
16:17:27.0454 4172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:17:27.0506 4172 b06bdrv - ok
16:17:27.0536 4172 [ A375AA8F1549BA51CFBCBD9A4AE0C2D3 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:17:27.0584 4172 b57nd60a - ok
16:17:27.0619 4172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:17:27.0699 4172 BDESVC - ok
16:17:27.0724 4172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:17:27.0809 4172 Beep - ok
16:17:27.0844 4172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:17:27.0936 4172 BFE - ok
16:17:27.0964 4172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:17:28.0049 4172 BITS - ok
16:17:28.0072 4172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:17:28.0105 4172 blbdrive - ok
16:17:28.0136 4172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:17:28.0179 4172 bowser - ok
16:17:28.0208 4172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:17:28.0267 4172 BrFiltLo - ok
16:17:28.0287 4172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:17:28.0310 4172 BrFiltUp - ok
16:17:28.0346 4172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:17:28.0435 4172 Browser - ok
16:17:28.0443 4172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:17:28.0497 4172 Brserid - ok
16:17:28.0502 4172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:17:28.0536 4172 BrSerWdm - ok
16:17:28.0542 4172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:17:28.0592 4172 BrUsbMdm - ok
16:17:28.0596 4172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:17:28.0615 4172 BrUsbSer - ok
16:17:28.0632 4172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:17:28.0681 4172 BTHMODEM - ok
16:17:28.0713 4172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:17:28.0800 4172 bthserv - ok
16:17:28.0833 4172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:17:28.0867 4172 cdfs - ok
16:17:28.0893 4172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:17:28.0927 4172 cdrom - ok
16:17:28.0960 4172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:17:29.0039 4172 CertPropSvc - ok
16:17:29.0056 4172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:17:29.0093 4172 circlass - ok
16:17:29.0125 4172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:17:29.0154 4172 CLFS - ok
16:17:29.0214 4172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:17:29.0293 4172 clr_optimization_v2.0.50727_32 - ok
16:17:29.0325 4172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:17:29.0363 4172 clr_optimization_v2.0.50727_64 - ok
16:17:29.0422 4172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:17:29.0462 4172 clr_optimization_v4.0.30319_32 - ok
16:17:29.0472 4172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:17:29.0528 4172 clr_optimization_v4.0.30319_64 - ok
16:17:29.0548 4172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:17:29.0601 4172 CmBatt - ok
16:17:29.0636 4172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:17:29.0657 4172 cmdide - ok
16:17:29.0708 4172 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:17:29.0747 4172 CNG - ok
16:17:29.0777 4172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:17:29.0792 4172 Compbatt - ok
16:17:29.0805 4172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:17:29.0836 4172 CompositeBus - ok
16:17:29.0840 4172 COMSysApp - ok
16:17:29.0857 4172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:17:29.0873 4172 crcdisk - ok
16:17:29.0930 4172 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:17:29.0972 4172 CryptSvc - ok
16:17:30.0043 4172 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:17:30.0134 4172 cvhsvc - ok
16:17:30.0173 4172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:17:30.0251 4172 DcomLaunch - ok
16:17:30.0285 4172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:17:30.0348 4172 defragsvc - ok
16:17:30.0452 4172 [ D2600494C45B98ADFDAE290205AD7CD3 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
16:17:30.0669 4172 DevoloNetworkService - ok
16:17:30.0700 4172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:17:30.0785 4172 DfsC - ok
16:17:30.0815 4172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:17:30.0914 4172 Dhcp - ok
16:17:30.0946 4172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:17:30.0981 4172 discache - ok
16:17:30.0995 4172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:17:31.0033 4172 Disk - ok
16:17:31.0071 4172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:17:31.0177 4172 Dnscache - ok
16:17:31.0215 4172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:17:31.0287 4172 dot3svc - ok
16:17:31.0324 4172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:17:31.0379 4172 DPS - ok
16:17:31.0410 4172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:17:31.0445 4172 drmkaud - ok
16:17:31.0490 4172 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:17:31.0538 4172 DXGKrnl - ok
16:17:31.0562 4172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:17:31.0622 4172 EapHost - ok
16:17:31.0682 4172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:17:31.0741 4172 ebdrv - ok
16:17:31.0791 4172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:17:31.0862 4172 EFS - ok
16:17:31.0925 4172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:17:32.0008 4172 ehRecvr - ok
16:17:32.0041 4172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:17:32.0163 4172 ehSched - ok
16:17:32.0261 4172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:17:32.0314 4172 elxstor - ok
16:17:32.0346 4172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:17:32.0381 4172 ErrDev - ok
16:17:32.0432 4172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:17:32.0551 4172 EventSystem - ok
16:17:32.0573 4172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:17:32.0623 4172 exfat - ok
16:17:32.0642 4172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:17:32.0695 4172 fastfat - ok
16:17:32.0732 4172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:17:32.0857 4172 Fax - ok
16:17:32.0885 4172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:17:32.0902 4172 fdc - ok
16:17:32.0946 4172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:17:33.0021 4172 fdPHost - ok
16:17:33.0040 4172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:17:33.0093 4172 FDResPub - ok
16:17:33.0113 4172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:17:33.0131 4172 FileInfo - ok
16:17:33.0142 4172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:17:33.0200 4172 Filetrace - ok
16:17:33.0247 4172 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:17:33.0384 4172 FLEXnet Licensing Service - ok
16:17:33.0407 4172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:17:33.0434 4172 flpydisk - ok
16:17:33.0470 4172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:17:33.0493 4172 FltMgr - ok
16:17:33.0539 4172 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:17:33.0605 4172 FontCache - ok
16:17:33.0651 4172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:17:33.0667 4172 FontCache3.0.0.0 - ok
16:17:33.0688 4172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:17:33.0736 4172 FsDepends - ok
16:17:33.0767 4172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:17:33.0783 4172 Fs_Rec - ok
16:17:33.0816 4172 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:17:33.0839 4172 fvevol - ok
16:17:33.0857 4172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:17:33.0874 4172 gagp30kx - ok
16:17:33.0943 4172 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
16:17:34.0044 4172 GameConsoleService - ok
16:17:34.0069 4172 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
16:17:34.0087 4172 ggflt - ok
16:17:34.0106 4172 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
16:17:34.0129 4172 ggsemc - ok
16:17:34.0167 4172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:17:34.0235 4172 gpsvc - ok
16:17:34.0285 4172 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
16:17:34.0325 4172 GREGService - ok
16:17:34.0350 4172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:17:34.0405 4172 hcw85cir - ok
16:17:34.0439 4172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:17:34.0487 4172 HdAudAddService - ok
16:17:34.0509 4172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:17:34.0558 4172 HDAudBus - ok
16:17:34.0575 4172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:17:34.0609 4172 HidBatt - ok
16:17:34.0627 4172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:17:34.0669 4172 HidBth - ok
16:17:34.0693 4172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:17:34.0730 4172 HidIr - ok
16:17:34.0763 4172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:17:34.0844 4172 hidserv - ok
16:17:34.0873 4172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:17:34.0908 4172 HidUsb - ok
16:17:34.0929 4172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:17:34.0988 4172 hkmsvc - ok
16:17:35.0023 4172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:17:35.0082 4172 HomeGroupListener - ok
16:17:35.0112 4172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:17:35.0159 4172 HomeGroupProvider - ok
16:17:35.0184 4172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:17:35.0200 4172 HpSAMD - ok
16:17:35.0237 4172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:17:35.0307 4172 HTTP - ok
16:17:35.0335 4172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:17:35.0350 4172 hwpolicy - ok
16:17:35.0362 4172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:17:35.0395 4172 i8042prt - ok
16:17:35.0427 4172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:17:35.0467 4172 iaStorV - ok
16:17:35.0512 4172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:17:35.0554 4172 idsvc - ok
16:17:35.0675 4172 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:17:35.0844 4172 igfx - ok
16:17:35.0866 4172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:17:35.0882 4172 iirsp - ok
16:17:35.0921 4172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:17:35.0991 4172 IKEEXT - ok
16:17:36.0051 4172 [ 52D9171838BB92319F23656F502916E9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:17:36.0092 4172 IntcAzAudAddService - ok
16:17:36.0129 4172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:17:36.0144 4172 intelide - ok
16:17:36.0163 4172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:17:36.0180 4172 intelppm - ok
16:17:36.0206 4172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:17:36.0277 4172 IPBusEnum - ok
16:17:36.0312 4172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:17:36.0374 4172 IpFilterDriver - ok
16:17:36.0413 4172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:17:36.0508 4172 iphlpsvc - ok
16:17:36.0536 4172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:17:36.0565 4172 IPMIDRV - ok
16:17:36.0605 4172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:17:36.0642 4172 IPNAT - ok
16:17:36.0661 4172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:17:36.0747 4172 IRENUM - ok
16:17:36.0787 4172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:17:36.0806 4172 isapnp - ok
16:17:36.0838 4172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:17:36.0864 4172 iScsiPrt - ok
16:17:36.0883 4172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:17:36.0903 4172 kbdclass - ok
16:17:36.0916 4172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:17:36.0948 4172 kbdhid - ok
16:17:36.0977 4172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:17:36.0998 4172 KeyIso - ok
16:17:37.0028 4172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:17:37.0049 4172 KSecDD - ok
16:17:37.0077 4172 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:17:37.0100 4172 KSecPkg - ok
16:17:37.0125 4172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:17:37.0191 4172 ksthunk - ok
16:17:37.0218 4172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:17:37.0283 4172 KtmRm - ok
16:17:37.0320 4172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:17:37.0423 4172 LanmanServer - ok
16:17:37.0457 4172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:17:37.0512 4172 LanmanWorkstation - ok
16:17:37.0536 4172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:17:37.0588 4172 lltdio - ok
16:17:37.0619 4172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:17:37.0682 4172 lltdsvc - ok
16:17:37.0699 4172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:17:37.0740 4172 lmhosts - ok
16:17:37.0758 4172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:17:37.0774 4172 LSI_FC - ok
16:17:37.0796 4172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:17:37.0813 4172 LSI_SAS - ok
16:17:37.0818 4172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:17:37.0834 4172 LSI_SAS2 - ok
16:17:37.0849 4172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:17:37.0866 4172 LSI_SCSI - ok
16:17:37.0878 4172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:17:37.0931 4172 luafv - ok
16:17:37.0971 4172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:17:38.0038 4172 Mcx2Svc - ok
16:17:38.0056 4172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:17:38.0085 4172 megasas - ok
16:17:38.0108 4172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:17:38.0133 4172 MegaSR - ok
16:17:38.0154 4172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:17:38.0207 4172 MMCSS - ok
16:17:38.0225 4172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:17:38.0300 4172 Modem - ok
16:17:38.0338 4172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:17:38.0402 4172 monitor - ok
16:17:38.0434 4172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:17:38.0474 4172 mouclass - ok
16:17:38.0498 4172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:17:38.0554 4172 mouhid - ok
16:17:38.0589 4172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:17:38.0630 4172 mountmgr - ok
16:17:38.0698 4172 [ BA7BC321BFEF85B525A9417693B1FF09 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:17:38.0772 4172 MozillaMaintenance - ok
16:17:38.0804 4172 [ E6BA8E5A4A871899E23D64573EF58EE9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:17:38.0845 4172 MpFilter - ok
16:17:38.0865 4172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:17:38.0883 4172 mpio - ok
16:17:38.0897 4172 [ 98B09A4F2C462441030B83A80A3F6FB3 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
16:17:38.0915 4172 MpNWMon - ok
16:17:38.0955 4172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:17:39.0002 4172 mpsdrv - ok
16:17:39.0045 4172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:17:39.0113 4172 MpsSvc - ok
16:17:39.0141 4172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:17:39.0180 4172 MRxDAV - ok
16:17:39.0211 4172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:17:39.0231 4172 mrxsmb - ok
16:17:39.0269 4172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:17:39.0343 4172 mrxsmb10 - ok
16:17:39.0368 4172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:17:39.0420 4172 mrxsmb20 - ok
16:17:39.0451 4172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:17:39.0469 4172 msahci - ok
16:17:39.0498 4172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:17:39.0521 4172 msdsm - ok
16:17:39.0538 4172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:17:39.0582 4172 MSDTC - ok
16:17:39.0621 4172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:17:39.0689 4172 Msfs - ok
16:17:39.0700 4172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:17:39.0748 4172 mshidkmdf - ok
16:17:39.0765 4172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:17:39.0780 4172 msisadrv - ok
16:17:39.0800 4172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:17:39.0863 4172 MSiSCSI - ok
16:17:39.0867 4172 msiserver - ok
16:17:39.0886 4172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:17:39.0933 4172 MSKSSRV - ok
16:17:40.0000 4172 [ 64E69A217D861776CA848B453FB96D71 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:17:40.0036 4172 MsMpSvc - ok
16:17:40.0043 4172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:17:40.0111 4172 MSPCLOCK - ok
16:17:40.0124 4172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:17:40.0175 4172 MSPQM - ok
16:17:40.0207 4172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:17:40.0231 4172 MsRPC - ok
16:17:40.0264 4172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:17:40.0281 4172 mssmbios - ok
16:17:40.0292 4172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:17:40.0324 4172 MSTEE - ok
16:17:40.0329 4172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:17:40.0356 4172 MTConfig - ok
16:17:40.0375 4172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:17:40.0412 4172 Mup - ok
16:17:40.0445 4172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:17:40.0502 4172 napagent - ok
16:17:40.0526 4172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:17:40.0570 4172 NativeWifiP - ok
16:17:40.0608 4172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:17:40.0644 4172 NDIS - ok
16:17:40.0657 4172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:17:40.0692 4172 NdisCap - ok
16:17:40.0708 4172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:17:40.0781 4172 NdisTapi - ok
16:17:40.0806 4172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:17:40.0872 4172 Ndisuio - ok
16:17:40.0907 4172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:17:40.0991 4172 NdisWan - ok
16:17:41.0018 4172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:17:41.0104 4172 NDProxy - ok
16:17:41.0179 4172 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:17:41.0323 4172 Nero BackItUp Scheduler 4.0 - ok
16:17:41.0353 4172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:17:41.0421 4172 NetBIOS - ok
16:17:41.0461 4172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:17:41.0555 4172 NetBT - ok
16:17:41.0580 4172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:17:41.0616 4172 Netlogon - ok
16:17:41.0649 4172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:17:41.0711 4172 Netman - ok
16:17:41.0737 4172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:17:41.0801 4172 netprofm - ok
16:17:41.0836 4172 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:17:41.0859 4172 NetTcpPortSharing - ok
16:17:41.0888 4172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:17:41.0904 4172 nfrd960 - ok
16:17:41.0924 4172 [ 3713E8452B88D3E0BE095E06B6FBC776 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:17:41.0941 4172 NisDrv - ok
16:17:41.0974 4172 [ C67E39D2968400B38F54A10822E6EACF ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:17:42.0005 4172 NisSrv - ok
16:17:42.0035 4172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:17:42.0081 4172 NlaSvc - ok
16:17:42.0096 4172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:17:42.0147 4172 Npfs - ok
16:17:42.0208 4172 [ 49697C2C761ACB5C0DE99CC8FE93E95B ] NPF_devolo C:\Windows\sysWOW64\drivers\npf_devolo.sys
16:17:42.0227 4172 NPF_devolo - ok
16:17:42.0254 4172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:17:42.0295 4172 nsi - ok
16:17:42.0312 4172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:17:42.0345 4172 nsiproxy - ok
16:17:42.0403 4172 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:17:42.0466 4172 Ntfs - ok
16:17:42.0483 4172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:17:42.0528 4172 Null - ok
16:17:42.0564 4172 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:17:42.0606 4172 NVHDA - ok
16:17:42.0796 4172 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:17:42.0943 4172 nvlddmkm - ok
16:17:42.0973 4172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:17:42.0992 4172 nvraid - ok
16:17:43.0012 4172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:17:43.0030 4172 nvstor - ok
16:17:43.0057 4172 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:17:43.0173 4172 nvsvc - ok
16:17:43.0241 4172 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:17:43.0327 4172 nvUpdatusService - ok
16:17:43.0367 4172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:17:43.0388 4172 nv_agp - ok
16:17:43.0405 4172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:17:43.0436 4172 ohci1394 - ok
16:17:43.0480 4172 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:17:43.0546 4172 ose - ok
16:17:43.0670 4172 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:17:43.0927 4172 osppsvc - ok
16:17:43.0967 4172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:17:44.0061 4172 p2pimsvc - ok
16:17:44.0080 4172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:17:44.0111 4172 p2psvc - ok
16:17:44.0131 4172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:17:44.0150 4172 Parport - ok
16:17:44.0174 4172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:17:44.0212 4172 partmgr - ok
16:17:44.0237 4172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:17:44.0279 4172 PcaSvc - ok
16:17:44.0316 4172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:17:44.0336 4172 pci - ok
16:17:44.0351 4172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:17:44.0366 4172 pciide - ok
16:17:44.0378 4172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:17:44.0398 4172 pcmcia - ok
16:17:44.0410 4172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:17:44.0427 4172 pcw - ok
16:17:44.0449 4172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:17:44.0502 4172 PEAUTH - ok
16:17:44.0531 4172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:17:44.0616 4172 PerfHost - ok
16:17:44.0668 4172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:17:44.0747 4172 pla - ok
16:17:44.0780 4172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:17:44.0873 4172 PlugPlay - ok
16:17:44.0899 4172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:17:44.0945 4172 PNRPAutoReg - ok
16:17:44.0966 4172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:17:45.0002 4172 PNRPsvc - ok
16:17:45.0033 4172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:17:45.0096 4172 PolicyAgent - ok
16:17:45.0133 4172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:17:45.0197 4172 Power - ok
16:17:45.0224 4172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:17:45.0292 4172 PptpMiniport - ok
16:17:45.0316 4172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:17:45.0333 4172 Processor - ok
16:17:45.0360 4172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:17:45.0427 4172 ProfSvc - ok
16:17:45.0443 4172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:17:45.0464 4172 ProtectedStorage - ok
16:17:45.0493 4172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:17:45.0542 4172 Psched - ok
16:17:45.0568 4172 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:17:45.0585 4172 PxHlpa64 - ok
16:17:45.0624 4172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:17:45.0661 4172 ql2300 - ok
16:17:45.0668 4172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:17:45.0701 4172 ql40xx - ok
16:17:45.0729 4172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:17:45.0777 4172 QWAVE - ok
16:17:45.0801 4172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:17:45.0835 4172 QWAVEdrv - ok
16:17:45.0853 4172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:17:45.0903 4172 RasAcd - ok
16:17:45.0938 4172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:17:45.0991 4172 RasAgileVpn - ok
16:17:46.0015 4172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:17:46.0060 4172 RasAuto - ok
16:17:46.0091 4172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:17:46.0175 4172 Rasl2tp - ok
16:17:46.0215 4172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:17:46.0277 4172 RasMan - ok
16:17:46.0303 4172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:17:46.0380 4172 RasPppoe - ok
16:17:46.0403 4172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:17:46.0453 4172 RasSstp - ok
16:17:46.0479 4172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:17:46.0531 4172 rdbss - ok
16:17:46.0551 4172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:17:46.0588 4172 rdpbus - ok
16:17:46.0606 4172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:17:46.0639 4172 RDPCDD - ok
16:17:46.0648 4172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:17:46.0698 4172 RDPENCDD - ok
16:17:46.0716 4172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:17:46.0782 4172 RDPREFMP - ok
16:17:46.0830 4172 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:17:46.0887 4172 RdpVideoMiniport - ok
16:17:46.0917 4172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:17:46.0976 4172 RDPWD - ok
16:17:47.0008 4172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:17:47.0037 4172 rdyboost - ok
16:17:47.0060 4172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:17:47.0114 4172 RemoteAccess - ok
16:17:47.0136 4172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:17:47.0197 4172 RemoteRegistry - ok
16:17:47.0219 4172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:17:47.0289 4172 RpcEptMapper - ok
16:17:47.0312 4172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:17:47.0377 4172 RpcLocator - ok
16:17:47.0414 4172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:17:47.0469 4172 RpcSs - ok
16:17:47.0495 4172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:17:47.0530 4172 rspndr - ok
16:17:47.0541 4172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:17:47.0562 4172 SamSs - ok
16:17:47.0591 4172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:17:47.0609 4172 sbp2port - ok
16:17:47.0657 4172 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:17:48.0379 4172 SBSDWSCService - ok
16:17:48.0409 4172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:17:48.0470 4172 SCardSvr - ok
16:17:48.0505 4172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:17:48.0582 4172 scfilter - ok
16:17:48.0633 4172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:17:48.0745 4172 Schedule - ok
16:17:48.0780 4172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:17:48.0823 4172 SCPolicySvc - ok
16:17:48.0835 4172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:17:48.0879 4172 SDRSVC - ok
16:17:48.0898 4172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:17:48.0949 4172 secdrv - ok
16:17:48.0966 4172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:17:49.0038 4172 seclogon - ok
16:17:49.0068 4172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:17:49.0150 4172 SENS - ok
16:17:49.0170 4172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:17:49.0207 4172 SensrSvc - ok
16:17:49.0214 4172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:17:49.0230 4172 Serenum - ok
16:17:49.0246 4172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:17:49.0264 4172 Serial - ok
16:17:49.0279 4172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:17:49.0313 4172 sermouse - ok
16:17:49.0354 4172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:17:49.0412 4172 SessionEnv - ok
16:17:49.0442 4172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:17:49.0484 4172 sffdisk - ok
16:17:49.0491 4172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:17:49.0521 4172 sffp_mmc - ok
16:17:49.0537 4172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:17:49.0567 4172 sffp_sd - ok
16:17:49.0591 4172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:17:49.0622 4172 sfloppy - ok
16:17:49.0656 4172 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:17:49.0682 4172 Sftfs - ok
16:17:49.0721 4172 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:17:49.0835 4172 sftlist - ok
16:17:49.0855 4172 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:17:49.0878 4172 Sftplay - ok
16:17:49.0891 4172 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:17:49.0906 4172 Sftredir - ok
16:17:49.0913 4172 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:17:49.0929 4172 Sftvol - ok
16:17:49.0942 4172 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:17:50.0070 4172 sftvsa - ok
16:17:50.0106 4172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:17:50.0185 4172 SharedAccess - ok
16:17:50.0208 4172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:17:50.0272 4172 ShellHWDetection - ok
16:17:50.0297 4172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:17:50.0313 4172 SiSRaid2 - ok
16:17:50.0324 4172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:17:50.0341 4172 SiSRaid4 - ok
16:17:50.0507 4172 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:17:50.0662 4172 Skype C2C Service - ok
16:17:50.0715 4172 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:17:50.0826 4172 SkypeUpdate - ok
16:17:50.0856 4172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:17:50.0893 4172 Smb - ok
16:17:50.0919 4172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:17:50.0970 4172 SNMPTRAP - ok
16:17:50.0988 4172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:17:51.0004 4172 spldr - ok
16:17:51.0040 4172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:17:51.0112 4172 Spooler - ok
16:17:51.0181 4172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:17:51.0281 4172 sppsvc - ok
16:17:51.0316 4172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:17:51.0392 4172 sppuinotify - ok
16:17:51.0429 4172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:17:51.0472 4172 srv - ok
16:17:51.0493 4172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:17:51.0528 4172 srv2 - ok
16:17:51.0550 4172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:17:51.0613 4172 srvnet - ok
16:17:51.0651 4172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:17:51.0720 4172 SSDPSRV - ok
16:17:51.0740 4172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:17:51.0783 4172 SstpSvc - ok
16:17:51.0818 4172 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:17:53.0140 4172 Stereo Service - ok
16:17:53.0174 4172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:17:53.0191 4172 stexstor - ok
16:17:53.0224 4172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:17:53.0275 4172 stisvc - ok
16:17:53.0305 4172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:17:53.0321 4172 swenum - ok
16:17:53.0348 4172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:17:53.0419 4172 swprv - ok
16:17:53.0476 4172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:17:53.0535 4172 SysMain - ok
16:17:53.0569 4172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:17:53.0599 4172 TabletInputService - ok
16:17:53.0610 4172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:17:53.0680 4172 TapiSrv - ok
16:17:53.0709 4172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:17:53.0767 4172 TBS - ok
16:17:53.0808 4172 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:17:53.0855 4172 Tcpip - ok
16:17:53.0891 4172 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:17:53.0939 4172 TCPIP6 - ok
16:17:53.0973 4172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:17:54.0013 4172 tcpipreg - ok
16:17:54.0042 4172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:17:54.0096 4172 TDPIPE - ok
16:17:54.0129 4172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:17:54.0177 4172 TDTCP - ok
16:17:54.0210 4172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:17:54.0274 4172 tdx - ok
16:17:54.0292 4172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:17:54.0313 4172 TermDD - ok
16:17:54.0333 4172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:17:54.0394 4172 TermService - ok
16:17:54.0423 4172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:17:54.0467 4172 Themes - ok
16:17:54.0495 4172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:17:54.0535 4172 THREADORDER - ok
16:17:54.0551 4172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:17:54.0608 4172 TrkWks - ok
16:17:54.0664 4172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:17:54.0744 4172 TrustedInstaller - ok
16:17:54.0775 4172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:17:54.0823 4172 tssecsrv - ok
16:17:54.0852 4172 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:17:54.0910 4172 TsUsbFlt - ok
16:17:54.0952 4172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:17:54.0988 4172 tunnel - ok
16:17:55.0014 4172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:17:55.0031 4172 uagp35 - ok
16:17:55.0065 4172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:17:55.0113 4172 udfs - ok
16:17:55.0141 4172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:17:55.0179 4172 UI0Detect - ok
16:17:55.0194 4172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:17:55.0211 4172 uliagpkx - ok
16:17:55.0238 4172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:17:55.0272 4172 umbus - ok
16:17:55.0303 4172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:17:55.0353 4172 UmPass - ok
16:17:55.0399 4172 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
16:17:55.0511 4172 Updater Service - ok
16:17:55.0549 4172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:17:55.0595 4172 upnphost - ok
16:17:55.0628 4172 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:17:55.0651 4172 usbaudio - ok
16:17:55.0683 4172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:17:55.0726 4172 usbccgp - ok
16:17:55.0757 4172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:17:55.0778 4172 usbcir - ok
16:17:55.0804 4172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:17:55.0842 4172 usbehci - ok
16:17:55.0879 4172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:17:55.0920 4172 usbhub - ok
16:17:55.0950 4172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:17:55.0995 4172 usbohci - ok
16:17:56.0031 4172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:17:56.0073 4172 usbprint - ok
16:17:56.0099 4172 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:17:56.0125 4172 usbscan - ok
16:17:56.0158 4172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:17:56.0219 4172 USBSTOR - ok
16:17:56.0247 4172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:17:56.0266 4172 usbuhci - ok
16:17:56.0302 4172 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:17:56.0363 4172 usbvideo - ok
16:17:56.0392 4172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:17:56.0460 4172 UxSms - ok
16:17:56.0464 4172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:17:56.0486 4172 VaultSvc - ok
16:17:56.0516 4172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:17:56.0532 4172 vdrvroot - ok
16:17:56.0571 4172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:17:56.0670 4172 vds - ok
16:17:56.0706 4172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:17:56.0723 4172 vga - ok
16:17:56.0737 4172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:17:56.0802 4172 VgaSave - ok
16:17:56.0830 4172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:17:56.0851 4172 vhdmp - ok
16:17:56.0879 4172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:17:56.0894 4172 viaide - ok
16:17:56.0906 4172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:17:56.0924 4172 volmgr - ok
16:17:56.0961 4172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:17:56.0985 4172 volmgrx - ok
16:17:56.0998 4172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:17:57.0019 4172 volsnap - ok
16:17:57.0046 4172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:17:57.0065 4172 vsmraid - ok
16:17:57.0117 4172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:17:57.0211 4172 VSS - ok
16:17:57.0235 4172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:17:57.0266 4172 vwifibus - ok
16:17:57.0299 4172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:17:57.0365 4172 W32Time - ok
16:17:57.0388 4172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:17:57.0405 4172 WacomPen - ok
16:17:57.0435 4172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:17:57.0484 4172 WANARP - ok
16:17:57.0488 4172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:17:57.0525 4172 Wanarpv6 - ok
16:17:57.0588 4172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:17:57.0685 4172 wbengine - ok
16:17:57.0720 4172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:17:57.0751 4172 WbioSrvc - ok
16:17:57.0780 4172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:17:57.0825 4172 wcncsvc - ok
16:17:57.0842 4172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:17:57.0878 4172 WcsPlugInService - ok
16:17:57.0898 4172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:17:57.0914 4172 Wd - ok
16:17:57.0951 4172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:17:57.0980 4172 Wdf01000 - ok
16:17:57.0993 4172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:17:58.0061 4172 WdiServiceHost - ok
16:17:58.0065 4172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:17:58.0097 4172 WdiSystemHost - ok
16:17:58.0131 4172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:17:58.0179 4172 WebClient - ok
16:17:58.0206 4172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:17:58.0252 4172 Wecsvc - ok
16:17:58.0257 4172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:17:58.0302 4172 wercplsupport - ok
16:17:58.0310 4172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:17:58.0367 4172 WerSvc - ok
16:17:58.0397 4172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:17:58.0441 4172 WfpLwf - ok
16:17:58.0461 4172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:17:58.0477 4172 WIMMount - ok
16:17:58.0493 4172 WinDefend - ok
16:17:58.0498 4172 WinHttpAutoProxySvc - ok
16:17:58.0542 4172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:17:58.0618 4172 Winmgmt - ok
16:17:58.0667 4172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:17:58.0749 4172 WinRM - ok
16:17:58.0772 4172 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:17:58.0800 4172 WinUsb - ok
16:17:58.0844 4172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:17:58.0883 4172 Wlansvc - ok
16:17:58.0913 4172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:17:58.0929 4172 WmiAcpi - ok
16:17:58.0955 4172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:17:59.0000 4172 wmiApSrv - ok
16:17:59.0028 4172 WMPNetworkSvc - ok
16:17:59.0044 4172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:17:59.0079 4172 WPCSvc - ok
16:17:59.0109 4172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:17:59.0138 4172 WPDBusEnum - ok
16:17:59.0158 4172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:17:59.0208 4172 ws2ifsl - ok
16:17:59.0232 4172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:17:59.0282 4172 wscsvc - ok
16:17:59.0285 4172 WSearch - ok
16:17:59.0371 4172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:17:59.0469 4172 wuauserv - ok
16:17:59.0503 4172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:17:59.0577 4172 WudfPf - ok
16:17:59.0591 4172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:17:59.0616 4172 WUDFRd - ok
16:17:59.0626 4172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:17:59.0670 4172 wudfsvc - ok
16:17:59.0702 4172 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:17:59.0745 4172 WwanSvc - ok
16:17:59.0757 4172 ================ Scan global ===============================
16:17:59.0779 4172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:17:59.0815 4172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:17:59.0821 4172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:17:59.0849 4172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:17:59.0860 4172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:17:59.0863 4172 [Global] - ok
16:17:59.0863 4172 ================ Scan MBR ==================================
16:17:59.0876 4172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:18:00.0091 4172 \Device\Harddisk0\DR0 - ok
16:18:00.0092 4172 ================ Scan VBR ==================================
16:18:00.0096 4172 [ 24AEC5CB50D045B18A3582EC964E331C ] \Device\Harddisk0\DR0\Partition1
16:18:00.0098 4172 \Device\Harddisk0\DR0\Partition1 - ok
16:18:00.0116 4172 [ 8125D7ABB15F64520ED4F5D306FA893A ] \Device\Harddisk0\DR0\Partition2
16:18:00.0118 4172 \Device\Harddisk0\DR0\Partition2 - ok
16:18:00.0144 4172 [ 74F36D1828618BEB103863ACAC4C1AB8 ] \Device\Harddisk0\DR0\Partition3
16:18:00.0147 4172 \Device\Harddisk0\DR0\Partition3 - ok
16:18:00.0147 4172 ============================================================
16:18:00.0147 4172 Scan finished
16:18:00.0147 4172 ============================================================
16:18:00.0163 4300 Detected object count: 0
16:18:00.0164 4300 Actual detected object count: 0

Alt 18.06.2013, 15:19   #8
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.06.2013, 18:22   #9
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



ich war auch im Urlaub...ich bekomme Microsoft Securuty Essentials nicht ausgestellt...wenn ich Combofix ausführe, erscheint die Anzeige: "es wurde versucht, einem Registrierungsschlüssekl einen unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde"..
drücke ich da dann auf "OK", bleibt MES grün, in action...

mit Neustart habe ich MES deaktivieren können..

jetzt zeigt mir Combofix nach dem Durchlauf an:

"Du kannst Combofix nicht in Combofix(1) umbennen.
Bitte nutze einen anderen Namen. Vorzugsweise aus alphanumerischen Zeichen bestehend..."

ein Combofix-Logfile finde ich auch nicht.

okay...jetzt gehts, mit Combofix-Link rechts anklicken und aufm Desktop speichern,

hier kommt das Ergebnis (ich musste wiederum neu starten, weil die Explorer nach dem Durchgang mit Combofix nicht mehr aufgemacht werden konnten, wegen "Veränderung am Registrierungssclüssel, der zum Löschen markiert war" o.s.ä.).

also..
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-30.01 - Kai Adler 30.06.2013  19:39:49.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2525 [GMT 2:00]
ausgeführt von:: c:\users\Kai Adler\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kai Adler\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\users\KAIADL~1\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-30  ))))))))))))))))))))))))))))))
.
.
2013-06-30 16:38 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0524AAED-B50E-496F-A5A2-4D52AD53CE7D}\mpengine.dll
2013-06-15 19:20 . 2013-06-08 14:08	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 19:04 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-15 19:04 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-15 19:04 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-15 19:04 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-15 19:03 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-15 19:03 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-15 19:03 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-15 19:03 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-15 19:03 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-15 19:03 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-15 19:03 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-15 19:03 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-15 19:03 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-15 19:03 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-15 19:03 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-15 18:21 . 2013-06-15 18:21	--------	d-----w-	c:\users\Kai Adler\AppData\Roaming\Malwarebytes
2013-06-15 18:21 . 2013-06-15 18:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-15 18:21 . 2013-06-15 18:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-15 18:20 . 2013-06-15 18:20	--------	d-----w-	c:\users\Kai Adler\AppData\Local\Programs
2013-06-14 19:27 . 2013-06-14 19:28	--------	d-----w-	c:\users\Kai Adler\AppData\Local\Google
2013-06-14 19:27 . 2013-06-14 19:27	--------	d-----w-	c:\users\Kai Adler\AppData\Roaming\SUPERAntiSpyware.com
2013-06-14 19:27 . 2013-06-14 19:28	--------	d-----w-	c:\program files (x86)\Google
2013-06-14 19:26 . 2013-06-15 18:52	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-14 19:26 . 2013-06-14 19:26	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-06-12 08:08 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 08:08 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 08:08 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 08:08 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-01 16:05 . 2013-06-01 16:05	--------	d-----w-	c:\users\Kai Adler\.swt
2013-06-01 16:03 . 2013-06-15 18:49	--------	d-----w-	C:\Flashtool
2013-06-01 09:58 . 2013-06-01 09:58	--------	d-----w-	c:\programdata\Sony
2013-06-01 09:58 . 2013-06-01 09:58	--------	d-----w-	c:\program files (x86)\Sony
2013-05-31 18:38 . 2013-06-15 18:44	--------	d-----w-	c:\program files (x86)\Sony Mobile
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-16 08:29 . 2012-04-08 16:48	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 08:29 . 2011-07-20 17:52	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 19:22 . 2011-01-08 15:13	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 03:08 . 2012-11-06 08:48	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 17:20 . 2013-05-31 17:20	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2013-05-31 17:20 . 2013-05-31 17:20	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2013-05-31 17:20 . 2013-05-31 17:20	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2013-05-02 15:29 . 2011-01-07 13:41	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 07:36	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 07:36	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 07:36	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 07:36	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 07:36	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:36	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 07:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 07:36	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 07:36	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 07:36	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-05-04 10:05	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 17:29 . 2012-09-10 18:19	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-04-02 17:29 . 2011-07-31 08:53	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
t@x aktuell.lnk - c:\program files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe [2013-3-31 542800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 08:29]
.
2013-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Kai Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kai Adler\AppData\Roaming\Mozilla\Firefox\Profiles\o5j8apcs.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN52606543843611294&UM=&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-15 20:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-15 20:49; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-06-15 20:49; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-30  19:50:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-30 17:50
.
Vor Suchlauf: 11 Verzeichnis(se), 148.202.307.584 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 147.931.906.048 Bytes frei
.
- - End Of File - - 36C43EB69973D58422630E47C03EDD60
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Alt 02.07.2013, 16:53   #10
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hallo Markus,

ich schätze, du hast viel zu tun....dennoch, die Frage: wie geht es weiter? wie weit sind wir von der Entfernung dieses Trojaners entfernt?

ich habe hier in einem anderen aktuellen Thread mit "schrauber" gesehen, dass dieser Virus besiegbar ist...Unser PC tut sich weiter schwer, wirkt langsam.. hängt sich gelegentlich auf, Antispybot findet den Virus immer noch...das macht mir Sorgen..

Alt 04.07.2013, 14:08   #11
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



poste alle bisher erstellten Malwarebytes Logs mit Funden:
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 20:52   #12
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hallo,l

ich muss leider gestehe, dass ich Antimalwarebytes erst seit kurzem auf dem PC habe, viel zu spät wohl..und es zwiscxhen unseren Durchläufen auch nicht regelmäßig benutzt habe, alldieweil..

den ursprünglichen Viren-Fund hatte mein "Spybot Search & Destroy"..und hat ihn immer noch..da finde ich allerdings die von dir gewünschten Files nicht..

hier die letzten 3 Ergebnisse von Antimalwarebytes, erstaunlicherweise offenbar ohne Fund...
ich versuchs mal mit dem Code-Befehl, weiß nicht, ob das hinhaut..ist für dich ja wohl einfacher..(?)

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Kai Adler :: KAIADLER-PC [Administrator]

Schutz: Aktiviert

03.07.2013 09:26:50
mbam-log-2013-07-03 (09-26-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241759
Laufzeit: 4 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-----------------------
EIN TAG ZUVOR
----------------------------------

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Kai Adler :: KAIADLER-PC [Administrator]

Schutz: Aktiviert

02.07.2013 17:45:07
mbam-log-2013-07-02 (17-45-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440368
Laufzeit: 2 Stunde(n), 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

----------------------------------
UND ICH HABE NOCH EINEN FILE VOM 15.6.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Kai Adler :: KAIADLER-PC [Administrator]

15.06.2013 20:22:07
mbam-log-2013-06-15 (20-22-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234600
Laufzeit: 4 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
------------------------

Bringt uns das weiter?

der komplette aktuelle Bericht (mit Fund..) von Spybot Search & Destroy ist so lang, dass ich ihn hier nicht reinhängen kann...

Alt 08.07.2013, 12:40   #13
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



Hi
ichhabe nicht nach den letzten 3 Scans, sondern nach Scanlogs mit funden gefragt.
bitte posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 13:09   #14
Mark E. Smit
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



..das hatte ich verstanden.

Wie schon geschrieben, Malwarebytes hatte und hat diesen Virus nicht gefunden, daher kann ich keinen solchen Fund-Log schicken.

Angezeigt wurde und wird dieser Virus von Antyspybot Search und Destroy (und zwar nur von dem Programm, auch nicht vom MES).

Und da ist der "aktuelle Bericht" (Log), wohl mit dem Fund, so lang, dass er nicht in die Mail passt....
oder geht das als Code besser?

Alt 08.07.2013, 13:11   #15
markusg
/// Malware-holic
 
Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Standard

Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?



das spybot den fund hatte weis ich nicht, noch mal die klare Frage, hatte Malwarebytes in keinem der Logs funde? falls doch, poste die Logs wo es Funde gab.
Falls nein:

lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?
angeblich, computer, diverse, essen, gefährlich, griff, interne, internet, kriege, malware, markiert, microsoft, möglichkeit, neustart, nichts, offene, problem, reagiert, recht, scan, schei, spybot, suche, tool, win



Ähnliche Themen: Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?


  1. Win32.Downloader.gen
    Plagegeister aller Art und deren Bekämpfung - 01.05.2015 (25)
  2. Win32.Downloader.gen
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (23)
  3. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  4. Win32.Downloader.gen
    Log-Analyse und Auswertung - 30.09.2013 (12)
  5. "File is encrypted ..." - Offenbar Virus/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (15)
  6. Win32.downloader.gen
    Log-Analyse und Auswertung - 15.08.2013 (3)
  7. Win32.Downloader.gen und Win32.Muollo
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (11)
  8. Win32.Downloader.gen in C:\END
    Log-Analyse und Auswertung - 10.06.2013 (15)
  9. Win32.Downloader.gen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  10. Delta-Search durch J-Downloader eingefangen
    Log-Analyse und Auswertung - 20.05.2013 (8)
  11. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  12. E-mail bekommen: Virus eingefangen und jetzt sind alle meiner Daten umgeändert kriege die nicht auf!
    Log-Analyse und Auswertung - 06.06.2012 (4)
  13. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  14. TR/dropper.gen eingefangen, offenbar Virenangriff aktiviert - bin total ratlos!!!
    Plagegeister aller Art und deren Bekämpfung - 21.12.2009 (1)
  15. Virus.Win32.ZMist !!!! Metamorpher Virus !!! Wie kriege ich ihn weg??
    Log-Analyse und Auswertung - 19.12.2006 (1)
  16. Zlob downloader eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.07.2006 (3)
  17. HackTool.Win32.Hidd.c / TrojanSpy.Win32.Agent.w / Trojan-Downloader.Win32.Agent.fy
    Plagegeister aller Art und deren Bekämpfung - 21.12.2004 (3)

Zum Thema Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? - Seit ein paar Tagen habe ich offenbar den Virus/Trojaner win32.downloader.gen auf meinem PC. Jedenfalls teilt mir das Spybot S&D mit. Diese Malware markiert und behebt dann angeblich das Problem, nach - Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg?...
Archiv
Du betrachtest: Win32.downloader.gen offenbar eingefangen..wie kriege ich den weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.