Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen (https://www.trojaner-board.de/117629-trojan-small-trojan-sirefef-rootkit-0access-c-windows-installer-entfernen.html)

thesaint225 19.06.2012 21:49
Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
 
Guten Tag,

ich habe Probleme mit den 3 oben genannten Trojanern die nicht zu entfernen sind. Antivir hat sie als erstes gefunden aber nicht entfernen können. Selbiges mit Anti-Maleware.
PC Probleme sind mir bisher nicht aufgefallen außer die ständigen warnungen von Avira. Woher die Trojaner kommen könnten weiss ich nicht.

Hoffe ihr könnt mir helfen. Hab laut der Anleitungen schon den ein oder anderen Scan gemacht und die Logfiles gespeichert. Zum anfang erstmal das Log von Anti-Malware.

MFG Danny


" Malwarebytes Anti-Malware (Test) 1.61.0.1400


Datenbank Version: v2012.06.19.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ****** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

19.06.2012 22:33:22
mbam-log-2012-06-19 (22-39-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218614
Laufzeit: 5 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
"

cosinus 21.06.2012 20:56
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

thesaint225 24.06.2012 10:58
Hallo,

hier die Log´s, hat etwas gedauert bis die scans durch waren.


Malwarebytes


Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ***** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

21.06.2012 23:02:28
mbam-log-2012-06-22 (21-09-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 731109
Laufzeit: 14 Stunde(n), 30 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Esset Onlinescanner

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b21a1a24617324daf805ebe8c31db0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-23 09:40:40
# local_time=2012-06-23 11:40:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 14947143 14947143 0 0
# compatibility_mode=5893 16776574 66 94 1317466 92110755 0 0
# compatibility_mode=8192 67108863 100 0 520 520 0 0
# scanned=524434
# found=4
# cleaned=0
# scan_time=8096
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n        Win32/Sirefef.EV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@        a variant of Win32/Sirefef.FA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@        probably a variant of Win32/Agent.TEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPSYG0AP\new-online-dating_net[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
Danke vielmals

cosinus 24.06.2012 16:43
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

thesaint225 24.06.2012 20:24
Dann hab ich den Satz doch falsch verstanden.
Nochmal zur Reihenfolge,

Malwarebytes Durchlaufen lassen im Vollsuchmodus, gefundene Viren in die Quarantäne, dann entfernen und danach den Esset online Scanner Durchlaufen lassen?

MFG

cosinus 25.06.2012 10:38
Ja genau, mit entfernen wird gemeint "in die Q schicken"
Du brauchst ESET aber nicht nochmal laufen zu lassen

thesaint225 26.06.2012 08:24
So jetzt nochmal Malwarebytes, die Dinger sind sofort nach Computerstart wieder da!

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ***** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

25.06.2012 20:57:24
mbam-log-2012-06-25 (20-57-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 737328
Laufzeit: 4 Stunde(n), 36 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 26.06.2012 12:28
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

thesaint225 26.06.2012 20:34
Also der Normale Windows Modus funktioniert, hat er aber auch schon vorher, manchmal kommt er mir jedoch etwas langsam vor.
Das Startmenü macht auch einen normalen Eindruck, keine leeren ordner und vorhanden ist auch alles.

Einzig taucht hin und wieder ein seltsamer fehler zu einem Server? auf. Muss mir das nächste mal direkt ein Bildschirmfoto machen. Der Fehler kommt nicht immer, hat was mit Firefox zu, so kommt es mir zumindest vor hat aber sonst keinerlei weitere auswirkungen.

MFG und Danke für die Mühe

cosinus 27.06.2012 12:31
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

thesaint225 27.06.2012 18:19
Hier der OTL log.

Code:
OTL logfile created on: 27.06.2012 18:56:40 - Run 3
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Danny *****\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,36% Memory free
5,99 Gb Paging File | 4,72 Gb Available in Paging File | 78,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,59 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive D: | 204,03 Gb Total Space | 179,17 Gb Free Space | 87,82% Space Free | Partition Type: NTFS
Drive E: | 466,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,69 Gb Total Space | 2,41 Gb Free Space | 65,35% Space Free | Partition Type: FAT32
 
Computer Name: CELINE-LAPTOP | User Name: Danny ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
PRC - [2012.06.25 23:10:17 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2012.06.08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Kies\KiesTrayAgent.exe
PRC - [2012.05.08 20:29:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:29:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:29:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:29:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.22 10:51:22 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.22 10:50:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.04.16 17:26:10 | 001,271,088 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.22 07:46:40 | 000,090,624 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe
PRC - [2009.05.12 06:35:28 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
PRC - [2009.01.15 13:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.25 23:10:16 | 002,042,848 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll
MOD - [2012.06.16 20:00:33 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.16 19:59:58 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.16 19:59:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.09 20:30:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.05.09 18:36:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 18:35:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.09 18:35:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.09 18:35:34 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010.09.21 22:38:58 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.06.22 07:46:40 | 000,090,112 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\BkLocalBackup.dll
MOD - [2009.06.22 07:46:38 | 000,117,760 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\OSAL.dll
MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.25 23:10:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:29:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:29:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.17 23:57:59 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.09.22 10:50:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.06.22 07:46:40 | 000,090,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2009.01.15 13:13:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe -- (Belkin Home Base Control Center Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012.05.08 20:29:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:29:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.17 18:11:56 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2011.08.17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.09.24 21:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.09.22 11:21:42 | 006,471,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.22 10:14:26 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.29 18:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.08.19 08:23:28 | 000,119,408 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.06.22 09:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD CC 9B 75 8D C8 CC 01  [binary data]
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Mozilla Firefox\components [2012.06.25 23:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Mozilla Firefox\plugins
 
[2012.01.01 16:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Extensions
[2012.05.24 20:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Firefox\Profiles\jfh1ill1.default\extensions
[2012.05.24 20:18:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Firefox\Profiles\jfh1ill1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.10 19:07:18 | 000,000,957 | ---- | M] () -- C:\Users\Danny *****\AppData\Roaming\Mozilla\Firefox\Profiles\jfh1ill1.default\searchplugins\conduit.xml
[2012.03.03 00:05:04 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesHelper] D:\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Celine Schrader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk = C:\Program Files\Belkin\Home Base Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\Danny *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk = C:\Program Files\Belkin\Home Base Control Center\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9C6E4E3-65B2-41AB-A1BA-D206058A5B6F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3F8635-A503-40E7-9E80-F0C7504C82AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.13 06:14:06 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008.05.13 06:53:30 | 000,000,064 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\setup.exe -- [2008.08.13 06:13:38 | 000,159,804 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 16:25:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
[2012.06.23 21:19:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.06.23 21:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.21 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Documents\FFOutput
[2012.06.19 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien
[2012.06.18 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Macromedia
[2012.06.17 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.06.17 23:25:17 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.06.17 23:25:17 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.06.15 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.06.15 23:06:57 | 000,000,000 | ---D | C] -- C:\Temp
[2012.06.15 23:04:38 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Samsung
[2012.06.15 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Documents\samsung
[2012.06.15 23:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.06.15 23:01:18 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.06.15 23:01:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.06.15 23:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.06.15 23:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.06.15 22:56:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.15 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Downloaded Installations
[2012.06.10 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Malwarebytes
[2012.06.10 21:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 21:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 21:46:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.10 19:32:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.08 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential
[2012.06.07 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\World_of_AI
[2012.05.29 00:38:50 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.04.20 20:34:20 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Danny *****\AppData\Local\Wtrmrk.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
[2012.06.27 16:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 11:32:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 11:32:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 11:23:24 | 2414,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 21:27:57 | 000,001,225 | ---- | M] () -- C:\Users\Danny *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk
[2012.06.26 09:28:02 | 000,653,598 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.26 09:28:02 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.26 09:28:02 | 000,130,256 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.26 09:28:02 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 20:24:22 | 000,001,406 | ---- | M] () -- C:\Users\Danny *****\Desktop\Musik - Verknüpfung.lnk
[2012.06.19 21:49:09 | 000,067,891 | ---- | M] () -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.06.19 21:48:35 | 000,302,592 | ---- | M] () -- C:\Users\Danny *****\Desktop\ytsdzzqs.exe
[2012.06.19 21:28:00 | 000,000,000 | ---- | M] () -- C:\Users\Danny *****\defogger_reenable
[2012.06.19 21:26:52 | 000,050,477 | ---- | M] () -- C:\Users\Danny *****\Desktop\Defogger.exe
[2012.06.16 19:56:53 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.15 23:01:25 | 000,000,585 | ---- | M] () -- C:\Users\Danny *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012.06.06 22:31:42 | 312,345,410 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.29 00:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.26 09:21:11 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@
[2012.06.26 09:21:11 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@
[2012.06.26 09:21:11 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@
[2012.06.21 20:24:22 | 000,001,406 | ---- | C] () -- C:\Users\Danny *****\Desktop\Musik - Verknüpfung.lnk
[2012.06.19 21:49:08 | 000,067,891 | ---- | C] () -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.06.19 21:48:34 | 000,302,592 | ---- | C] () -- C:\Users\Danny *****\Desktop\ytsdzzqs.exe
[2012.06.19 21:28:00 | 000,000,000 | ---- | C] () -- C:\Users\Danny *****\defogger_reenable
[2012.06.19 21:26:50 | 000,050,477 | ---- | C] () -- C:\Users\Danny *****\Desktop\Defogger.exe
[2012.06.17 23:27:34 | 000,000,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.06.15 23:01:25 | 000,000,585 | ---- | C] () -- C:\Users\Danny *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.11 20:22:21 | 000,358,183 | ---- | C] () -- C:\Users\Danny *****\Umbauanleitung_komplett1.pdf
[2012.04.20 20:34:20 | 002,076,309 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\ntkrlICE.exe
[2012.04.20 20:34:20 | 000,570,073 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\gui.exe
[2012.04.20 20:34:20 | 000,397,900 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\4GB_GER.exe
[2012.04.20 20:34:20 | 000,397,900 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\4GB_EN.exe
[2012.04.20 20:34:20 | 000,000,518 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UNAWAVE_EN.url
[2012.04.20 20:34:20 | 000,000,240 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UPDATE.url
[2012.04.20 20:34:20 | 000,000,216 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UNAWAVE_GER.url
[2012.03.09 22:03:47 | 000,429,607 | ---- | C] () -- C:\Users\Danny *****\New Look Polstermöbel.pdf
[2012.02.06 19:50:18 | 000,031,910 | ---- | C] () -- C:\Windows\SSUMLT0G.INI
[2012.01.17 23:58:15 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012.01.11 18:35:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
[2012.01.11 18:35:15 | 000,002,048 | -HS- | C] () -- C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
[2012.01.06 19:56:17 | 000,000,033 | ---- | C] () -- C:\Windows\MEGAPFAD.INI
[2012.01.02 12:53:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2012.01.02 12:53:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2012.01.02 12:53:28 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2012.01.02 12:51:27 | 000,097,792 | ---- | C] () -- C:\Windows\nshe.sys
[2012.01.02 12:51:27 | 000,000,269 | ---- | C] () -- C:\Windows\ETKINST.INI
[2012.01.01 16:53:01 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.01 16:17:47 | 000,653,598 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.01 16:17:47 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.01 16:17:47 | 000,130,256 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.01 16:17:47 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.01 15:53:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012.01.01 15:44:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.01 15:37:59 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.01.01 15:37:59 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2012.05.24 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\Celine Schrader\AppData\Roaming\Foxit Software
[2012.05.11 21:47:05 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Ashampoo
[2012.06.17 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.05.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Canneverbe Limited
[2012.01.06 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Foxit Software
[2012.04.20 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\HD Tune Pro
[2012.01.01 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\InterTrust
[2012.06.15 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.06.05 20:39:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.02 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Adobe
[2012.01.08 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Apple Computer
[2012.05.11 21:47:05 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Ashampoo
[2012.01.01 15:45:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\ATI
[2012.06.17 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.01.02 22:32:46 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Avira
[2012.05.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Canneverbe Limited
[2012.01.06 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Foxit Software
[2012.04.20 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\HD Tune Pro
[2012.01.01 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Identities
[2012.01.01 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\InterTrust
[2012.01.02 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Macromedia
[2012.06.10 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Media Center Programs
[2012.06.20 19:27:10 | 000,000,000 | --SD | M] -- C:\Users\Danny *****\AppData\Roaming\Microsoft
[2012.01.01 16:06:25 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Mozilla
[2012.06.15 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.01.02 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\vlc
[2012.01.01 15:49:10 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.24 15:27:51 | 000,010,134 | R--- | M] () -- C:\Users\Danny *****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Meinen Nachnamen habe ich im Log mit "*****" untkenntlich gemacht

cosinus 28.06.2012 12:10
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD CC 9B 75 8D C8 CC 01  [binary data]
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q="
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.13 06:14:06 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008.05.13 06:53:30 | 000,000,064 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\setup.exe -- [2008.08.13 06:13:38 | 000,159,804 | R--- | M] ()
:Files
C:\Users\Danny Kemmerle\AppData\Local\Wtrmrk.exe
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

thesaint225 28.06.2012 14:34
Hier das Log vom OTL Fix

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5786d022-540e-4699-b350-b4be0ae94b79} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5786d022-540e-4699-b350-b4be0ae94b79}\ not found.
HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Ashampoo DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Danny *****\AppData\Local\Wtrmrk.exe moved successfully.
C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
File\Folder C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n not found.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U folder moved successfully.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Celine *****
->Temp folder emptied: 30717359 bytes
->Temporary Internet Files folder emptied: 10204661 bytes
->Java cache emptied: 16981 bytes
->FireFox cache emptied: 829195725 bytes
->Flash cache emptied: 30226 bytes
 
User: Danny *****
->Temp folder emptied: 48334919 bytes
->Temporary Internet Files folder emptied: 120326435 bytes
->Java cache emptied: 992070 bytes
->FireFox cache emptied: 840076725 bytes
->Flash cache emptied: 44913 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Neuer Ordner
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120018933 bytes
RecycleBin emptied: 846806 bytes
 
Total Files Cleaned = 1.908,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Celine *****
->Flash cache emptied: 0 bytes
 
User: Danny *****
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Neuer Ordner
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_152140

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2008.05.13 06:53:30 | 000,000,064 | R--- | M] () E:\AutoRun.inf : MD5=8D8CAE97132183E97207968F3DB99C8B
[2008.08.13 06:13:38 | 000,159,804 | R--- | M] () E:\AutoRun\setup.exe : MD5=9E09E79D69E40FC4D6D154A99AFB9502
[2012.06.28 15:28:37 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5786d022-540e-4699-b350-b4be0ae94b79} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5786d022-540e-4699-b350-b4be0ae94b79}\ not found.
HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Ashampoo DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Danny *****\AppData\Local\Wtrmrk.exe moved successfully.
C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
File\Folder C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n not found.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U folder moved successfully.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Celine *****
->Temp folder emptied: 30717359 bytes
->Temporary Internet Files folder emptied: 10204661 bytes
->Java cache emptied: 16981 bytes
->FireFox cache emptied: 829195725 bytes
->Flash cache emptied: 30226 bytes
 
User: Danny *****
->Temp folder emptied: 48334919 bytes
->Temporary Internet Files folder emptied: 120326435 bytes
->Java cache emptied: 992070 bytes
->FireFox cache emptied: 840076725 bytes
->Flash cache emptied: 44913 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Neuer Ordner
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120018933 bytes
RecycleBin emptied: 846806 bytes
 
Total Files Cleaned = 1.908,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Celine *****
->Flash cache emptied: 0 bytes
 
User: Danny *****
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Neuer Ordner
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_152140

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2008.05.13 06:53:30 | 000,000,064 | R--- | M] () E:\AutoRun.inf : MD5=8D8CAE97132183E97207968F3DB99C8B
[2008.08.13 06:13:38 | 000,159,804 | R--- | M] () E:\AutoRun\setup.exe : MD5=9E09E79D69E40FC4D6D154A99AFB9502
[2012.06.28 15:28:37 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus 29.06.2012 09:59
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

thesaint225 29.06.2012 11:16
Hier der TDSS KIller Log:

Code:
12:12:38.0570 5172        TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:12:38.0715 5172        ============================================================
12:12:38.0715 5172        Current date / time: 2012/06/29 12:12:38.0715
12:12:38.0715 5172        SystemInfo:
12:12:38.0715 5172       
12:12:38.0715 5172        OS Version: 6.1.7600 ServicePack: 0.0
12:12:38.0715 5172        Product type: Workstation
12:12:38.0715 5172        ComputerName: CELINE-LAPTOP
12:12:38.0715 5172        UserName: Danny *****
12:12:38.0715 5172        Windows directory: C:\Windows
12:12:38.0715 5172        System windows directory: C:\Windows
12:12:38.0715 5172        Processor architecture: Intel x86
12:12:38.0715 5172        Number of processors: 2
12:12:38.0715 5172        Page size: 0x1000
12:12:38.0715 5172        Boot type: Normal boot
12:12:38.0715 5172        ============================================================
12:12:41.0545 5172        Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
12:12:41.0565 5172        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:12:41.0565 5172        Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:12:41.0565 5172        ============================================================
12:12:41.0565 5172        \Device\Harddisk1\DR1:
12:12:41.0565 5172        MBR partitions:
12:12:41.0565 5172        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
12:12:41.0565 5172        \Device\Harddisk0\DR0:
12:12:41.0565 5172        MBR partitions:
12:12:41.0565 5172        \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2711637
12:12:41.0565 5172        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x950A408
12:12:41.0595 5172        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBC1C800, BlocksNum 0x19811800
12:12:41.0595 5172        \Device\Harddisk1\DR1:
12:12:41.0595 5172        MBR partitions:
12:12:41.0595 5172        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
12:12:41.0595 5172        ============================================================
12:12:41.0675 5172        C: <-> \Device\Harddisk0\DR0\Partition1
12:12:41.0855 5172        D: <-> \Device\Harddisk0\DR0\Partition2
12:12:41.0865 5172        ============================================================
12:12:41.0865 5172        Initialize success
12:12:41.0865 5172        ============================================================
12:13:24.0956 5544        ============================================================
12:13:24.0956 5544        Scan started
12:13:24.0956 5544        Mode: Manual; SigCheck; TDLFS;
12:13:24.0956 5544        ============================================================
12:13:26.0828 5544        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:13:26.0984 5544        1394ohci - ok
12:13:27.0062 5544        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:13:27.0093 5544        ACPI - ok
12:13:27.0140 5544        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:13:27.0202 5544        AcpiPmi - ok
12:13:27.0296 5544        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:13:27.0358 5544        adp94xx - ok
12:13:27.0421 5544        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:13:27.0467 5544        adpahci - ok
12:13:27.0514 5544        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:13:27.0545 5544        adpu320 - ok
12:13:27.0592 5544        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:13:27.0623 5544        AeLookupSvc - ok
12:13:27.0717 5544        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:13:27.0795 5544        AFD - ok
12:13:27.0842 5544        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:13:27.0857 5544        agp440 - ok
12:13:27.0904 5544        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:13:27.0935 5544        aic78xx - ok
12:13:27.0982 5544        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:13:28.0045 5544        ALG - ok
12:13:28.0091 5544        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:13:28.0123 5544        aliide - ok
12:13:28.0185 5544        AMD External Events Utility (af5cb8ec87a250c875deefb378b12c2d) C:\Windows\system32\atiesrxx.exe
12:13:28.0247 5544        AMD External Events Utility - ok
12:13:28.0263 5544        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:13:28.0294 5544        amdagp - ok
12:13:28.0325 5544        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:13:28.0357 5544        amdide - ok
12:13:28.0372 5544        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:13:28.0419 5544        AmdK8 - ok
12:13:28.0981 5544        amdkmdag        (a4130fd679dad70c1f8cc0c0b84d26be) C:\Windows\system32\DRIVERS\atikmdag.sys
12:13:29.0199 5544        amdkmdag - ok
12:13:29.0386 5544        amdkmdap        (e4ccbe2ff01badf1972c8a034b3d7c88) C:\Windows\system32\DRIVERS\atikmpag.sys
12:13:29.0433 5544        amdkmdap - ok
12:13:29.0480 5544        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:13:29.0542 5544        AmdPPM - ok
12:13:29.0573 5544        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
12:13:29.0605 5544        amdsata - ok
12:13:29.0651 5544        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:13:29.0683 5544        amdsbs - ok
12:13:29.0714 5544        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
12:13:29.0729 5544        amdxata - ok
12:13:29.0823 5544        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Avira\Avira\AntiVir Desktop\sched.exe
12:13:29.0854 5544        AntiVirSchedulerService - ok
12:13:29.0932 5544        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) D:\Avira\Avira\AntiVir Desktop\avguard.exe
12:13:29.0948 5544        AntiVirService - ok
12:13:29.0995 5544        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:13:30.0073 5544        AppID - ok
12:13:30.0119 5544        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:13:30.0275 5544        AppIDSvc - ok
12:13:30.0307 5544        Appinfo        (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
12:13:30.0369 5544        Appinfo - ok
12:13:30.0478 5544        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:30.0509 5544        Apple Mobile Device - ok
12:13:30.0556 5544        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:13:30.0619 5544        AppMgmt - ok
12:13:30.0681 5544        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:13:30.0697 5544        arc - ok
12:13:30.0712 5544        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:13:30.0743 5544        arcsas - ok
12:13:30.0759 5544        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:30.0915 5544        AsyncMac - ok
12:13:30.0931 5544        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:13:30.0946 5544        atapi - ok
12:13:31.0196 5544        athr            (31cb2740bfdbac1e48e2b7ead38f0d27) C:\Windows\system32\DRIVERS\athr.sys
12:13:31.0367 5544        athr - ok
12:13:31.0570 5544        AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
12:13:31.0601 5544        AtiHDAudioService - ok
12:13:31.0664 5544        AtiHdmiService  (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys
12:13:31.0679 5544        AtiHdmiService - ok
12:13:31.0742 5544        AtiPcie        (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:13:31.0757 5544        AtiPcie - ok
12:13:31.0851 5544        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:13:31.0960 5544        AudioEndpointBuilder - ok
12:13:31.0960 5544        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:13:32.0007 5544        Audiosrv - ok
12:13:32.0038 5544        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
12:13:32.0069 5544        avgntflt - ok
12:13:32.0101 5544        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
12:13:32.0132 5544        avipbb - ok
12:13:32.0163 5544        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:13:32.0179 5544        avkmgr - ok
12:13:32.0241 5544        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
12:13:32.0319 5544        AxInstSV - ok
12:13:32.0397 5544        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:13:32.0459 5544        b06bdrv - ok
12:13:32.0553 5544        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:13:32.0647 5544        b57nd60x - ok
12:13:32.0740 5544        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:13:32.0818 5544        BDESVC - ok
12:13:32.0849 5544        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:13:32.0927 5544        Beep - ok
12:13:33.0037 5544        Belkin Home Base Control Center Service (cd3e06541caa935c6c299a95d4e0f771) C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
12:13:33.0052 5544        Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - warning
12:13:33.0052 5544        Belkin Home Base Control Center Service - detected UnsignedFile.Multi.Generic (1)
12:13:33.0115 5544        Belkin Local Backup Service (2893c9132f539ff3f964efd38ead1755) C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe
12:13:33.0130 5544        Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
12:13:33.0130 5544        Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
12:13:33.0239 5544        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
12:13:33.0349 5544        BITS - ok
12:13:33.0380 5544        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:33.0395 5544        blbdrive - ok
12:13:33.0520 5544        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:13:33.0551 5544        Bonjour Service - ok
12:13:33.0598 5544        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:13:33.0661 5544        bowser - ok
12:13:33.0676 5544        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:13:33.0723 5544        BrFiltLo - ok
12:13:33.0739 5544        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:13:33.0801 5544        BrFiltUp - ok
12:13:33.0848 5544        Browser        (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
12:13:33.0941 5544        Browser - ok
12:13:33.0988 5544        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:13:34.0066 5544        Brserid - ok
12:13:34.0097 5544        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:34.0144 5544        BrSerWdm - ok
12:13:34.0175 5544        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:34.0222 5544        BrUsbMdm - ok
12:13:34.0222 5544        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:34.0269 5544        BrUsbSer - ok
12:13:34.0300 5544        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:13:34.0347 5544        BTHMODEM - ok
12:13:34.0409 5544        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:13:34.0456 5544        bthserv - ok
12:13:34.0519 5544        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:34.0581 5544        cdfs - ok
12:13:34.0643 5544        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:13:34.0706 5544        cdrom - ok
12:13:34.0737 5544        CertPropSvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:13:34.0815 5544        CertPropSvc - ok
12:13:34.0846 5544        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:13:34.0862 5544        circlass - ok
12:13:34.0909 5544        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:13:34.0940 5544        CLFS - ok
12:13:35.0049 5544        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:35.0065 5544        clr_optimization_v2.0.50727_32 - ok
12:13:35.0158 5544        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:35.0189 5544        clr_optimization_v4.0.30319_32 - ok
12:13:35.0221 5544        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:35.0252 5544        CmBatt - ok
12:13:35.0283 5544        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:13:35.0314 5544        cmdide - ok
12:13:35.0377 5544        CNG            (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:13:35.0470 5544        CNG - ok
12:13:35.0486 5544        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:13:35.0517 5544        Compbatt - ok
12:13:35.0548 5544        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:13:35.0579 5544        CompositeBus - ok
12:13:35.0611 5544        COMSysApp - ok
12:13:35.0626 5544        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:13:35.0642 5544        crcdisk - ok
12:13:35.0689 5544        CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
12:13:35.0751 5544        CryptSvc - ok
12:13:35.0829 5544        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:13:35.0891 5544        CSC - ok
12:13:35.0969 5544        CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
12:13:36.0032 5544        CscService - ok
12:13:36.0110 5544        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:13:36.0188 5544        DcomLaunch - ok
12:13:36.0235 5544        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:13:36.0313 5544        defragsvc - ok
12:13:36.0422 5544        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:13:36.0469 5544        DfsC - ok
12:13:36.0500 5544        dgderdrv - ok
12:13:36.0547 5544        dg_ssudbus      (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
12:13:36.0578 5544        dg_ssudbus - ok
12:13:36.0656 5544        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
12:13:36.0749 5544        Dhcp - ok
12:13:36.0781 5544        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:13:36.0859 5544        discache - ok
12:13:36.0874 5544        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:13:36.0890 5544        Disk - ok
12:13:36.0937 5544        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
12:13:36.0999 5544        Dnscache - ok
12:13:37.0046 5544        dot3svc        (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
12:13:37.0139 5544        dot3svc - ok
12:13:37.0171 5544        DPS            (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
12:13:37.0233 5544        DPS - ok
12:13:37.0264 5544        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:13:37.0280 5544        drmkaud - ok
12:13:37.0389 5544        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:37.0451 5544        DXGKrnl - ok
12:13:37.0483 5544        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:13:37.0529 5544        EapHost - ok
12:13:37.0857 5544        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:13:38.0029 5544        ebdrv - ok
12:13:38.0169 5544        EFS            (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
12:13:38.0216 5544        EFS - ok
12:13:38.0325 5544        ehRecvr        (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
12:13:38.0419 5544        ehRecvr - ok
12:13:38.0450 5544        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:13:38.0512 5544        ehSched - ok
12:13:38.0653 5544        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:13:38.0715 5544        elxstor - ok
12:13:38.0731 5544        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:13:38.0762 5544        ErrDev - ok
12:13:38.0824 5544        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:13:38.0887 5544        EventSystem - ok
12:13:38.0918 5544        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:13:38.0980 5544        exfat - ok
12:13:39.0011 5544        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:13:39.0058 5544        fastfat - ok
12:13:39.0167 5544        Fax            (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
12:13:39.0245 5544        Fax - ok
12:13:39.0277 5544        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:13:39.0308 5544        fdc - ok
12:13:39.0339 5544        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:13:39.0401 5544        fdPHost - ok
12:13:39.0417 5544        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:13:39.0464 5544        FDResPub - ok
12:13:39.0479 5544        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:13:39.0479 5544        FileInfo - ok
12:13:39.0511 5544        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:13:39.0573 5544        Filetrace - ok
12:13:39.0589 5544        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:39.0635 5544        flpydisk - ok
12:13:39.0682 5544        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:13:39.0713 5544        FltMgr - ok
12:13:39.0838 5544        FontCache      (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
12:13:39.0932 5544        FontCache - ok
12:13:39.0994 5544        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:40.0025 5544        FontCache3.0.0.0 - ok
12:13:40.0057 5544        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:13:40.0088 5544        FsDepends - ok
12:13:40.0119 5544        Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:40.0135 5544        Fs_Rec - ok
12:13:40.0197 5544        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:13:40.0244 5544        fvevol - ok
12:13:40.0275 5544        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:13:40.0291 5544        gagp30kx - ok
12:13:40.0306 5544        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:40.0322 5544        GEARAspiWDM - ok
12:13:40.0400 5544        gpsvc          (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
12:13:40.0478 5544        gpsvc - ok
12:13:40.0603 5544        Hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
12:13:40.0681 5544        Hardlock - ok
12:13:40.0712 5544        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:13:40.0774 5544        hcw85cir - ok
12:13:40.0837 5544        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:13:40.0899 5544        HdAudAddService - ok
12:13:40.0946 5544        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:40.0993 5544        HDAudBus - ok
12:13:41.0024 5544        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:13:41.0071 5544        HidBatt - ok
12:13:41.0102 5544        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:13:41.0149 5544        HidBth - ok
12:13:41.0195 5544        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:13:41.0242 5544        HidIr - ok
12:13:41.0289 5544        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:13:41.0351 5544        hidserv - ok
12:13:41.0398 5544        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:41.0429 5544        HidUsb - ok
12:13:41.0461 5544        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
12:13:41.0539 5544        hkmsvc - ok
12:13:41.0570 5544        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
12:13:41.0632 5544        HomeGroupListener - ok
12:13:41.0679 5544        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
12:13:41.0710 5544        HomeGroupProvider - ok
12:13:41.0773 5544        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:13:41.0804 5544        HpSAMD - ok
12:13:41.0882 5544        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:13:41.0960 5544        HTTP - ok
12:13:41.0975 5544        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:13:41.0991 5544        hwpolicy - ok
12:13:42.0053 5544        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:42.0085 5544        i8042prt - ok
12:13:42.0147 5544        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
12:13:42.0209 5544        iaStorV - ok
12:13:42.0365 5544        idsvc          (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:42.0428 5544        idsvc - ok
12:13:42.0475 5544        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:13:42.0490 5544        iirsp - ok
12:13:42.0599 5544        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
12:13:42.0709 5544        IKEEXT - ok
12:13:43.0036 5544        IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\Windows\system32\drivers\RTKVHDA.sys
12:13:43.0114 5544        IntcAzAudAddService - ok
12:13:43.0286 5544        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:13:43.0317 5544        intelide - ok
12:13:43.0348 5544        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:43.0395 5544        intelppm - ok
12:13:43.0442 5544        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:13:43.0551 5544        IPBusEnum - ok
12:13:43.0567 5544        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:43.0645 5544        IpFilterDriver - ok
12:13:43.0676 5544        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:13:43.0723 5544        IPMIDRV - ok
12:13:43.0754 5544        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:13:43.0832 5544        IPNAT - ok
12:13:44.0003 5544        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:13:44.0050 5544        iPod Service - ok
12:13:44.0097 5544        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:13:44.0144 5544        IRENUM - ok
12:13:44.0159 5544        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:13:44.0175 5544        isapnp - ok
12:13:44.0206 5544        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:13:44.0237 5544        iScsiPrt - ok
12:13:44.0269 5544        JMCR            (2254a5e78c55fd8f68f9676590468531) C:\Windows\system32\DRIVERS\jmcr.sys
12:13:44.0284 5544        JMCR - ok
12:13:44.0347 5544        JME            (2f1ed2146f62b26a6136a96901feb492) C:\Windows\system32\DRIVERS\JME.sys
12:13:44.0362 5544        JME - ok
12:13:44.0409 5544        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:44.0440 5544        kbdclass - ok
12:13:44.0471 5544        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:44.0518 5544        kbdhid - ok
12:13:44.0549 5544        KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:44.0565 5544        KeyIso - ok
12:13:44.0596 5544        KMService      (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
12:13:44.0627 5544        KMService ( UnsignedFile.Multi.Generic ) - warning
12:13:44.0627 5544        KMService - detected UnsignedFile.Multi.Generic (1)
12:13:44.0659 5544        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:13:44.0690 5544        KSecDD - ok
12:13:44.0705 5544        KSecPkg        (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:13:44.0721 5544        KSecPkg - ok
12:13:44.0783 5544        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:13:44.0893 5544        KtmRm - ok
12:13:44.0955 5544        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
12:13:45.0002 5544        LanmanServer - ok
12:13:45.0049 5544        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
12:13:45.0111 5544        LanmanWorkstation - ok
12:13:45.0220 5544        LcSvrAdm        (2f5a3b202e772285e8f413b5138024e7) d:\ElsaWin\bin\LcSvrAdm.exe
12:13:45.0251 5544        LcSvrAdm ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0251 5544        LcSvrAdm - detected UnsignedFile.Multi.Generic (1)
12:13:45.0361 5544        LcSvrAuf        (b0020f2d5ca4da6d59522f22f84d4ce8) d:\ElsaWin\bin\LcSvrAuf.exe
12:13:45.0423 5544        LcSvrAuf ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0423 5544        LcSvrAuf - detected UnsignedFile.Multi.Generic (1)
12:13:45.0470 5544        LcSvrDba        (292cb3c3d00c7e4a17ccdd5920faa2bf) d:\ElsaWin\bin\LcSvrDba.exe
12:13:45.0517 5544        LcSvrDba ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0517 5544        LcSvrDba - detected UnsignedFile.Multi.Generic (1)
12:13:45.0563 5544        LcSvrHis        (1a634a6e80a436b53623757a4df9165a) d:\ElsaWin\bin\LcSvrHis.exe
12:13:45.0595 5544        LcSvrHis ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0595 5544        LcSvrHis - detected UnsignedFile.Multi.Generic (1)
12:13:45.0673 5544        LcSvrPAS        (b8a3f27cd1527f509da4c3e0e843299e) d:\ElsaWin\bin\LcSvrPas.exe
12:13:45.0704 5544        LcSvrPAS ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0704 5544        LcSvrPAS - detected UnsignedFile.Multi.Generic (1)
12:13:45.0782 5544        LcSvrSaz        (7b50d309bce57162a5e4383fc003e477) d:\ElsaWin\bin\LcSvrSaz.exe
12:13:45.0797 5544        LcSvrSaz ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0797 5544        LcSvrSaz - detected UnsignedFile.Multi.Generic (1)
12:13:45.0860 5544        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:13:45.0938 5544        lltdio - ok
12:13:45.0969 5544        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:13:46.0016 5544        lltdsvc - ok
12:13:46.0031 5544        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:13:46.0109 5544        lmhosts - ok
12:13:46.0187 5544        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:13:46.0219 5544        LSI_FC - ok
12:13:46.0234 5544        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:13:46.0250 5544        LSI_SAS - ok
12:13:46.0265 5544        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:13:46.0281 5544        LSI_SAS2 - ok
12:13:46.0312 5544        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:13:46.0328 5544        LSI_SCSI - ok
12:13:46.0359 5544        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:13:46.0421 5544        luafv - ok
12:13:46.0484 5544        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:13:46.0515 5544        MBAMProtector - ok
12:13:46.0655 5544        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:13:46.0687 5544        MBAMService - ok
12:13:46.0718 5544        Mcx2Svc        (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
12:13:46.0749 5544        Mcx2Svc - ok
12:13:46.0765 5544        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:13:46.0796 5544        megasas - ok
12:13:46.0874 5544        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:13:46.0905 5544        MegaSR - ok
12:13:46.0999 5544        Microsoft SharePoint Workspace Audit Service - ok
12:13:47.0045 5544        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:13:47.0108 5544        MMCSS - ok
12:13:47.0139 5544        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:13:47.0233 5544        Modem - ok
12:13:47.0264 5544        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:13:47.0295 5544        monitor - ok
12:13:47.0311 5544        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:13:47.0326 5544        mouclass - ok
12:13:47.0357 5544        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:13:47.0404 5544        mouhid - ok
12:13:47.0435 5544        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:13:47.0467 5544        mountmgr - ok
12:13:47.0591 5544        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:13:47.0623 5544        MozillaMaintenance - ok
12:13:47.0669 5544        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:13:47.0716 5544        mpio - ok
12:13:47.0732 5544        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:13:47.0810 5544        mpsdrv - ok
12:13:47.0825 5544        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:13:47.0872 5544        MRxDAV - ok
12:13:47.0919 5544        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:47.0966 5544        mrxsmb - ok
12:13:47.0997 5544        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:48.0059 5544        mrxsmb10 - ok
12:13:48.0091 5544        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:48.0137 5544        mrxsmb20 - ok
12:13:48.0184 5544        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:13:48.0200 5544        msahci - ok
12:13:48.0231 5544        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:13:48.0278 5544        msdsm - ok
12:13:48.0309 5544        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:13:48.0356 5544        MSDTC - ok
12:13:48.0387 5544        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:13:48.0434 5544        Msfs - ok
12:13:48.0449 5544        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:13:48.0496 5544        mshidkmdf - ok
12:13:48.0512 5544        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:13:48.0527 5544        msisadrv - ok
12:13:48.0574 5544        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:13:48.0621 5544        MSiSCSI - ok
12:13:48.0621 5544        msiserver - ok
12:13:48.0668 5544        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:13:48.0730 5544        MSKSSRV - ok
12:13:48.0761 5544        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:48.0824 5544        MSPCLOCK - ok
12:13:48.0839 5544        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:13:48.0886 5544        MSPQM - ok
12:13:48.0933 5544        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:13:48.0949 5544        MsRPC - ok
12:13:48.0964 5544        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:48.0980 5544        mssmbios - ok
12:13:48.0995 5544        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:13:49.0027 5544        MSTEE - ok
12:13:49.0058 5544        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:13:49.0073 5544        MTConfig - ok
12:13:49.0167 5544        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
12:13:49.0214 5544        MTsensor - ok
12:13:49.0245 5544        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:13:49.0261 5544        Mup - ok
12:13:49.0354 5544        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
12:13:49.0463 5544        napagent - ok
12:13:49.0541 5544        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:13:49.0604 5544        NativeWifiP - ok
12:13:49.0713 5544        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:13:49.0760 5544        NDIS - ok
12:13:49.0775 5544        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:49.0838 5544        NdisCap - ok
12:13:49.0869 5544        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:49.0916 5544        NdisTapi - ok
12:13:49.0947 5544        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:50.0025 5544        Ndisuio - ok
12:13:50.0041 5544        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:50.0087 5544        NdisWan - ok
12:13:50.0103 5544        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:13:50.0134 5544        NDProxy - ok
12:13:50.0150 5544        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:13:50.0181 5544        NetBIOS - ok
12:13:50.0212 5544        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:13:50.0259 5544        NetBT - ok
12:13:50.0290 5544        Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:50.0306 5544        Netlogon - ok
12:13:50.0368 5544        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:13:50.0446 5544        Netman - ok
12:13:50.0477 5544        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:13:50.0540 5544        netprofm - ok
12:13:50.0618 5544        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:13:50.0649 5544        NetTcpPortSharing - ok
12:13:50.0696 5544        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:13:50.0727 5544        nfrd960 - ok
12:13:50.0774 5544        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
12:13:50.0867 5544        NlaSvc - ok
12:13:50.0930 5544        nmwcdnsu        (4f0de685a96dc843ccc8a861b3fac12d) C:\Windows\system32\drivers\nmwcdnsu.sys
12:13:51.0008 5544        nmwcdnsu - ok
12:13:51.0023 5544        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:13:51.0070 5544        Npfs - ok
12:13:51.0148 5544        NSHE            (f8e396f5e703d7a8f37d90f59c776268) C:\Windows\system32\Drivers\NSHE.SYS
12:13:51.0179 5544        NSHE ( UnsignedFile.Multi.Generic ) - warning
12:13:51.0179 5544        NSHE - detected UnsignedFile.Multi.Generic (1)
12:13:51.0211 5544        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:13:51.0273 5544        nsi - ok
12:13:51.0304 5544        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:13:51.0367 5544        nsiproxy - ok
12:13:51.0507 5544        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
12:13:51.0601 5544        Ntfs - ok
12:13:51.0616 5544        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:13:51.0679 5544        Null - ok
12:13:51.0725 5544        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
12:13:51.0741 5544        nvraid - ok
12:13:51.0772 5544        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
12:13:51.0803 5544        nvstor - ok
12:13:51.0835 5544        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:13:51.0850 5544        nv_agp - ok
12:13:51.0881 5544        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:13:51.0913 5544        ohci1394 - ok
12:13:52.0022 5544        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:52.0053 5544        ose - ok
12:13:52.0521 5544        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:13:52.0724 5544        osppsvc - ok
12:13:52.0942 5544        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:13:53.0036 5544        p2pimsvc - ok
12:13:53.0114 5544        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:13:53.0161 5544        p2psvc - ok
12:13:53.0239 5544        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:13:53.0285 5544        Parport - ok
12:13:53.0317 5544        partmgr        (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
12:13:53.0348 5544        partmgr - ok
12:13:53.0363 5544        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:13:53.0395 5544        Parvdm - ok
12:13:53.0441 5544        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:13:53.0488 5544        PcaSvc - ok
12:13:53.0519 5544        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:13:53.0551 5544        pci - ok
12:13:53.0566 5544        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:13:53.0597 5544        pciide - ok
12:13:53.0644 5544        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:13:53.0691 5544        pcmcia - ok
12:13:53.0707 5544        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:13:53.0722 5544        pcw - ok
12:13:53.0816 5544        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:13:53.0894 5544        PEAUTH - ok
12:13:54.0050 5544        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:13:54.0112 5544        PeerDistSvc - ok
12:13:54.0315 5544        pla            (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
12:13:54.0455 5544        pla - ok
12:13:54.0658 5544        PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
12:13:54.0783 5544        PlugPlay - ok
12:13:54.0814 5544        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:13:54.0861 5544        PNRPAutoReg - ok
12:13:54.0908 5544        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:13:54.0955 5544        PNRPsvc - ok
12:13:55.0033 5544        PolicyAgent    (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
12:13:55.0111 5544        PolicyAgent - ok
12:13:55.0157 5544        Power          (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
12:13:55.0204 5544        Power - ok
12:13:55.0282 5544        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:13:55.0360 5544        PptpMiniport - ok
12:13:55.0360 5544        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:13:55.0391 5544        Processor - ok
12:13:55.0454 5544        ProfSvc        (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
12:13:55.0516 5544        ProfSvc - ok
12:13:55.0547 5544        ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:55.0579 5544        ProtectedStorage - ok
12:13:55.0625 5544        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:13:55.0688 5544        Psched - ok
12:13:55.0844 5544        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:13:55.0937 5544        ql2300 - ok
12:13:56.0109 5544        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:13:56.0140 5544        ql40xx - ok
12:13:56.0203 5544        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:13:56.0265 5544        QWAVE - ok
12:13:56.0281 5544        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:13:56.0327 5544        QWAVEdrv - ok
12:13:56.0327 5544        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:13:56.0390 5544        RasAcd - ok
12:13:56.0437 5544        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:56.0499 5544        RasAgileVpn - ok
12:13:56.0530 5544        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:13:56.0577 5544        RasAuto - ok
12:13:56.0593 5544        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:56.0639 5544        Rasl2tp - ok
12:13:56.0686 5544        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
12:13:56.0780 5544        RasMan - ok
12:13:56.0811 5544        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:56.0842 5544        RasPppoe - ok
12:13:56.0889 5544        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:13:56.0951 5544        RasSstp - ok
12:13:56.0983 5544        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:13:57.0045 5544        rdbss - ok
12:13:57.0061 5544        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:13:57.0107 5544        rdpbus - ok
12:13:57.0107 5544        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:57.0170 5544        RDPCDD - ok
12:13:57.0217 5544        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:13:57.0279 5544        RDPDR - ok
12:13:57.0310 5544        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:13:57.0388 5544        RDPENCDD - ok
12:13:57.0419 5544        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:13:57.0451 5544        RDPREFMP - ok
12:13:57.0513 5544        RDPWD          (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
12:13:57.0591 5544        RDPWD - ok
12:13:57.0638 5544        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:13:57.0669 5544        rdyboost - ok
12:13:57.0700 5544        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:13:57.0763 5544        RemoteAccess - ok
12:13:57.0809 5544        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:13:57.0856 5544        RemoteRegistry - ok
12:13:57.0887 5544        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:13:57.0934 5544        RpcEptMapper - ok
12:13:57.0965 5544        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:13:58.0012 5544        RpcLocator - ok
12:13:58.0059 5544        RpcSs          (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:13:58.0137 5544        RpcSs - ok
12:13:58.0168 5544        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:13:58.0246 5544        rspndr - ok
12:13:58.0277 5544        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:13:58.0340 5544        s3cap - ok
12:13:58.0371 5544        SamSs          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:58.0387 5544        SamSs - ok
12:13:58.0433 5544        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:13:58.0465 5544        sbp2port - ok
12:13:58.0511 5544        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:13:58.0589 5544        SCardSvr - ok
12:13:58.0605 5544        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:13:58.0667 5544        scfilter - ok
12:13:58.0745 5544        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
12:13:58.0839 5544        Schedule - ok
12:13:58.0870 5544        SCPolicySvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:13:58.0933 5544        SCPolicySvc - ok
12:13:58.0964 5544        sdbus          (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
12:13:58.0995 5544        sdbus - ok
12:13:59.0026 5544        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
12:13:59.0073 5544        SDRSVC - ok
12:13:59.0120 5544        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:13:59.0182 5544        secdrv - ok
12:13:59.0198 5544        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:13:59.0245 5544        seclogon - ok
12:13:59.0276 5544        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:13:59.0323 5544        SENS - ok
12:13:59.0354 5544        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:13:59.0416 5544        SensrSvc - ok
12:13:59.0432 5544        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:13:59.0479 5544        Serenum - ok
12:13:59.0525 5544        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:13:59.0557 5544        Serial - ok
12:13:59.0588 5544        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:13:59.0619 5544        sermouse - ok
12:13:59.0666 5544        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
12:13:59.0728 5544        SessionEnv - ok
12:13:59.0744 5544        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:13:59.0759 5544        sffdisk - ok
12:13:59.0759 5544        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:13:59.0791 5544        sffp_mmc - ok
12:13:59.0791 5544        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:13:59.0822 5544        sffp_sd - ok
12:13:59.0822 5544        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:13:59.0853 5544        sfloppy - ok
12:13:59.0915 5544        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
12:13:59.0962 5544        ShellHWDetection - ok
12:13:59.0993 5544        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:14:00.0009 5544        sisagp - ok
12:14:00.0040 5544        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:14:00.0056 5544        SiSRaid2 - ok
12:14:00.0087 5544        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:14:00.0103 5544        SiSRaid4 - ok
12:14:00.0118 5544        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:14:00.0181 5544        Smb - ok
12:14:00.0212 5544        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:14:00.0243 5544        SNMPTRAP - ok
12:14:00.0274 5544        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:14:00.0290 5544        spldr - ok
12:14:00.0352 5544        Spooler        (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
12:14:00.0430 5544        Spooler - ok
12:14:00.0758 5544        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
12:14:00.0898 5544        sppsvc - ok
12:14:01.0070 5544        sppuinotify    (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
12:14:01.0148 5544        sppuinotify - ok
12:14:01.0226 5544        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:14:01.0304 5544        srv - ok
12:14:01.0351 5544        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:14:01.0397 5544        srv2 - ok
12:14:01.0429 5544        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:01.0491 5544        srvnet - ok
12:14:01.0538 5544        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:14:01.0631 5544        SSDPSRV - ok
12:14:01.0663 5544        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:14:01.0678 5544        ssmdrv - ok
12:14:01.0709 5544        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:14:01.0756 5544        SstpSvc - ok
12:14:01.0819 5544        ssudmdm        (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
12:14:01.0850 5544        ssudmdm - ok
12:14:01.0865 5544        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:14:01.0897 5544        stexstor - ok
12:14:01.0990 5544        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
12:14:02.0037 5544        StiSvc - ok
12:14:02.0084 5544        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:14:02.0099 5544        storflt - ok
12:14:02.0115 5544        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:14:02.0131 5544        storvsc - ok
12:14:02.0146 5544        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:14:02.0162 5544        swenum - ok
12:14:02.0224 5544        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:14:02.0302 5544        swprv - ok
12:14:02.0396 5544        sxuptp          (86083b04dc2b90397f4b47add6eaa407) C:\Windows\system32\DRIVERS\sxuptp.sys
12:14:02.0427 5544        sxuptp - ok
12:14:02.0583 5544        SysMain        (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
12:14:02.0677 5544        SysMain - ok
12:14:02.0708 5544        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
12:14:02.0723 5544        TabletInputService - ok
12:14:02.0755 5544        TapiSrv        (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
12:14:02.0833 5544        TapiSrv - ok
12:14:02.0848 5544        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:14:02.0911 5544        TBS - ok
12:14:03.0113 5544        Tcpip          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
12:14:03.0191 5544        Tcpip - ok
12:14:03.0223 5544        TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:03.0269 5544        TCPIP6 - ok
12:14:03.0301 5544        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:14:03.0347 5544        tcpipreg - ok
12:14:03.0379 5544        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:14:03.0441 5544        TDPIPE - ok
12:14:03.0472 5544        TDTCP          (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
12:14:03.0519 5544        TDTCP - ok
12:14:03.0566 5544        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:14:03.0644 5544        tdx - ok
12:14:03.0659 5544        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:14:03.0675 5544        TermDD - ok
12:14:03.0769 5544        TermService    (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
12:14:03.0862 5544        TermService - ok
12:14:03.0878 5544        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:14:03.0909 5544        Themes - ok
12:14:03.0940 5544        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:14:03.0971 5544        THREADORDER - ok
12:14:04.0003 5544        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:14:04.0065 5544        TrkWks - ok
12:14:04.0143 5544        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
12:14:04.0174 5544        TrustedInstaller - ok
12:14:04.0205 5544        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:04.0252 5544        tssecsrv - ok
12:14:04.0315 5544        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:04.0377 5544        tunnel - ok
12:14:04.0408 5544        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:14:04.0424 5544        uagp35 - ok
12:14:04.0455 5544        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:14:04.0502 5544        udfs - ok
12:14:04.0549 5544        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:14:04.0595 5544        UI0Detect - ok
12:14:04.0627 5544        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:14:04.0658 5544        uliagpkx - ok
12:14:04.0689 5544        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:14:04.0736 5544        umbus - ok
12:14:04.0767 5544        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:14:04.0814 5544        UmPass - ok
12:14:04.0861 5544        UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
12:14:04.0923 5544        UmRdpService - ok
12:14:04.0970 5544        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:14:05.0063 5544        upnphost - ok
12:14:05.0126 5544        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
12:14:05.0157 5544        USBAAPL - ok
12:14:05.0188 5544        usbccgp        (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:05.0251 5544        usbccgp - ok
12:14:05.0297 5544        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:14:05.0344 5544        usbcir - ok
12:14:05.0360 5544        usbehci        (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
12:14:05.0391 5544        usbehci - ok
12:14:05.0438 5544        usbfilter      (fb0e8b624d1f7e214edb3d6e56b4ec88) C:\Windows\system32\DRIVERS\usbfilter.sys
12:14:05.0469 5544        usbfilter - ok
12:14:05.0531 5544        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:05.0563 5544        usbhub - ok
12:14:05.0594 5544        usbohci        (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
12:14:05.0625 5544        usbohci - ok
12:14:05.0672 5544        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:05.0734 5544        usbprint - ok
12:14:05.0765 5544        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:14:05.0812 5544        usbscan - ok
12:14:05.0859 5544        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:05.0921 5544        USBSTOR - ok
12:14:05.0937 5544        usbuhci        (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
12:14:05.0968 5544        usbuhci - ok
12:14:06.0031 5544        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
12:14:06.0093 5544        usbvideo - ok
12:14:06.0124 5544        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:14:06.0202 5544        UxSms - ok
12:14:06.0233 5544        VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:14:06.0249 5544        VaultSvc - ok
12:14:06.0280 5544        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:14:06.0296 5544        vdrvroot - ok
12:14:06.0374 5544        vds            (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
12:14:06.0436 5544        vds - ok
12:14:06.0467 5544        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:06.0514 5544        vga - ok
12:14:06.0530 5544        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:14:06.0561 5544        VgaSave - ok
12:14:06.0592 5544        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:14:06.0623 5544        vhdmp - ok
12:14:06.0655 5544        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:14:06.0686 5544        viaagp - ok
12:14:06.0717 5544        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:14:06.0748 5544        ViaC7 - ok
12:14:06.0764 5544        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:14:06.0779 5544        viaide - ok
12:14:06.0826 5544        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:14:06.0857 5544        vmbus - ok
12:14:06.0873 5544        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:14:06.0904 5544        VMBusHID - ok
12:14:06.0920 5544        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:14:06.0951 5544        volmgr - ok
12:14:07.0013 5544        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:14:07.0045 5544        volmgrx - ok
12:14:07.0107 5544        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:14:07.0138 5544        volsnap - ok
12:14:07.0201 5544        vpcbus          (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
12:14:07.0247 5544        vpcbus - ok
12:14:07.0279 5544        vpcnfltr        (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:14:07.0294 5544        vpcnfltr - ok
12:14:07.0341 5544        vpcusb          (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
12:14:07.0388 5544        vpcusb - ok
12:14:07.0497 5544        vpcvmm          (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys
12:14:07.0544 5544        vpcvmm - ok
12:14:07.0591 5544        VSGate          (dfcce776e721854f368046c5a6454a84) d:\ElsaWin\bin\VSgate.exe
12:14:07.0591 5544        VSGate ( UnsignedFile.Multi.Generic ) - warning
12:14:07.0591 5544        VSGate - detected UnsignedFile.Multi.Generic (1)
12:14:07.0653 5544        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:14:07.0684 5544        vsmraid - ok
12:14:07.0871 5544        VSS            (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
12:14:07.0949 5544        VSS - ok
12:14:07.0996 5544        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:08.0027 5544        vwifibus - ok
12:14:08.0059 5544        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:08.0105 5544        vwififlt - ok
12:14:08.0137 5544        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:14:08.0199 5544        vwifimp - ok
12:14:08.0246 5544        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:14:08.0324 5544        W32Time - ok
12:14:08.0371 5544        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:14:08.0386 5544        WacomPen - ok
12:14:08.0417 5544        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:08.0449 5544        WANARP - ok
12:14:08.0449 5544        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:08.0495 5544        Wanarpv6 - ok
12:14:08.0667 5544        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
12:14:08.0761 5544        wbengine - ok
12:14:08.0792 5544        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:14:08.0854 5544        WbioSrvc - ok
12:14:08.0917 5544        wcncsvc        (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
12:14:08.0995 5544        wcncsvc - ok
12:14:09.0010 5544        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:14:09.0057 5544        WcsPlugInService - ok
12:14:09.0119 5544        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:14:09.0151 5544        Wd - ok
12:14:09.0213 5544        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:14:09.0260 5544        Wdf01000 - ok
12:14:09.0291 5544        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:14:09.0338 5544        WdiServiceHost - ok
12:14:09.0353 5544        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:14:09.0385 5544        WdiSystemHost - ok
12:14:09.0447 5544        WebClient      (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
12:14:09.0494 5544        WebClient - ok
12:14:09.0541 5544        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:14:09.0634 5544        Wecsvc - ok
12:14:09.0650 5544        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:14:09.0681 5544        wercplsupport - ok
12:14:09.0697 5544        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:14:09.0743 5544        WerSvc - ok
12:14:09.0775 5544        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:09.0853 5544        WfpLwf - ok
12:14:09.0868 5544        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:14:09.0884 5544        WIMMount - ok
12:14:09.0899 5544        WinHttpAutoProxySvc - ok
12:14:09.0977 5544        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:14:10.0040 5544        Winmgmt - ok
12:14:10.0211 5544        WinRM          (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
12:14:10.0321 5544        WinRM - ok
12:14:10.0430 5544        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
12:14:10.0461 5544        WinUsb - ok
12:14:10.0570 5544        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:14:10.0664 5544        Wlansvc - ok
12:14:10.0695 5544        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:14:10.0742 5544        WmiAcpi - ok
12:14:10.0804 5544        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:10.0851 5544        wmiApSrv - ok
12:14:11.0038 5544        WMPNetworkSvc  (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:14:11.0116 5544        WMPNetworkSvc - ok
12:14:11.0163 5544        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:14:11.0194 5544        WPCSvc - ok
12:14:11.0225 5544        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
12:14:11.0257 5544        WPDBusEnum - ok
12:14:11.0319 5544        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:11.0397 5544        ws2ifsl - ok
12:14:11.0413 5544        WSearch - ok
12:14:11.0631 5544        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:14:11.0740 5544        wuauserv - ok
12:14:11.0896 5544        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:14:11.0990 5544        WudfPf - ok
12:14:12.0021 5544        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:12.0083 5544        WUDFRd - ok
12:14:12.0115 5544        wudfsvc        (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
12:14:12.0177 5544        wudfsvc - ok
12:14:12.0208 5544        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:14:12.0271 5544        WwanSvc - ok
12:14:12.0302 5544        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:14:12.0427 5544        \Device\Harddisk1\DR1 - ok
12:14:12.0442 5544        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:14:19.0119 5544        \Device\Harddisk0\DR0 - ok
12:14:19.0135 5544        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:14:19.0275 5544        \Device\Harddisk1\DR1 - ok
12:14:19.0275 5544        Boot (0x1200)  (177e814635b40f0183c1ccc9f1d8c7ad) \Device\Harddisk1\DR1\Partition0
12:14:19.0275 5544        \Device\Harddisk1\DR1\Partition0 - ok
12:14:19.0291 5544        Boot (0x1200)  (3c9e960c8d7adfa818e31e45fe23940f) \Device\Harddisk0\DR0\Partition0
12:14:19.0291 5544        \Device\Harddisk0\DR0\Partition0 - ok
12:14:19.0306 5544        Boot (0x1200)  (9dc4b93cbde9de596c7a945430ce265e) \Device\Harddisk0\DR0\Partition1
12:14:19.0306 5544        \Device\Harddisk0\DR0\Partition1 - ok
12:14:19.0337 5544        Boot (0x1200)  (eb8153a484bdd9646e76a6402778e947) \Device\Harddisk0\DR0\Partition2
12:14:19.0337 5544        \Device\Harddisk0\DR0\Partition2 - ok
12:14:19.0337 5544        Boot (0x1200)  (177e814635b40f0183c1ccc9f1d8c7ad) \Device\Harddisk1\DR1\Partition0
12:14:19.0337 5544        \Device\Harddisk1\DR1\Partition0 - ok
12:14:19.0353 5544        ============================================================
12:14:19.0353 5544        Scan finished
12:14:19.0353 5544        ============================================================
12:14:19.0384 5536        Detected object count: 11
12:14:19.0384 5536        Actual detected object count: 11
12:14:39.0009 5536        Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0009 5536        Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0025 5536        Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536        Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0025 5536        KMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536        KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0025 5536        LcSvrAdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536        LcSvrAdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0025 5536        LcSvrAuf ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536        LcSvrAuf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0040 5536        LcSvrDba ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536        LcSvrDba ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0040 5536        LcSvrHis ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536        LcSvrHis ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0040 5536        LcSvrPAS ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536        LcSvrPAS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0040 5536        LcSvrSaz ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536        LcSvrSaz ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0056 5536        NSHE ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0056 5536        NSHE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:39.0056 5536        VSGate ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0056 5536        VSGate ( UnsignedFile.Multi.Generic ) - User select action: Skip
Weiterhin vielen Dank


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129