Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal (https://www.trojaner-board.de/132037-keine-windows-updates-alles-rueckgaengig-gemacht-habe-csrss-exe-zweimal.html)

bobbypascha 10.03.2013 15:27
kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal
 
kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal in den Dateien entdeckt. Mein Rechnung läuft sehr langsam, Exploer schließt immer öfter das Programm.

Suche nach einer Lösung. Der Computer ist für mich wie böhmische Dörfer, könnte mir einer Schrittweise erklären was zu tun ist. Ich verzweifele langsam, brauche den Rechner für die Arbeit.


Lieben Dank im Vorraus für die Hilfe

cosinus 11.03.2013 11:26
Hallo und :hallo:

Zitat:
brauche den Rechner für die Arbeit.
Was genau heißt das?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

bobbypascha 11.03.2013 13:22
nein ist ein Privatrechner, habe nur gerade einen Job angenommen und muss viel googeln,
und recherche machen. Bin deshlab auf den Rechner angewiesen.
Habe einen Vista Home Premium ist allerdings von 2007.

gruss
bobbypascha

cosinus 11.03.2013 13:34
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

bobbypascha 12.03.2013 20:41
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 12.03.2013 20:08:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,57% Memory free
6,22 Gb Paging File | 4,95 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,95 Gb Total Space | 338,48 Gb Free Space | 73,91% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 3,43 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3396425265-1340493425-710984192-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02905E2A-2264-4446-8421-8E9BFAF2D76C}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BAF6DC5-2DF5-4E50-B3FE-49985E6D1B63}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{2949FE81-E5AB-4911-AED0-67B19A7392D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B3DCAAD-5A81-41EA-8F85-34D7DC735286}" = lport=445 | protocol=6 | dir=in | app=system |
"{54FD9164-6CBB-4917-8F5F-C3AA970B9B56}" = rport=139 | protocol=6 | dir=out | app=system |
"{5FB8D268-E784-4D86-BC10-04ABE5B1AFEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{86D9B6C7-B9CB-4220-8490-6B069523D620}" = rport=445 | protocol=6 | dir=out | app=system |
"{96885CAB-D1FB-4B95-A81E-93A7D10252E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B95C7369-7A1C-48DC-B537-FB39D21AD83C}" = lport=137 | protocol=17 | dir=in | app=system |
"{BCE25E81-D5B1-4295-A045-AC3C210FB932}" = lport=138 | protocol=17 | dir=in | app=system |
"{C0F2CE8A-FE5A-401D-847F-0427A0554BB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA23AB71-4E52-4D8C-95DE-8D2144D33182}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E6D81D7C-A7D9-4CC6-9BF5-940AAD65CC72}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6F0ACA1-655E-4301-A762-626E8016FC1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162295D4-7DB0-40BE-BE29-C20E4B5BF862}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{26CDF56C-5179-4BE2-A12C-915A87AC4350}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{5182A271-23F9-4359-8A03-AE3D0BA70A2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59B6C471-EE4C-491E-A1E2-A81AB70DFCC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5F025DEE-B875-442D-85D0-604BC99D11CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6068B7CB-307D-4CE4-8841-617815509282}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{60A0AD61-DDC1-40EF-A456-077B12086ECB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{68C77884-B8B5-4253-A7B4-DC8260BFC436}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{6C2A44BA-FB9B-4A65-B39C-02ED36725949}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D9F119F-33FA-4559-8A62-962D0381457D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{893AECF9-CC33-4A9E-9ACC-C64CF2E25821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9ACE2CF0-2D2A-4004-A926-1A3D2D671ABA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe |
"{9DECF058-5699-4EB8-9CAD-4C045F92BAB0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D36CD17A-AE13-48EF-A996-C20564258A5A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D82AC7B2-A681-4A46-B323-2110C8457190}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{F140AD2B-09F4-45C6-82B3-C6B6610CA14F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F23D3C88-7AB8-4144-BFD3-1EFA3A1FD2E5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F86C210E-58C4-4CF6-AD6C-A3555A65B94E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.576
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WNLT" = IB Updater Service
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 11:25:08 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.03.2013 11:25:31 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.03.2013 13:35:44 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 11.03.2013 15:01:01 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 11.03.2013 15:01:46 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm Taskmgr.exe, Version 6.0.6001.18000 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: c7c  Anfangszeit: 01ce1e8aabd1439e  Zeitpunkt
 der Beendigung: 16
 
Error - 12.03.2013 03:24:13 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.03.2013 06:30:17 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.03.2013 11:02:18 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.03.2013 11:16:14 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.03.2013 14:24:45 | Computer Name =  *****| Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 12.03.2013 11:16:14 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.03.2013 11:17:56 | Computer Name = ***** | Source = Service Control Manager | ID = 7038
Description =
 
Error - 12.03.2013 11:17:56 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.03.2013 14:23:08 | Computer Name = ***** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 002421F119F8 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 12.03.2013 14:24:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 12.03.2013 14:24:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.03.2013 14:25:42 | Computer Name = ***** | Source = Service Control Manager | ID = 7038
Description =
 
Error - 12.03.2013 14:25:42 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.03.2013 14:34:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 12.03.2013 14:35:04 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description =
 
 
< End of report >
--- --- ---


Hey,
ich hoffe ich habe alles richtig gemacht, sry,bin schon ein äteres Semester, du hast es aber super erklärt, vielen Dank nochmals für deine Hilfe ich warte jetzt ab, bist du wieder Zeit hast, damit ich die nächsten Schritte machen kann.

Gruss
bobbypascha

cosinus 12.03.2013 23:44
Was ist mit dem anderen Log von OTL, das nebenbei bemerkt viel wichtiger ist als die extras.txt?

bobbypascha 13.03.2013 09:19
sry, hier die gewünschte Kopie.

Gruss
bobbypaschaOTL Logfile:
Code:
OTL logfile created on: 12.03.2013 20:08:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,57% Memory free
6,22 Gb Paging File | 4,95 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,95 Gb Total Space | 338,48 Gb Free Space | 73,91% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 3,43 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.12 20:07:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2013.02.25 16:05:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:05:21 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.02.25 16:05:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:05:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.25 16:05:17 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.15 16:26:38 | 000,896,512 | ---- | M] () -- C:\Users\*****\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2013.02.15 16:26:37 | 000,096,768 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
PRC - [2013.02.15 16:26:35 | 000,067,584 | ---- | M] () -- C:\Windows\System32\CHxReaeingStringIME.exe
PRC - [2013.02.08 15:11:04 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Programme\Ask.com\AbineSDK\IE\DNTPService.exe
PRC - [2013.02.08 15:11:02 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2013.02.08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.01.29 14:30:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.21 12:57:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.01.07 18:13:17 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.05.11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 16:26:39 | 000,138,752 | ---- | M] () -- C:\ProgramData\DNSErrorHelper\bho.dll
MOD - [2013.02.08 15:11:04 | 000,925,120 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPContentFilter.dll
MOD - [2013.02.08 15:11:04 | 000,245,696 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPButton.dll
MOD - [2013.01.29 14:30:00 | 000,170,840 | ---- | M] () -- C:\Programme\IB Updater\Extension32.dll
MOD - [2008.10.15 00:03:48 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU
MOD - [2008.01.11 20:49:24 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu
MOD - [2007.05.11 01:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU
MOD - [2007.05.11 01:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu
MOD - [2007.05.11 01:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
MOD - [2007.05.11 01:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2007.05.11 01:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
MOD - [2007.05.11 01:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
MOD - [2007.05.11 01:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
MOD - [2007.05.11 01:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU
MOD - [2007.05.11 01:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
MOD - [2007.05.11 01:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
MOD - [2007.05.11 01:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
MOD - [2007.05.11 01:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
MOD - [2007.05.11 01:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU
MOD - [2007.05.11 01:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU
MOD - [2007.01.13 02:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.13 02:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006.10.23 00:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU
MOD - [2006.10.23 00:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
MOD - [2006.10.23 00:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
MOD - [2006.10.23 00:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU
MOD - [2006.10.23 00:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu
MOD - [2006.10.23 00:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.02.25 16:05:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:05:21 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.02.25 16:05:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.15 16:26:38 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\*****\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.15 16:26:37 | 000,096,768 | ---- | M] () [Auto | Running] -- C:\Windows\System32\GFilterSvc.exe -- (GFilterSvc)
SRV - [2013.02.15 16:26:35 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CHxReaeingStringIME.exe -- (iscsicql)
SRV - [2013.01.29 14:30:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.23 17:46:30 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\Windows\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\CBPMp50.sys -- (CBPMp50)
DRV - [2013.02.25 16:05:48 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.25 16:05:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.02.25 16:05:48 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.25 16:05:48 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.08.17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.01.21 03:23:00 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.31 11:23:22 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.10.31 11:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.23 17:48:16 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007.10.23 17:48:12 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\Windows\System32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007.07.07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.04.20 20:29:24 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.12.02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2005.12.19 10:15:44 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005.08.05 03:51:26 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2000.06.02 18:07:56 | 000,003,636 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HIDSWVD.sys -- (HIDSwvd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gogle.de/
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 90 83 B7 B1 0B CE 01  [binary data]
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{13B42FF3-B6DC-413C-BA4C-BCDB077EF609}: "URL" = hxxp://eu.wowarmory.com/search.xml?searchQuery={searchTerms}&searchType=all
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{2541357A-CF45-4F95-A283-39F210F10A04}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f610184d-b9b0-4362-b728-06939e49879c&apn_sauid=F370E216-45FB-40D1-9A66-4DDC59899FAE
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1F703F1F-1CE7-482E-AAB4-45F0A69F6AB8}&mid=93110bfb70c947d18667d16d6715f00b-8ace37aa17cc00c20a7496765243dec3e233c46f&lang=de&ds=tt014&pr=sa&d=2012-01-14 15:16:13&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6R8HV4m8ur&i=26
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:55:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:55:18 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.de/
CHR - Extension: IB Updater = C:\Users\*****AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.576_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk =  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{347A8191-78C4-4D4B-B91B-B163B90A8A5B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78B36F8-4683-43EF-AF44-94B44BD9DA42}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 20:07:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2013.03.11 15:08:52 | 000,000,000 | R--D | C] -- C:\Users *****\Contacts
[2013.03.09 18:19:57 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.03.09 13:32:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.03.09 10:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.08 17:29:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2013.03.08 17:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\*************
[2013.02.27 15:28:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 14:43:25 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************
[2013.02.27 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 11:24:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:18:34 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:15:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:11:59 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************
[2013.02.26 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************ 
[2013.02.25 16:07:03 | 000,000,000 | ---D | C] -- C:\Firefox
[2013.02.25 16:06:47 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.25 16:06:47 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.25 16:06:47 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.25 16:06:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.24 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************ 
[2013.02.24 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************
[2013.02.23 00:31:42 | 000,000,000 | ---D | C] -- C:\Users\*****AppData\Local\DoNotTrackPlus
[2013.02.18 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\*****AppData\Roaming\Avira
[2013.02.18 16:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.18 10:15:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\AskToolbar
[2013.02.18 10:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.02.18 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.15 16:56:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.02.15 16:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\node PDF-XChange
[2013.02.15 16:42:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\4D
[2013.02.15 16:40:46 | 000,059,008 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\System32\pxc40pm.dll
[2013.02.15 16:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.02.15 16:39:46 | 000,000,000 | ---D | C] -- C:\EXPOSE8_App
[2013.02.15 16:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.15 16:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.02.15 16:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.15 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013.02.15 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.15 16:26:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2013.02.15 16:26:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera
[2013.02.15 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\OCS
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 20:07:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.03.12 20:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 19:23:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 19:23:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 19:23:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.12 19:23:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 19:23:00 | 3220,316,160 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 09:43:03 | 000,002,605 | ---- | M] () -- C:\Users\*****esktop\Microsoft Word.lnk
[2013.03.09 20:23:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.09 20:23:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.09 20:23:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.09 20:23:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.09 10:12:19 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.06 17:36:13 | 000,002,708 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2013.03.04 13:01:48 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2013.03.04 12:35:30 | 000,002,641 | ---- | M] () -- C:\Users\*****\Desktop\Microsoft Excel.lnk
[2013.03.04 09:58:40 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.04 09:07:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.03.04 09:07:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.03.04 09:07:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013.02.27 15:56:35 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.02.25 16:05:48 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.25 16:05:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.25 16:05:48 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.25 16:05:48 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.15 16:26:37 | 000,096,768 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
[2013.02.15 16:26:35 | 000,067,584 | ---- | M] () -- C:\Windows\System32\CHxReaeingStringIME.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.11 19:56:49 | 000,001,757 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk
[2013.03.06 17:41:39 | 3220,316,160 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.04 13:00:54 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2013.02.25 16:07:53 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.15 16:27:08 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.02.15 16:26:37 | 000,096,768 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2013.02.15 16:26:35 | 000,067,584 | ---- | C] () -- C:\Windows\System32\CHxReaeingStringIME.exe
[2012.10.12 10:38:32 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.02.21 11:30:33 | 000,196,653 | ---- | C] () -- C:\Windows\System32\drivers\aVivid.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nVivid.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nStandard.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAsmedia.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAdvanced.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aAdvanced.bin
[2012.02.21 11:30:33 | 000,196,582 | ---- | C] () -- C:\Windows\System32\drivers\aStandard.bin
[2012.02.21 11:30:33 | 000,196,582 | ---- | C] () -- C:\Windows\System32\drivers\aAsmedia.bin
[2012.02.21 11:30:33 | 000,000,018 | ---- | C] () -- C:\Windows\System32\atkid.ini
[2012.02.21 11:30:32 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.21 11:30:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.21 11:30:32 | 000,046,592 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2012.01.12 18:38:53 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{5FE5A8F1-9357-46EC-9BE4-16F6F8D0EA4D}
[2012.01.11 21:22:15 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{6D303FFB-B5C9-4A9C-A927-4D6F18EB4F9F}
[2011.11.09 00:44:23 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{59EC2B87-EDC8-41D2-8418-0EF890C99184}
[2011.11.06 12:17:15 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.06 12:17:03 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[2011.06.28 11:54:52 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.06.28 11:54:38 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.03.23 17:21:59 | 010,335,744 | ---- | C] () -- C:\Program Files\usb_adapter_108_V2025_eng.exe
[2009.01.23 17:49:13 | 000,002,708 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2008.10.06 09:59:51 | 000,012,800 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.15 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\4D
[2013.02.15 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2009.04.27 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MobMapUpdater
[2013.02.15 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2013.02.15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2012.09.04 13:42:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.03.24 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\*****\Roaming\ts3overlay
[2012.01.14 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

cosinus 13.03.2013 11:37
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

bobbypascha 14.03.2013 11:40
hey,
ich habe mehrmals versucht den Logfile unter Gmer.txt auf Destkop zu speichern, hatte immer die Ansage kann nicht gespeichert werden zuviel Speicher. Kann nicht sein habe genug Arbeitsspeicher. ok
Habe dann mit Malwarebytes Anti-Rootkit aktiviert hier die Daten:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
Malwarebytes : Free anti-malware download

Database version: v2013.02.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

14.03.2013 11:27:57
mbar-log-2013-03-14 (11-27-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29345
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Danach habe ich den Rechner runtergefahren und Neustart gemacht und habe die Uptades - Windows gestartet es waren 31 Stück, wurden wieder nicht konfiguriert.

Langsam verzweifele ich:(((

Gruss
Bobbypascha

cosinus 14.03.2013 14:41
Zitat:
Database version: v2013.02.15.09
So wird das auch nichts, du musst die SIgnaturen von MBAR aktualisieren und den Scan wiederholen
Außerdem solltest du die Logs in CODE-Tags posten


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

bobbypascha 14.03.2013 17:24
sry, habe den MBAR aktualisiert, er hatte einen Fund. habe dann das gesamte Longfile mit Strg+A makiert und anschließend mit Strg.+C kopiert in die Zwischenablage im Editor finde ich die Route nicht.

probiere es nochmal so, sry sry sry



Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

14.03.2013 16:25:35
mbar-log-2013-03-14 (16-25-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29140
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\****\AppData\Local\Temp\PricePeep_BetterInstaller_2012-10-02.exe (Adware.Shopper) -> Delete on reboot.

(end)

cosinus 14.03.2013 21:51
Bitte die Logs in CODE-Tags posten, es wurde genau ein Posting vorher von mir haarklein erklärt wie das geht!


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

bobbypascha 15.03.2013 10:57
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName:****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:57:55.519    Disk 0 MBR has been saved successfully to "C:\Users\*****\Downloads\MBR.dat"
07:57:55.535    The log file has been saved successfully to "C:\Users\*****\Downloads\aswMBR.txt"
08:00:06.725    Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:00:06.975    The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:01:08.212    Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:01:08.212    The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:03:02.521    Disk 0 MBR has been saved successfully to "C:\Users\*****Desktop\MBR.dat"
08:03:02.536    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully

cosinus 15.03.2013 12:48
Was ist mit dem anderen Tool?

Zitat:
C:\Windows\system32\CHxReaeingStringIME.exe
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

bobbypascha 15.03.2013 14:15
C:\72feafd18f6f85bacd8b37aac0c4e03915d8f64e5c55b5d8faded86fa1affd27

ich hoffe es ist der richtige

gruß petra

cosinus 15.03.2013 15:28
Sry, aber das ist kein Link zu Virustotal

bobbypascha 15.03.2013 16:12
https://www.virustotal.com/de/file/72feafd18f6f85bacd8b37aac0c4e03915d8f64e5c55b5d8faded86fa1affd27/analysis/

das müsste er sein

die 1 beim teufelchen im virustotal war ein versehen. sorry

cosinus 15.03.2013 17:27
Ok, was ist denn jetzt mit dem Log vom TDSS-Killer? Das fehlt noch.

bobbypascha 15.03.2013 17:36
habe nicht richtig gepostet, sorry

17:34:26.0845 2576 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:34:27.0017 2576 ============================================================
17:34:27.0017 2576 Current date / time: 2013/03/15 17:34:27.0017
17:34:27.0017 2576 SystemInfo:
17:34:27.0017 2576
17:34:27.0017 2576 OS Version: 6.0.6002 ServicePack: 2.0
17:34:27.0017 2576 Product type: Workstation
17:34:27.0017 2576 ComputerName: PETRA-PC
17:34:27.0017 2576 UserName: Petra
17:34:27.0017 2576 Windows directory: C:\Windows
17:34:27.0017 2576 System windows directory: C:\Windows
17:34:27.0017 2576 Processor architecture: Intel x86
17:34:27.0017 2576 Number of processors: 2
17:34:27.0017 2576 Page size: 0x1000
17:34:27.0017 2576 Boot type: Normal boot
17:34:27.0017 2576 ============================================================
17:34:28.0079 2576 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:34:28.0095 2576 ============================================================
17:34:28.0095 2576 \Device\Harddisk0\DR0:
17:34:28.0095 2576 MBR partitions:
17:34:28.0095 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x393E4FF8
17:34:28.0095 2576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x393E5800, BlocksNum 0xFA0000
17:34:28.0095 2576 ============================================================
17:34:28.0126 2576 C: <-> \Device\Harddisk0\DR0\Partition1
17:34:28.0142 2576 D: <-> \Device\Harddisk0\DR0\Partition2
17:34:28.0142 2576 ============================================================
17:34:28.0142 2576 Initialize success
17:34:28.0142 2576 ============================================================
17:34:41.0095 1348 ============================================================
17:34:41.0095 1348 Scan started
17:34:41.0095 1348 Mode: Manual;
17:34:41.0095 1348 ============================================================
17:34:42.0173 1348 ================ Scan system memory ========================
17:34:42.0173 1348 System memory - ok
17:34:42.0173 1348 ================ Scan services =============================
17:34:42.0314 1348 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:34:42.0314 1348 ACPI - ok
17:34:42.0517 1348 [ DBD5934D88CDD8B8C255D857DF9F689B ] AddonsHelper C:\Users\Petra\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
17:34:42.0533 1348 AddonsHelper - ok
17:34:42.0579 1348 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:34:42.0579 1348 adp94xx - ok
17:34:42.0626 1348 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:34:42.0626 1348 adpahci - ok
17:34:42.0642 1348 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:34:42.0642 1348 adpu160m - ok
17:34:42.0658 1348 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:34:42.0658 1348 adpu320 - ok
17:34:42.0704 1348 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:34:42.0704 1348 AeLookupSvc - ok
17:34:42.0767 1348 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:34:42.0767 1348 AFD - ok
17:34:42.0814 1348 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:34:42.0814 1348 agp440 - ok
17:34:42.0845 1348 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:34:42.0845 1348 aic78xx - ok
17:34:42.0861 1348 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:34:42.0861 1348 ALG - ok
17:34:42.0876 1348 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:34:42.0876 1348 aliide - ok
17:34:42.0892 1348 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:34:42.0892 1348 amdagp - ok
17:34:42.0908 1348 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:34:42.0908 1348 amdide - ok
17:34:42.0939 1348 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:34:42.0939 1348 AmdK7 - ok
17:34:42.0954 1348 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:34:42.0954 1348 AmdK8 - ok
17:34:43.0079 1348 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:34:43.0079 1348 AntiVirSchedulerService - ok
17:34:43.0142 1348 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:34:43.0142 1348 AntiVirService - ok
17:34:43.0173 1348 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:34:43.0173 1348 AntiVirWebService - ok
17:34:43.0220 1348 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:34:43.0236 1348 Appinfo - ok
17:34:43.0283 1348 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:34:43.0283 1348 arc - ok
17:34:43.0329 1348 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:34:43.0329 1348 arcsas - ok
17:34:43.0376 1348 [ D320732BCF5FF856120BD06855C66867 ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
17:34:43.0376 1348 asusgsb - ok
17:34:43.0454 1348 [ B3B881EB81013AAC11594A5400ADA47A ] asuskbnt C:\Windows\system32\drivers\atkkbnt.sys
17:34:43.0454 1348 asuskbnt - ok
17:34:43.0470 1348 [ 94442E3029FF6C9F08140FE6718AF4FB ] ASUSVRC C:\Windows\system32\DRIVERS\AsusVRC.sys
17:34:43.0470 1348 ASUSVRC - ok
17:34:43.0517 1348 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:43.0517 1348 AsyncMac - ok
17:34:43.0533 1348 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:34:43.0533 1348 atapi - ok
17:34:43.0611 1348 [ 73C18A2C69DFAB351FF0D6C0E69474B6 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
17:34:43.0642 1348 athrusb - ok
17:34:43.0689 1348 [ DF70303547E59F09DCD32983100EDCD1 ] ATKKeyboardService C:\Windows\ATKKBService.exe
17:34:43.0689 1348 ATKKeyboardService - ok
17:34:43.0751 1348 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:34:43.0751 1348 AudioEndpointBuilder - ok
17:34:43.0783 1348 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:34:43.0783 1348 Audiosrv - ok
17:34:43.0829 1348 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:34:43.0829 1348 avgntflt - ok
17:34:43.0892 1348 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:34:43.0892 1348 avipbb - ok
17:34:43.0939 1348 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:34:43.0939 1348 avkmgr - ok
17:34:44.0001 1348 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:34:44.0001 1348 Beep - ok
17:34:44.0126 1348 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:34:44.0158 1348 BFE - ok
17:34:44.0251 1348 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:34:44.0267 1348 BITS - ok
17:34:44.0283 1348 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:34:44.0283 1348 blbdrive - ok
17:34:44.0298 1348 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:34:44.0298 1348 bowser - ok
17:34:44.0345 1348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:34:44.0345 1348 BrFiltLo - ok
17:34:44.0361 1348 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:34:44.0361 1348 BrFiltUp - ok
17:34:44.0392 1348 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:34:44.0392 1348 Browser - ok
17:34:44.0423 1348 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:34:44.0423 1348 Brserid - ok
17:34:44.0439 1348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:34:44.0439 1348 BrSerWdm - ok
17:34:44.0454 1348 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:34:44.0454 1348 BrUsbMdm - ok
17:34:44.0470 1348 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:34:44.0470 1348 BrUsbSer - ok
17:34:44.0517 1348 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:34:44.0517 1348 BTHMODEM - ok
17:34:44.0548 1348 CBPMp50 - ok
17:34:44.0579 1348 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] CBPSp50 C:\Windows\system32\Drivers\CBPSp50.sys
17:34:44.0579 1348 CBPSp50 - ok
17:34:44.0626 1348 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:34:44.0626 1348 cdfs - ok
17:34:44.0689 1348 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:34:44.0689 1348 cdrom - ok
17:34:44.0720 1348 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:34:44.0736 1348 CertPropSvc - ok
17:34:44.0736 1348 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:34:44.0736 1348 circlass - ok
17:34:44.0767 1348 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:34:44.0767 1348 CLFS - ok
17:34:44.0829 1348 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:34:44.0829 1348 clr_optimization_v2.0.50727_32 - ok
17:34:44.0861 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:34:44.0861 1348 clr_optimization_v4.0.30319_32 - ok
17:34:44.0892 1348 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:34:44.0892 1348 cmdide - ok
17:34:44.0892 1348 Compbatt - ok
17:34:44.0892 1348 COMSysApp - ok
17:34:44.0923 1348 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:34:44.0923 1348 crcdisk - ok
17:34:44.0939 1348 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:34:44.0939 1348 Crusoe - ok
17:34:45.0001 1348 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:34:45.0001 1348 CryptSvc - ok
17:34:45.0017 1348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:34:45.0048 1348 DcomLaunch - ok
17:34:45.0079 1348 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:34:45.0079 1348 DfsC - ok
17:34:45.0173 1348 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:34:45.0220 1348 DFSR - ok
17:34:45.0298 1348 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:34:45.0298 1348 Dhcp - ok
17:34:45.0345 1348 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:34:45.0345 1348 disk - ok
17:34:45.0408 1348 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:34:45.0408 1348 Dnscache - ok
17:34:45.0423 1348 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:34:45.0423 1348 dot3svc - ok
17:34:45.0470 1348 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:34:45.0470 1348 Dot4 - ok
17:34:45.0486 1348 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:34:45.0486 1348 Dot4Print - ok
17:34:45.0517 1348 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:34:45.0517 1348 dot4usb - ok
17:34:45.0579 1348 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:34:45.0579 1348 DPS - ok
17:34:45.0626 1348 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:34:45.0626 1348 drmkaud - ok
17:34:45.0658 1348 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:34:45.0673 1348 DXGKrnl - ok
17:34:45.0720 1348 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:34:45.0720 1348 E1G60 - ok
17:34:45.0767 1348 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:34:45.0767 1348 EapHost - ok
17:34:45.0829 1348 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:34:45.0829 1348 Ecache - ok
17:34:45.0876 1348 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:34:45.0876 1348 ehRecvr - ok
17:34:45.0908 1348 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:34:45.0908 1348 ehSched - ok
17:34:45.0923 1348 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:34:45.0923 1348 ehstart - ok
17:34:45.0970 1348 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:34:45.0986 1348 elxstor - ok
17:34:46.0017 1348 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:34:46.0033 1348 EMDMgmt - ok
17:34:46.0064 1348 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:34:46.0064 1348 ErrDev - ok
17:34:46.0126 1348 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:34:46.0126 1348 EventSystem - ok
17:34:46.0189 1348 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:34:46.0189 1348 exfat - ok
17:34:46.0236 1348 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:34:46.0236 1348 fastfat - ok
17:34:46.0283 1348 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:34:46.0283 1348 fdc - ok
17:34:46.0298 1348 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:34:46.0298 1348 fdPHost - ok
17:34:46.0314 1348 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:34:46.0314 1348 FDResPub - ok
17:34:46.0329 1348 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:34:46.0329 1348 FileInfo - ok
17:34:46.0345 1348 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:34:46.0345 1348 Filetrace - ok
17:34:46.0361 1348 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:46.0361 1348 flpydisk - ok
17:34:46.0392 1348 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:34:46.0408 1348 FltMgr - ok
17:34:46.0486 1348 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:34:46.0501 1348 FontCache - ok
17:34:46.0548 1348 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:34:46.0548 1348 FontCache3.0.0.0 - ok
17:34:46.0564 1348 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:34:46.0564 1348 Fs_Rec - ok
17:34:46.0595 1348 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:34:46.0595 1348 gagp30kx - ok
17:34:46.0658 1348 [ BDA4545DAE51D53B7A85E7B937CDE634 ] GcKernel C:\Windows\system32\DRIVERS\GcKernel.sys
17:34:46.0658 1348 GcKernel - ok
17:34:46.0704 1348 [ F4A9CD1F2EDACAA78476549158AA5BC1 ] GFilterSvc C:\Windows\System32\GFilterSvc.exe
17:34:46.0704 1348 GFilterSvc - ok
17:34:46.0751 1348 GMSIPCI - ok
17:34:46.0798 1348 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:34:46.0814 1348 gpsvc - ok
17:34:46.0892 1348 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:46.0892 1348 gupdate - ok
17:34:46.0923 1348 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:46.0923 1348 gupdatem - ok
17:34:46.0970 1348 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:34:46.0970 1348 gusvc - ok
17:34:46.0986 1348 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:34:46.0986 1348 HdAudAddService - ok
17:34:47.0017 1348 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:34:47.0017 1348 HDAudBus - ok
17:34:47.0079 1348 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:34:47.0079 1348 HidBth - ok
17:34:47.0079 1348 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:34:47.0079 1348 HidIr - ok
17:34:47.0111 1348 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:34:47.0126 1348 hidserv - ok
17:34:47.0204 1348 [ 3AD266EEA4AF7AA58B43DE1B29B75C4B ] HIDSwvd C:\Windows\system32\DRIVERS\HIDSwvd.sys
17:34:47.0204 1348 HIDSwvd - ok
17:34:47.0220 1348 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:34:47.0220 1348 HidUsb - ok
17:34:47.0236 1348 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:34:47.0236 1348 hkmsvc - ok
17:34:47.0251 1348 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:34:47.0251 1348 HpCISSs - ok
17:34:47.0345 1348 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:34:47.0345 1348 hpqcxs08 - ok
17:34:47.0361 1348 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:34:47.0361 1348 hpqddsvc - ok
17:34:47.0392 1348 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:34:47.0408 1348 HTTP - ok
17:34:47.0423 1348 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:34:47.0423 1348 i2omp - ok
17:34:47.0470 1348 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:34:47.0486 1348 i8042prt - ok
17:34:47.0486 1348 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:34:47.0486 1348 iaStorV - ok
17:34:47.0564 1348 [ 54E99BFCF960C1299A0E63F77127E5C8 ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
17:34:47.0595 1348 IB Updater - ok
17:34:47.0673 1348 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:34:47.0673 1348 IDriverT - ok
17:34:47.0720 1348 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:34:47.0736 1348 idsvc - ok
17:34:47.0767 1348 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:34:47.0767 1348 iirsp - ok
17:34:47.0798 1348 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:34:47.0798 1348 IKEEXT - ok
17:34:47.0892 1348 [ 251E85A3BAC210FFF6BAD3D1F33113E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:34:47.0923 1348 IntcAzAudAddService - ok
17:34:48.0001 1348 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:34:48.0001 1348 intelide - ok
17:34:48.0017 1348 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:34:48.0017 1348 intelppm - ok
17:34:48.0033 1348 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:34:48.0033 1348 IPBusEnum - ok
17:34:48.0048 1348 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:48.0048 1348 IpFilterDriver - ok
17:34:48.0079 1348 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:34:48.0079 1348 iphlpsvc - ok
17:34:48.0079 1348 IpInIp - ok
17:34:48.0095 1348 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:34:48.0095 1348 IPMIDRV - ok
17:34:48.0111 1348 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:34:48.0111 1348 IPNAT - ok
17:34:48.0111 1348 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:34:48.0111 1348 IRENUM - ok
17:34:48.0126 1348 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:34:48.0126 1348 isapnp - ok
17:34:48.0142 1348 [ EE9C0105DCE3D1135DF9CB1C24FE4D83 ] iscsicql C:\Windows\system32\CHxReaeingStringIME.exe
17:34:48.0142 1348 iscsicql - ok
17:34:48.0189 1348 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:34:48.0189 1348 iScsiPrt - ok
17:34:48.0204 1348 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:34:48.0204 1348 iteatapi - ok
17:34:48.0220 1348 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:34:48.0220 1348 iteraid - ok
17:34:48.0251 1348 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:34:48.0251 1348 kbdclass - ok
17:34:48.0267 1348 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:34:48.0267 1348 kbdhid - ok
17:34:48.0298 1348 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:34:48.0298 1348 KeyIso - ok
17:34:48.0329 1348 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:34:48.0329 1348 KSecDD - ok
17:34:48.0392 1348 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:34:48.0392 1348 KtmRm - ok
17:34:48.0454 1348 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:34:48.0454 1348 LanmanServer - ok
17:34:48.0486 1348 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:34:48.0486 1348 LanmanWorkstation - ok
17:34:48.0517 1348 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:34:48.0517 1348 lltdio - ok
17:34:48.0533 1348 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:34:48.0533 1348 lltdsvc - ok
17:34:48.0548 1348 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:34:48.0548 1348 lmhosts - ok
17:34:48.0564 1348 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:34:48.0564 1348 LSI_FC - ok
17:34:48.0564 1348 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:34:48.0564 1348 LSI_SAS - ok
17:34:48.0595 1348 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:34:48.0611 1348 LSI_SCSI - ok
17:34:48.0626 1348 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:34:48.0626 1348 luafv - ok
17:34:48.0626 1348 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:34:48.0626 1348 Mcx2Svc - ok
17:34:48.0642 1348 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:34:48.0642 1348 megasas - ok
17:34:48.0658 1348 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:34:48.0658 1348 MegaSR - ok
17:34:48.0673 1348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:34:48.0673 1348 MMCSS - ok
17:34:48.0689 1348 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:34:48.0689 1348 Modem - ok
17:34:48.0704 1348 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:34:48.0704 1348 monitor - ok
17:34:48.0720 1348 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:34:48.0736 1348 mouclass - ok
17:34:48.0767 1348 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:34:48.0767 1348 mouhid - ok
17:34:48.0783 1348 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:34:48.0783 1348 MountMgr - ok
17:34:48.0814 1348 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
17:34:48.0829 1348 mpio - ok
17:34:48.0829 1348 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:34:48.0829 1348 mpsdrv - ok
17:34:48.0861 1348 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:34:48.0861 1348 MpsSvc - ok
17:34:48.0876 1348 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:34:48.0876 1348 Mraid35x - ok
17:34:48.0892 1348 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:34:48.0908 1348 MRxDAV - ok
17:34:48.0923 1348 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:48.0923 1348 mrxsmb - ok
17:34:48.0939 1348 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:48.0939 1348 mrxsmb10 - ok
17:34:48.0939 1348 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:48.0954 1348 mrxsmb20 - ok
17:34:48.0954 1348 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
17:34:48.0954 1348 msahci - ok
17:34:48.0986 1348 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:34:48.0986 1348 msdsm - ok
17:34:49.0001 1348 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:34:49.0001 1348 MSDTC - ok
17:34:49.0048 1348 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:34:49.0048 1348 Msfs - ok
17:34:49.0079 1348 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:34:49.0079 1348 msisadrv - ok
17:34:49.0111 1348 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:34:49.0111 1348 MSiSCSI - ok
17:34:49.0111 1348 msiserver - ok
17:34:49.0126 1348 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:34:49.0126 1348 MSKSSRV - ok
17:34:49.0142 1348 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:49.0142 1348 MSPCLOCK - ok
17:34:49.0173 1348 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:34:49.0173 1348 MSPQM - ok
17:34:49.0204 1348 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:34:49.0204 1348 MsRPC - ok
17:34:49.0220 1348 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:34:49.0220 1348 mssmbios - ok
17:34:49.0267 1348 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:34:49.0267 1348 MSTEE - ok
17:34:49.0283 1348 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:34:49.0283 1348 Mup - ok
17:34:49.0298 1348 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:34:49.0314 1348 napagent - ok
17:34:49.0329 1348 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:34:49.0329 1348 NativeWifiP - ok
17:34:49.0361 1348 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:34:49.0361 1348 NDIS - ok
17:34:49.0376 1348 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:49.0376 1348 NdisTapi - ok
17:34:49.0392 1348 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:49.0392 1348 Ndisuio - ok
17:34:49.0439 1348 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:49.0439 1348 NdisWan - ok
17:34:49.0454 1348 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:34:49.0454 1348 NDProxy - ok
17:34:49.0517 1348 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:34:49.0517 1348 Net Driver HPZ12 - ok
17:34:49.0533 1348 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:34:49.0533 1348 NetBIOS - ok
17:34:49.0564 1348 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:34:49.0564 1348 netbt - ok
17:34:49.0579 1348 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:34:49.0579 1348 Netlogon - ok
17:34:49.0611 1348 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:34:49.0611 1348 Netman - ok
17:34:49.0642 1348 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:34:49.0642 1348 netprofm - ok
17:34:49.0673 1348 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:34:49.0673 1348 NetTcpPortSharing - ok
17:34:49.0689 1348 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:34:49.0689 1348 nfrd960 - ok
17:34:49.0704 1348 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:34:49.0720 1348 NlaSvc - ok
17:34:49.0783 1348 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
17:34:49.0783 1348 nmwcd - ok
17:34:49.0829 1348 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
17:34:49.0829 1348 nmwcdc - ok
17:34:49.0861 1348 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:34:49.0861 1348 Npfs - ok
17:34:49.0892 1348 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:34:49.0892 1348 nsi - ok
17:34:49.0908 1348 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:34:49.0908 1348 nsiproxy - ok
17:34:49.0939 1348 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:34:49.0954 1348 Ntfs - ok
17:34:49.0970 1348 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:34:49.0986 1348 ntrigdigi - ok
17:34:50.0001 1348 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:34:50.0001 1348 Null - ok
17:34:50.0079 1348 [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:34:50.0142 1348 NVENETFD - ok
17:34:50.0423 1348 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:34:50.0642 1348 nvlddmkm - ok
17:34:50.0658 1348 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:34:50.0658 1348 nvraid - ok
17:34:50.0689 1348 [ B8D6145D3EB05E9F81BADE9B7AFC2C80 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
17:34:50.0689 1348 nvrd32 - ok
17:34:50.0704 1348 [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:34:50.0704 1348 nvsmu - ok
17:34:50.0720 1348 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:34:50.0720 1348 nvstor - ok
17:34:50.0736 1348 [ 9D2BD672C0461185D6EA1AE8BD3AE3F4 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
17:34:50.0736 1348 nvstor32 - ok
17:34:50.0767 1348 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:34:50.0814 1348 nvsvc - ok
17:34:50.0892 1348 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:34:50.0939 1348 nvUpdatusService - ok
17:34:50.0939 1348 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:34:50.0939 1348 nv_agp - ok
17:34:50.0954 1348 NwlnkFlt - ok
17:34:50.0954 1348 NwlnkFwd - ok
17:34:50.0970 1348 [ 978DB00DEBE81643F204CBC50707F30D ] O2MDRDR C:\Windows\system32\drivers\o2media.sys
17:34:50.0970 1348 O2MDRDR - ok
17:34:50.0986 1348 [ 694B4555CEC16397AA8731CE87FC1E11 ] O2SDRDR C:\Windows\system32\drivers\o2sd.sys
17:34:50.0986 1348 O2SDRDR - ok
17:34:51.0079 1348 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:34:51.0079 1348 odserv - ok
17:34:51.0095 1348 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:34:51.0095 1348 ohci1394 - ok
17:34:51.0158 1348 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:51.0158 1348 ose - ok
17:34:51.0189 1348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:34:51.0204 1348 p2pimsvc - ok
17:34:51.0220 1348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:34:51.0220 1348 p2psvc - ok
17:34:51.0236 1348 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:34:51.0236 1348 Parport - ok
17:34:51.0251 1348 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:34:51.0251 1348 partmgr - ok
17:34:51.0267 1348 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:34:51.0267 1348 Parvdm - ok
17:34:51.0298 1348 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:34:51.0298 1348 PcaSvc - ok
17:34:51.0329 1348 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:34:51.0329 1348 pci - ok
17:34:51.0376 1348 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
17:34:51.0376 1348 pciide - ok
17:34:51.0392 1348 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:34:51.0392 1348 pcmcia - ok
17:34:51.0454 1348 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:34:51.0470 1348 PEAUTH - ok
17:34:51.0533 1348 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:34:51.0564 1348 pla - ok
17:34:51.0595 1348 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:34:51.0595 1348 PlugPlay - ok
17:34:51.0673 1348 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:34:51.0673 1348 Pml Driver HPZ12 - ok
17:34:51.0689 1348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:34:51.0704 1348 PNRPAutoReg - ok
17:34:51.0720 1348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:34:51.0736 1348 PNRPsvc - ok
17:34:51.0767 1348 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:34:51.0767 1348 PolicyAgent - ok
17:34:51.0798 1348 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:34:51.0798 1348 PptpMiniport - ok
17:34:51.0798 1348 PRISM_A02 - ok
17:34:51.0814 1348 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:34:51.0814 1348 Processor - ok
17:34:51.0829 1348 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:34:51.0829 1348 ProfSvc - ok
17:34:51.0845 1348 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:51.0845 1348 ProtectedStorage - ok
17:34:51.0876 1348 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:34:51.0876 1348 PSched - ok
17:34:51.0876 1348 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
17:34:51.0876 1348 PxHelp20 - ok
17:34:51.0939 1348 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:34:51.0970 1348 ql2300 - ok
17:34:51.0986 1348 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:34:51.0986 1348 ql40xx - ok
17:34:52.0017 1348 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:34:52.0017 1348 QWAVE - ok
17:34:52.0033 1348 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:34:52.0033 1348 QWAVEdrv - ok
17:34:52.0048 1348 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:34:52.0048 1348 RasAcd - ok
17:34:52.0064 1348 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:34:52.0079 1348 RasAuto - ok
17:34:52.0079 1348 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:52.0079 1348 Rasl2tp - ok
17:34:52.0111 1348 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:34:52.0111 1348 RasMan - ok
17:34:52.0142 1348 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:52.0142 1348 RasPppoe - ok
17:34:52.0158 1348 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:34:52.0158 1348 RasSstp - ok
17:34:52.0173 1348 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:34:52.0189 1348 rdbss - ok
17:34:52.0204 1348 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:52.0204 1348 RDPCDD - ok
17:34:52.0220 1348 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:34:52.0236 1348 rdpdr - ok
17:34:52.0236 1348 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:34:52.0236 1348 RDPENCDD - ok
17:34:52.0298 1348 [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:34:52.0298 1348 RDPWD - ok
17:34:52.0329 1348 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:34:52.0329 1348 RemoteAccess - ok
17:34:52.0345 1348 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:34:52.0361 1348 RemoteRegistry - ok
17:34:52.0423 1348 [ CFA81DC1BBF0302C3946E3262FE8F80A ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
17:34:52.0454 1348 RoxMediaDB9 - ok
17:34:52.0470 1348 [ CEB110ED72D9690430DAD175F93BC91B ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
17:34:52.0470 1348 RoxWatch9 - ok
17:34:52.0486 1348 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:34:52.0501 1348 RpcLocator - ok
17:34:52.0517 1348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:34:52.0533 1348 RpcSs - ok
17:34:52.0548 1348 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:34:52.0548 1348 rspndr - ok
17:34:52.0564 1348 [ 30AED4A37E8F8BBF41983D4AE3A15DF9 ] RxFilter C:\Windows\system32\DRIVERS\RxFilter.sys
17:34:52.0564 1348 RxFilter - ok
17:34:52.0564 1348 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:34:52.0564 1348 SamSs - ok
17:34:52.0579 1348 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:34:52.0579 1348 sbp2port - ok
17:34:52.0595 1348 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:34:52.0611 1348 SCardSvr - ok
17:34:52.0642 1348 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:34:52.0658 1348 Schedule - ok
17:34:52.0673 1348 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:34:52.0673 1348 SCPolicySvc - ok
17:34:52.0689 1348 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:34:52.0689 1348 SDRSVC - ok
17:34:52.0704 1348 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:34:52.0704 1348 seclogon - ok
17:34:52.0720 1348 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:34:52.0720 1348 SENS - ok
17:34:52.0751 1348 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:34:52.0751 1348 Serenum - ok
17:34:52.0783 1348 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:34:52.0783 1348 Serial - ok
17:34:52.0783 1348 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:34:52.0783 1348 sermouse - ok
17:34:52.0814 1348 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:34:52.0814 1348 SessionEnv - ok
17:34:52.0829 1348 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:34:52.0829 1348 sffdisk - ok
17:34:52.0845 1348 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:34:52.0845 1348 sffp_mmc - ok
17:34:52.0845 1348 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:34:52.0845 1348 sffp_sd - ok
17:34:52.0876 1348 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:34:52.0876 1348 sfloppy - ok
17:34:52.0908 1348 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:34:52.0908 1348 SharedAccess - ok
17:34:52.0923 1348 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:52.0923 1348 ShellHWDetection - ok
17:34:52.0939 1348 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:34:52.0939 1348 sisagp - ok
17:34:52.0954 1348 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:34:52.0954 1348 SiSRaid2 - ok
17:34:52.0986 1348 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:34:52.0986 1348 SiSRaid4 - ok
17:34:53.0079 1348 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:34:53.0126 1348 slsvc - ok
17:34:53.0158 1348 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:34:53.0158 1348 SLUINotify - ok
17:34:53.0173 1348 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:34:53.0189 1348 Smb - ok
17:34:53.0204 1348 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:34:53.0236 1348 SNMPTRAP - ok
17:34:53.0251 1348 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:34:53.0251 1348 spldr - ok
17:34:53.0283 1348 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:34:53.0298 1348 Spooler - ok
17:34:53.0361 1348 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:34:53.0361 1348 srv - ok
17:34:53.0376 1348 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:34:53.0376 1348 srv2 - ok
17:34:53.0392 1348 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:34:53.0392 1348 srvnet - ok
17:34:53.0408 1348 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:34:53.0408 1348 SSDPSRV - ok
17:34:53.0470 1348 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:34:53.0486 1348 ssmdrv - ok
17:34:53.0517 1348 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:34:53.0517 1348 SstpSvc - ok
17:34:53.0611 1348 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:34:53.0642 1348 Stereo Service - ok
17:34:53.0689 1348 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:34:53.0689 1348 StillCam - ok
17:34:53.0736 1348 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:34:53.0751 1348 stisvc - ok
17:34:53.0814 1348 [ 4173A9CD59F15A64F54B3242C3232731 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:34:53.0814 1348 stllssvr - ok
17:34:53.0829 1348 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:34:53.0861 1348 swenum - ok
17:34:53.0892 1348 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:34:53.0892 1348 swprv - ok
17:34:53.0923 1348 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:34:53.0923 1348 Symc8xx - ok
17:34:53.0923 1348 SymIM - ok
17:34:53.0939 1348 SymIMMP - ok
17:34:53.0970 1348 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:34:53.0970 1348 Sym_hi - ok
17:34:53.0986 1348 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:34:53.0986 1348 Sym_u3 - ok
17:34:54.0001 1348 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:34:54.0033 1348 SysMain - ok
17:34:54.0064 1348 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:54.0064 1348 TabletInputService - ok
17:34:54.0095 1348 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:34:54.0095 1348 TapiSrv - ok
17:34:54.0111 1348 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:34:54.0111 1348 TBS - ok
17:34:54.0142 1348 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:34:54.0173 1348 Tcpip - ok
17:34:54.0204 1348 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:34:54.0204 1348 Tcpip6 - ok
17:34:54.0236 1348 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:34:54.0236 1348 tcpipreg - ok
17:34:54.0314 1348 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:34:54.0314 1348 TDPIPE - ok
17:34:54.0345 1348 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:34:54.0345 1348 TDTCP - ok
17:34:54.0392 1348 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:34:54.0392 1348 tdx - ok
17:34:54.0423 1348 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:34:54.0454 1348 TermDD - ok
17:34:54.0486 1348 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:34:54.0501 1348 TermService - ok
17:34:54.0517 1348 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:34:54.0517 1348 Themes - ok
17:34:54.0533 1348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:34:54.0533 1348 THREADORDER - ok
17:34:54.0564 1348 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:34:54.0564 1348 TrkWks - ok
17:34:54.0595 1348 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:54.0595 1348 TrustedInstaller - ok
17:34:54.0626 1348 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:54.0626 1348 tssecsrv - ok
17:34:54.0673 1348 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:34:54.0673 1348 tunmp - ok
17:34:54.0689 1348 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:34:54.0689 1348 tunnel - ok
17:34:54.0704 1348 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:34:54.0704 1348 uagp35 - ok
17:34:54.0736 1348 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:34:54.0736 1348 udfs - ok
17:34:54.0751 1348 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:34:54.0751 1348 UI0Detect - ok
17:34:54.0783 1348 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:34:54.0783 1348 uliagpkx - ok
17:34:54.0783 1348 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:34:54.0798 1348 uliahci - ok
17:34:54.0798 1348 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:34:54.0798 1348 UlSata - ok
17:34:54.0814 1348 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:34:54.0814 1348 ulsata2 - ok
17:34:54.0829 1348 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:34:54.0829 1348 umbus - ok
17:34:54.0845 1348 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:34:54.0845 1348 upnphost - ok
17:34:54.0908 1348 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
17:34:54.0908 1348 upperdev - ok
17:34:54.0923 1348 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:34:54.0923 1348 usbaudio - ok
17:34:54.0954 1348 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:54.0954 1348 usbccgp - ok
17:34:54.0986 1348 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:34:54.0986 1348 usbcir - ok
17:34:55.0033 1348 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:34:55.0033 1348 usbehci - ok
17:34:55.0048 1348 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:34:55.0048 1348 usbhub - ok
17:34:55.0064 1348 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:34:55.0064 1348 usbohci - ok
17:34:55.0079 1348 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:34:55.0079 1348 usbprint - ok
17:34:55.0126 1348 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:34:55.0126 1348 usbscan - ok
17:34:55.0189 1348 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
17:34:55.0204 1348 usbser - ok
17:34:55.0204 1348 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
17:34:55.0204 1348 UsbserFilt - ok
17:34:55.0220 1348 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:55.0220 1348 USBSTOR - ok
17:34:55.0267 1348 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:55.0267 1348 usbuhci - ok
17:34:55.0283 1348 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:34:55.0283 1348 usbvideo - ok
17:34:55.0314 1348 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:34:55.0345 1348 UxSms - ok
17:34:55.0376 1348 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:34:55.0392 1348 vds - ok
17:34:55.0439 1348 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:55.0439 1348 vga - ok
17:34:55.0439 1348 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:34:55.0439 1348 VgaSave - ok
17:34:55.0454 1348 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:34:55.0454 1348 viaagp - ok
17:34:55.0470 1348 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:34:55.0470 1348 ViaC7 - ok
17:34:55.0486 1348 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:34:55.0486 1348 viaide - ok
17:34:55.0501 1348 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:34:55.0501 1348 volmgr - ok
17:34:55.0533 1348 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:34:55.0533 1348 volmgrx - ok
17:34:55.0564 1348 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:34:55.0564 1348 volsnap - ok
17:34:55.0564 1348 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:34:55.0579 1348 vsmraid - ok
17:34:55.0626 1348 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:34:55.0642 1348 VSS - ok
17:34:55.0658 1348 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:34:55.0673 1348 W32Time - ok
17:34:55.0689 1348 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:34:55.0689 1348 WacomPen - ok
17:34:55.0704 1348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:34:55.0704 1348 Wanarp - ok
17:34:55.0704 1348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:34:55.0704 1348 Wanarpv6 - ok
17:34:55.0736 1348 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:34:55.0736 1348 wcncsvc - ok
17:34:55.0767 1348 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:55.0783 1348 WcsPlugInService - ok
17:34:55.0783 1348 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:34:55.0783 1348 Wd - ok
17:34:55.0814 1348 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:34:55.0829 1348 Wdf01000 - ok
17:34:55.0829 1348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:34:55.0829 1348 WdiServiceHost - ok
17:34:55.0845 1348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:34:55.0845 1348 WdiSystemHost - ok
17:34:55.0876 1348 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:34:55.0876 1348 WebClient - ok
17:34:55.0908 1348 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:34:55.0908 1348 Wecsvc - ok
17:34:55.0923 1348 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:34:55.0923 1348 wercplsupport - ok
17:34:55.0954 1348 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:34:55.0954 1348 WerSvc - ok
17:34:55.0970 1348 WinDefend - ok
17:34:55.0970 1348 WinHttpAutoProxySvc - ok
17:34:56.0048 1348 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:34:56.0048 1348 Winmgmt - ok
17:34:56.0095 1348 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:34:56.0126 1348 WinRM - ok
17:34:56.0158 1348 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:34:56.0158 1348 Wlansvc - ok
17:34:56.0189 1348 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:34:56.0189 1348 WmiAcpi - ok
17:34:56.0220 1348 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:34:56.0220 1348 wmiApSrv - ok
17:34:56.0283 1348 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:34:56.0298 1348 WMPNetworkSvc - ok
17:34:56.0345 1348 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:34:56.0345 1348 WPCSvc - ok
17:34:56.0376 1348 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:34:56.0376 1348 WPDBusEnum - ok
17:34:56.0423 1348 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:34:56.0423 1348 WpdUsb - ok
17:34:56.0486 1348 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:34:56.0517 1348 WPFFontCache_v0400 - ok
17:34:56.0533 1348 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:34:56.0533 1348 ws2ifsl - ok
17:34:56.0548 1348 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:34:56.0548 1348 wscsvc - ok
17:34:56.0548 1348 WSearch - ok
17:34:56.0626 1348 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:34:56.0665 1348 wuauserv - ok
17:34:56.0697 1348 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:56.0697 1348 WUDFRd - ok
17:34:56.0712 1348 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:34:56.0720 1348 wudfsvc - ok
17:34:56.0736 1348 ================ Scan global ===============================
17:34:56.0767 1348 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:34:56.0798 1348 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:34:56.0822 1348 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:34:56.0853 1348 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:34:56.0853 1348 [Global] - ok
17:34:56.0853 1348 ================ Scan MBR ==================================
17:34:56.0861 1348 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:34:57.0197 1348 \Device\Harddisk0\DR0 - ok
17:34:57.0204 1348 ================ Scan VBR ==================================
17:34:57.0204 1348 [ B21EF78B4BD35FD1F3EFC53142350C94 ] \Device\Harddisk0\DR0\Partition1
17:34:57.0204 1348 \Device\Harddisk0\DR0\Partition1 - ok
17:34:57.0228 1348 [ D86081837751E5E5C2D2191485221D42 ] \Device\Harddisk0\DR0\Partition2
17:34:57.0228 1348 \Device\Harddisk0\DR0\Partition2 - ok
17:34:57.0228 1348 ============================================================
17:34:57.0228 1348 Scan finished
17:34:57.0228 1348 ============================================================
17:34:57.0236 3268 Detected object count: 0
17:34:57.0236 3268 Actual detected object count: 0

Die hatte ich aber schon gepostet ...
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181 OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181 Number of processors: 2 586 0x1706
07:31:29.181 ComputerName: ***** UserName: *****
07:31:32.634 Initialize success
07:33:17.873 AVAST engine defs: 13031402
07:33:40.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138 Disk 0 MBR read successfully
07:33:40.138 Disk 0 MBR scan
07:33:40.154 Disk 0 Windows VISTA default MBR code
07:33:40.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 468937 MB offset 2048
07:33:40.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 960387072
07:33:40.216 Disk 0 scanning sectors +976771072
07:33:40.279 Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263 Service scanning
07:33:57.623 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873 Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091 Modules scanning
07:34:16.826 Disk 0 trace - called modules:
07:34:16.873 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888 3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904 5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498 AVAST engine scan C:\Windows
07:34:26.044 AVAST engine scan C:\Windows\system32
07:34:35.982 File: C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904 AVAST engine scan C:\Windows\system32\drivers
07:38:38.482 AVAST engine scan C:\Users\*****
07:50:48.638 AVAST engine scan C:\ProgramData
07:52:25.591 Scan finished successfully
07:53:01.873 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181 OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181 Number of processors: 2 586 0x1706
07:31:29.181 ComputerName:**** UserName: *****
07:31:32.634 Initialize success
07:33:17.873 AVAST engine defs: 13031402
07:33:40.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138 Disk 0 MBR read successfully
07:33:40.138 Disk 0 MBR scan
07:33:40.154 Disk 0 Windows VISTA default MBR code
07:33:40.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 468937 MB offset 2048
07:33:40.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 960387072
07:33:40.216 Disk 0 scanning sectors +976771072
07:33:40.279 Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263 Service scanning
07:33:57.623 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873 Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091 Modules scanning
07:34:16.826 Disk 0 trace - called modules:
07:34:16.873 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888 3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904 5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498 AVAST engine scan C:\Windows
07:34:26.044 AVAST engine scan C:\Windows\system32
07:34:35.982 File: C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904 AVAST engine scan C:\Windows\system32\drivers
07:38:38.482 AVAST engine scan C:\Users\*****
07:50:48.638 AVAST engine scan C:\ProgramData
07:52:25.591 Scan finished successfully
07:53:01.873 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181 OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181 Number of processors: 2 586 0x1706
07:31:29.181 ComputerName: ***** UserName: *****
07:31:32.634 Initialize success
07:33:17.873 AVAST engine defs: 13031402
07:33:40.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138 Disk 0 MBR read successfully
07:33:40.138 Disk 0 MBR scan
07:33:40.154 Disk 0 Windows VISTA default MBR code
07:33:40.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 468937 MB offset 2048
07:33:40.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 960387072
07:33:40.216 Disk 0 scanning sectors +976771072
07:33:40.279 Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263 Service scanning
07:33:57.623 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873 Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091 Modules scanning
07:34:16.826 Disk 0 trace - called modules:
07:34:16.873 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888 3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904 5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498 AVAST engine scan C:\Windows
07:34:26.044 AVAST engine scan C:\Windows\system32
07:34:35.982 File: C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904 AVAST engine scan C:\Windows\system32\drivers
07:38:38.482 AVAST engine scan C:\Users\*****
07:50:48.638 AVAST engine scan C:\ProgramData
07:52:25.591 Scan finished successfully
07:53:01.873 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:57:55.519 Disk 0 MBR has been saved successfully to "C:\Users\*****\Downloads\MBR.dat"
07:57:55.535 The log file has been saved successfully to "C:\Users\*****\Downloads\aswMBR.txt"
08:00:06.725 Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:00:06.975 The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:01:08.212 Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:01:08.212 The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:03:02.521 Disk 0 MBR has been saved successfully to "C:\Users\*****Desktop\MBR.dat"
08:03:02.536 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181 OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181 Number of processors: 2 586 0x1706
07:31:29.181 ComputerName: ***** UserName: *****
07:31:32.634 Initialize success
07:33:17.873 AVAST engine defs: 13031402
07:33:40.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138 Disk 0 MBR read successfully
07:33:40.138 Disk 0 MBR scan
07:33:40.154 Disk 0 Windows VISTA default MBR code
07:33:40.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 468937 MB offset 2048
07:33:40.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 960387072
07:33:40.216 Disk 0 scanning sectors +976771072
07:33:40.279 Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263 Service scanning
07:33:57.623 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873 Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091 Modules scanning
07:34:16.826 Disk 0 trace - called modules:
07:34:16.873 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:34:16.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888 3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904 5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498 AVAST engine scan C:\Windows
07:34:26.044 AVAST engine scan C:\Windows\system32
07:34:35.982 File: C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904 AVAST engine scan C:\Windows\system32\drivers
07:38:38.482 AVAST engine scan C:\Users\*****
07:50:48.638 AVAST engine scan C:\ProgramData
07:52:25.591 Scan finished successfully
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 17:39:08
-----------------------------
17:39:08.407 OS Version: Windows 6.0.6002 Service Pack 2
17:39:08.407 Number of processors: 2 586 0x1706
17:39:08.407 ComputerName: PETRA-PC UserName: Petra
17:39:46.602 Initialize success
17:39:54.712 AVAST engine defs: 13031402
17:40:11.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
17:40:11.462 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
17:40:11.477 Disk 0 MBR read successfully
17:40:11.493 Disk 0 MBR scan
17:40:11.524 Disk 0 Windows VISTA default MBR code
17:40:11.556 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 468937 MB offset 2048
17:40:11.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 960387072
17:40:11.587 Disk 0 scanning sectors +976771072
17:40:11.681 Disk 0 scanning C:\Windows\system32\drivers
17:40:27.602 Service scanning
17:40:33.985 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:40:36.306 Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
17:40:51.251 Modules scanning
17:40:54.962 Disk 0 trace - called modules:
17:40:55.001 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:40:55.009 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86417670]
17:40:55.016 3 CLASSPNP.SYS[8af648b3] -> nt!IofCallDriver -> [0x85c0cc48]
17:40:55.032 5 acpi.sys[8ae406bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x8527a5a8]
17:40:56.282 AVAST engine scan C:\Windows
17:41:01.540 AVAST engine scan C:\Windows\system32
17:41:13.735 File: C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
17:45:05.876 AVAST engine scan C:\Windows\system32\drivers
17:45:21.712 AVAST engine scan C:\Users\Petra
17:57:01.720 AVAST engine scan C:\ProgramData
17:58:43.891 Scan finished successfully
18:02:27.673 Disk 0 MBR has been saved successfully to "C:\Users\Petra\Desktop\MBR.dat"
18:02:27.704 The log file has been saved successfully to "C:\Users\Petra\Desktop\aswMBR.txt"

cosinus 15.03.2013 19:28
Code:
17:34:41.0095 1348 Scan started
17:34:41.0095 1348 Mode: Manual;
Bitte die Anleitungen sorgfältiger lesen und auch genau umsetzen; du hast den TDSS-Killer falsch eingestellt

Außerdem bat ich dich am Anfang alle Logs immer nur in CODe-Tags zu posten

bobbypascha 16.03.2013 20:04
Hi, so ich konnte von den Windows alle bis auf 5 Updates machen, die kann er micht konfigurieren

poste mal:
Sicherheitsupdate für Windows Vista (KB2691442)

Installationsdatum: ‎16.‎03.‎2013 19:48

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4
+++++++++++++++++++++++++++++++

Sicherheitsupdate für Windows Vista (KB2685939)

Installationsdatum: ‎16.‎03.‎2013 19:47

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4

+++++++++++++++++++++++++++++



Kumulatives Sicherheitsupdate für Internet Explorer 9 unter Windows Vista (KB2809289)

Installationsdatum: ‎16.‎03.‎2013 19:47

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4
+++++++++++++++++++++++++++++++++

Sicherheitsupdate für Windows Vista (KB2691442)

Installationsdatum: ‎16.‎03.‎2013 18:11

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4
++++++++++++++++++++++++++++++++++

Sicherheitsupdate für Windows Vista (KB2685939)

Installationsdatum: ‎16.‎03.‎2013 18:10

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4
++++++++++++++++++++++++++++++++

Kumulatives Sicherheitsupdate für Internet Explorer 9 unter Windows Vista (KB2809289)

Installationsdatum: ‎16.‎03.‎2013 18:10

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800719E4
++++++++++++++++++++++++

hoffe Du kannst damit was anfangen

Gruss

cosinus 17.03.2013 15:55
Was soll das jetzt mit den Windows-Updates?
Das war doch überhaupt noch nicht das Thema! Mach bitte das Log vom TDSS-Killer richtig und poste die Logs in CODE Tags

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131