Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Crypt.ZPACK.97339 von Avira entdeckt (https://www.trojaner-board.de/158660-tr-crypt-zpack-97339-avira-entdeckt.html)

foxproducts 13.09.2014 13:02
TR/Crypt.ZPACK.97339 von Avira entdeckt
 
Zuerst einmal Hallo an alle, ich bin neu hier.

heute hat mein Avira Free Antiviruns den oben beschriebenen Trojaner entdeckt. Ich konnte den Suchlauf mit Avira durchführen, jedoch ist der "Avira Schirm" geschlossen und ich bekomme die Meldung das der Echtzeitscanner nicht aktiviert ist. In den Diensten jedoch ist er aktiviert und gestartet.
Das Betriebssystem ist WinXP Pro 32bit, SP3
Avira gibt mir folgendes aus:

Die Datei 'C:\WINDOWS\Installer\{76ABAD85-40E8-8172-A6C8-8680866857CF}\syshost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.97339' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '573b8571.qua' verschoben!

Der Hijack Log ist:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:46, on 13.09.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\DOKUME~1\fox\LOKALE~1\Temp\DMR\dmr_72.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369162010248
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: syshost32 - Unknown owner - C:\WINDOWS\Installer\{76ABAD85-40E8-8172-A6C8-8680866857CF}\syshost.exe (file missing)

--
End of file - 4865 bytes
--- --- ---

Ich hoffe es ist soweit alles richtig.
Ich danke euch schonmal im vorraus für eure Hilfe.

schrauber 13.09.2014 15:06
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


foxproducts 13.09.2014 22:08
Danke für die schnelle Antwort, hier die benötigten Logs:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by fox (administrator) on FOXPRODUCTS on 13-09-2014 22:40:24
Running from C:\Dokumente und Einstellungen\fox\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corp.) C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Programme\Canon\IJPLM\ijplmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\ApntEx.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2001-09-04] (ATI Technologies, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [315392 2003-01-24] (ATI Technologies, Inc.)
HKLM\...\Run: [Apoint] => C:\Programme\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-854245398-492894223-2147318819-1003\...\MountPoints2: {951ebdc0-b269-11e3-8139-00065bb877a3} - E:\AutoRun.exe
HKU\S-1-5-21-854245398-492894223-2147318819-1003\...\MountPoints2: {951ebdc3-b269-11e3-8139-00065bb877a3} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\abs@avira.com [2014-09-07]
FF Extension: Cliqz Beta - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\cliqz@cliqz.com [2014-09-13]
FF Extension: Avira SafeSearch - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\safesearch@avira.com [2014-08-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-22]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\extensions\cliqz@cliqz.com

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "adf024b6850f634" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [151552 2003-01-20] () [File not signed]
R2 BingDesktopUpdate; C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-08-08] (Mozilla Foundation)
S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-10-24] (Microsoft Corporation)
S2 syshost32; "C:\WINDOWS\Installer\{76ABAD85-40E8-8172-A6C8-8680866857CF}\syshost.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 ApfiltrService; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [108791 2004-11-16] (Alps Electric Co., Ltd.) [File not signed]
R3 ASAPIW2k; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [569984 2003-01-20] (ATI Technologies Inc.) [File not signed]
S2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-07-23] (Avira Operations GmbH & Co. KG)
R3 cs429x; C:\WINDOWS\System32\drivers\cwawdm.sys [89088 2002-08-08] (Cirrus Logic, Inc.) [File not signed]
R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [73827 2002-04-05] (3Com Corporation) [File not signed]
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [159236 2002-07-15] (Conexant Systems) [File not signed]
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1174128 2002-07-15] (Conexant Systems) [File not signed]
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-01-28] (Pinnacle Systems GmbH) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [9855 2001-10-22] (Conexant) [File not signed]
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
S1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-07-23] (Avira GmbH)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [602480 2002-07-15] (Conexant Systems) [File not signed]
U5 adf024b6850f634; C:\Windows\System32\Drivers\adf024b6850f634.sys [69120 2014-09-12] () <===== ATTENTION Necurs Rootkit?
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 22:40 - 2014-09-13 22:40 - 00011316 _____ () C:\Dokumente und Einstellungen\fox\Desktop\FRST.txt
2014-09-13 22:40 - 2014-09-13 22:40 - 00000000 ____D () C:\FRST
2014-09-13 22:39 - 2014-09-13 22:39 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\fox\Desktop\FRST.exe
2014-09-13 13:49 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-09-13 13:49 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-09-13 13:48 - 2014-09-13 13:48 - 01101648 _____ () C:\Dokumente und Einstellungen\fox\Desktop\HijackThis - CHIP-Installer.exe
2014-09-12 01:56 - 2014-09-12 01:56 - 00069120 _____ () C:\WINDOWS\system32\Drivers\adf024b6850f634.sys
2014-09-09 22:13 - 2014-09-09 22:13 - 00000037 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Fernseher.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 22:40 - 2014-09-13 22:40 - 00011316 _____ () C:\Dokumente und Einstellungen\fox\Desktop\FRST.txt
2014-09-13 22:40 - 2014-09-13 22:40 - 00000000 ____D () C:\FRST
2014-09-13 22:40 - 2013-05-20 23:00 - 00000000 ____D () C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp
2014-09-13 22:39 - 2014-09-13 22:39 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\fox\Desktop\FRST.exe
2014-09-13 22:28 - 2013-05-20 23:49 - 01186752 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-13 22:25 - 2014-03-30 19:45 - 00000218 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job
2014-09-13 22:25 - 2002-09-11 17:24 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-13 22:23 - 2013-05-20 22:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-13 14:05 - 2013-05-21 07:24 - 01143144 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-13 14:05 - 2013-05-20 23:00 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-13 14:05 - 2013-05-20 23:00 - 00000190 ___SH () C:\Dokumente und Einstellungen\fox\ntuser.ini
2014-09-13 13:48 - 2014-09-13 13:48 - 01101648 _____ () C:\Dokumente und Einstellungen\fox\Desktop\HijackThis - CHIP-Installer.exe
2014-09-13 13:26 - 2014-08-10 16:27 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-09-13 13:00 - 2013-05-20 23:00 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-09-13 12:32 - 2013-05-20 22:53 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-12 01:59 - 2013-05-20 23:00 - 00000000 ____D () C:\Dokumente und Einstellungen\fox
2014-09-12 01:56 - 2014-09-12 01:56 - 00069120 _____ () C:\WINDOWS\system32\Drivers\adf024b6850f634.sys
2014-09-12 01:09 - 2014-08-10 15:05 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-09-10 21:21 - 2014-08-10 17:28 - 00302778 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2014-09-10 21:20 - 2014-08-10 15:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
2014-09-10 21:20 - 2014-08-10 15:06 - 00000000 ____D () C:\Programme\Avira
2014-09-09 22:13 - 2014-09-09 22:13 - 00000037 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Fernseher.txt
2014-09-03 22:29 - 2014-08-10 17:28 - 00302778 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-854245398-492894223-2147318819-1003-0.dat
2014-08-29 22:29 - 2013-05-23 16:28 - 00000000 ____D () C:\Dokumente und Einstellungen\fox\Anwendungsdaten\vlc
2014-08-29 21:56 - 2013-05-20 23:00 - 00000000 ___HD () C:\Dokumente und Einstellungen\fox\Netzwerkumgebung
2014-08-15 22:19 - 2013-08-27 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-15 22:17 - 2013-05-21 08:52 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\avgnt.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\DataCard_Setup.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

undFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by fox at 2014-09-13 22:41:14
Running from C:\Dokumente und Einstellungen\fox\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actiontec MD56ORD V92 MDC Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1) (Version:  - )
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ArcSoft PhotoStudio 5.5 (HKLM\...\{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}) (Version:  - ArcSoft)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version:  - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version:  - )
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon iP4700 series Benutzerregistrierung (HKLM\...\Canon iP4700 series Benutzerregistrierung) (Version:  - )
Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CrystalDiskInfo 5.6.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
FairStars Audio Converter 1.95 (HKLM\...\FairStars Audio Converter_is1) (Version:  - FairStars Soft)
Hotfix für Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version:  - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel 2007 (HKLM\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (German) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Pinnacle Hollywood FX 5 (HKLM\...\Hollywood FX 5) (Version:  - )
Pinnacle Hollywood FX for Studio (HKLM\...\Hollywood FX for Studio) (Version:  - )
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Encoder (KB2447961) (HKLM\...\KB2447961_WM9L) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB954155) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB973540) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB975558) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB978695) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2510581) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829530) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.4 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.4 - SmartSound Software Inc) Hidden
Studio 9 (HKLM\...\{9E491AB7-4589-48CA-9CBB-874CB2788391}) (Version: 9.3 - Pinnacle Systems)
Studio 9.4 Patch (HKLM\...\{16E217EA-C3E0-402D-8D4F-6189DB74497A}) (Version: 9.4.3.70 - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9-Reihe (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-854245398-492894223-2147318819-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Programme\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-09-11 17:02 - 2002-09-11 17:02 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Programme\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2013-05-21 07:28 - 2003-01-20 22:35 - 00151552 _____ () C:\WINDOWS\system32\Ati2evxx.exe
2013-05-21 11:26 - 2009-02-10 18:01 - 00116104 _____ () C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
2014-08-08 09:14 - 2014-08-08 09:15 - 03800688 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
2013-10-02 22:22 - 2013-10-02 22:22 - 16177544 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingDesktop => C:\Programme\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2014 10:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung frst.exe, Version 12.9.2014.0, fehlgeschlagenes Modul frst.exe, Version 12.9.2014.0, Fehleradresse 0x0001f09e.
Das medienspezifische Ereignis für [frst.exe!ws!] wird verarbeitet.

Error: (09/03/2014 09:52:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/03/2014 09:52:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (05/31/2014 10:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung psp.exe, Version 5.0.3.0, fehlgeschlagenes Modul psp.exe, Version 5.0.3.0, Fehleradresse 0x001442f2.
Das medienspezifische Ereignis für [psp.exe!ws!] wird verarbeitet.

Error: (05/26/2014 11:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung psp.exe, Version 5.0.3.0, fehlgeschlagenes Modul psp.exe, Version 5.0.3.0, Fehleradresse 0x000d0398.
Das medienspezifische Ereignis für [psp.exe!ws!] wird verarbeitet.

Error: (01/20/2014 04:08:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\FOX\DESKTOP\NEUER ORDNER (2)\WP_002119.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (01/20/2014 04:08:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\FOX\DESKTOP\NEUER ORDNER (2)\WP_002119.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/12/2013 06:42:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\FOX\DESKTOP\30 GEBURTSTAG\EINLADUNG.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/12/2013 06:42:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\FOX\DESKTOP\30 GEBURTSTAG\WP_001484.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/12/2013 06:42:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\FOX\DESKTOP\30 GEBURTSTAG\WP_001484.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (09/13/2014 10:24:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ssmdrv

Error: (09/13/2014 10:24:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (09/13/2014 11:11:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ssmdrv

Error: (09/13/2014 11:11:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (09/13/2014 05:21:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ssmdrv

Error: (09/13/2014 05:20:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (09/12/2014 04:05:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ssmdrv

Error: (09/12/2014 04:05:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (08/31/2014 02:09:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/31/2014 02:09:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz
Percentage of memory in use: 27%
Total physical RAM: 2047.43 MB
Available physical RAM: 1490.32 MB
Total Pagefile: 3943.92 MB
Available Pagefile: 3358.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.91 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:20 GB) (Free:2.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Musik) (Fixed) (Total:90 GB) (Free:16.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.6 GB) (Disk ID: A2B15B1D)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.6 GB) - (Type=05)

==================== End Of Log ============================
--- --- ---

schrauber 14.09.2014 15:04
XP?? Mutig.....


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

foxproducts 14.09.2014 15:53
Ja, XP. Das ist eigentlich mein Musikrechner mit dem ich selten im Internet bin. Daher weiß ich auch nicht wo ich mir das eingefangen habe.
Unter Skip und Continue wird der Log nicht unter C:\ gespeichert sondernn kann unter Report im TDSS abgerufen werden.

Hier der Log:

16:27:45.0541 0x0818 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:27:45.0941 0x0818 ============================================================
16:27:45.0941 0x0818 Current date / time: 2014/09/14 16:27:45.0941
16:27:45.0941 0x0818 SystemInfo:
16:27:45.0941 0x0818
16:27:45.0941 0x0818 OS Version: 5.1.2600 ServicePack: 3.0
16:27:45.0941 0x0818 Product type: Workstation
16:27:45.0941 0x0818 ComputerName: FOXPRODUCTS
16:27:45.0941 0x0818 UserName: fox
16:27:45.0941 0x0818 Windows directory: C:\WINDOWS
16:27:45.0941 0x0818 System windows directory: C:\WINDOWS
16:27:45.0941 0x0818 Processor architecture: Intel x86
16:27:45.0941 0x0818 Number of processors: 1
16:27:45.0941 0x0818 Page size: 0x1000
16:27:45.0941 0x0818 Boot type: Normal boot
16:27:45.0941 0x0818 ============================================================
16:27:45.0971 0x0818 BG loaded
16:27:46.0572 0x0818 System UUID: {5D2525DF-CD2A-BB78-9471-D074120B09BA}
16:27:49.0306 0x0818 Drive \Device\Harddisk0\DR0 - Size: 0x1DE7FA0000 ( 119.62 Gb ), SectorSize: 0x200, Cylinders: 0x3D00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
16:27:49.0316 0x0818 ============================================================
16:27:49.0316 0x0818 \Device\Harddisk0\DR0:
16:27:49.0316 0x0818 MBR partitions:
16:27:49.0316 0x0818 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
16:27:49.0316 0x0818 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2800AB2, BlocksNum 0xB400F66
16:27:49.0316 0x0818 ============================================================
16:27:49.0316 0x0818 C: <-> \Device\Harddisk0\DR0\Partition1
16:27:49.0326 0x0818 D: <-> \Device\Harddisk0\DR0\Partition2
16:27:49.0326 0x0818 ============================================================
16:27:49.0326 0x0818 Initialize success
16:27:49.0326 0x0818 ============================================================
16:30:11.0431 0x0d00 ============================================================
16:30:11.0431 0x0d00 Scan started
16:30:11.0431 0x0d00 Mode: Manual;
16:30:11.0431 0x0d00 ============================================================
16:30:11.0431 0x0d00 KSN ping started
16:30:25.0100 0x0d00 KSN ping finished: true
16:30:26.0002 0x0d00 ================ Scan system memory ========================
16:30:26.0012 0x0d00 System memory - ok
16:30:26.0012 0x0d00 ================ Scan services =============================
16:30:26.0172 0x0d00 Abiosdsk - ok
16:30:26.0182 0x0d00 abp480n5 - ok
16:30:26.0202 0x0d00 [ 0F2D66D5F08EBE2F77BB904288DCF6F0, 5969A64B6995DCAF16F9A76BD1235472F76D71DFE629B956221D2C3D73EDF98A ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
16:30:26.0212 0x0d00 ac97intc - ok
16:30:26.0422 0x0d00 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:30:26.0442 0x0d00 ACPI - ok
16:30:26.0452 0x0d00 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:30:26.0452 0x0d00 ACPIEC - ok
16:30:26.0462 0x0d00 Suspicious service (NoAccess): adf024b6850f634
16:30:26.0472 0x0d00 [ 5A553543948F966FF1E5E8D5300F4BFB, 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21 ] adf024b6850f634 C:\WINDOWS\System32\Drivers\adf024b6850f634.sys
16:30:26.0472 0x0d00 Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\adf024b6850f634.sys. md5: 5A553543948F966FF1E5E8D5300F4BFB, sha256: 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21
16:30:26.0833 0x0d00 adf024b6850f634 - detected Rootkit.Win32.Necurs.gen ( 0 )
16:30:29.0306 0x0d00 adf024b6850f634 ( Rootkit.Win32.Necurs.gen ) - infected
16:30:29.0306 0x0d00 Force sending object to P2P due to detect: adf024b6850f634
16:30:31.0870 0x0d00 Object send P2P result: true
16:30:34.0334 0x0d00 adpu160m - ok
16:30:34.0354 0x0d00 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:30:34.0364 0x0d00 aec - ok
16:30:34.0384 0x0d00 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:30:34.0394 0x0d00 AFD - ok
16:30:34.0404 0x0d00 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:30:34.0414 0x0d00 agp440 - ok
16:30:34.0434 0x0d00 Aha154x - ok
16:30:34.0444 0x0d00 aic78u2 - ok
16:30:34.0464 0x0d00 aic78xx - ok
16:30:34.0484 0x0d00 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:30:34.0484 0x0d00 Alerter - ok
16:30:34.0494 0x0d00 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
16:30:34.0504 0x0d00 ALG - ok
16:30:34.0514 0x0d00 AliIde - ok
16:30:34.0534 0x0d00 amsint - ok
16:30:34.0584 0x0d00 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
16:30:34.0604 0x0d00 AntiVirSchedulerService - ok
16:30:34.0654 0x0d00 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
16:30:34.0684 0x0d00 AntiVirService - ok
16:30:34.0704 0x0d00 [ AEB775A2BAE0F392BA6ADC0BB706233A, 4D2F12AE674C0D8C256CAF3C45D03598A8C74E4E2B99E9674072D43D5A39804A ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:30:34.0714 0x0d00 ApfiltrService - ok
16:30:34.0744 0x0d00 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:30:34.0754 0x0d00 AppMgmt - ok
16:30:34.0774 0x0d00 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:30:34.0774 0x0d00 Arp1394 - ok
16:30:34.0794 0x0d00 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E, 71FE8F94C2A71F1D97972C3E36A0D18B293C45941639B34D34BE22C60C751A48 ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
16:30:34.0794 0x0d00 ASAPIW2k - ok
16:30:34.0814 0x0d00 asc - ok
16:30:34.0834 0x0d00 asc3350p - ok
16:30:34.0854 0x0d00 asc3550 - ok
16:30:35.0305 0x0d00 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:30:35.0315 0x0d00 aspnet_state - ok
16:30:35.0335 0x0d00 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:30:35.0335 0x0d00 AsyncMac - ok
16:30:35.0345 0x0d00 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:30:35.0355 0x0d00 atapi - ok
16:30:35.0365 0x0d00 Atdisk - ok
16:30:35.0395 0x0d00 [ 1E39315954949A2A31FA45C08BE85499, C3834297D6ED5296A3648D5DD27939177AF25BBC9D438A87E5A6C1778A9E7115 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:30:35.0405 0x0d00 Ati HotKey Poller - ok
16:30:35.0455 0x0d00 [ 6361D85FAF2442BBEE2C25ADA6CB8512, 49BA3AB532797D2E6EE40921FB833029DE1B7D59B683C3D9B2E786CC08F064B3 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:30:35.0485 0x0d00 ati2mtag - ok
16:30:35.0495 0x0d00 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:30:35.0505 0x0d00 Atmarpc - ok
16:30:35.0525 0x0d00 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:30:35.0525 0x0d00 AudioSrv - ok
16:30:35.0545 0x0d00 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:30:35.0545 0x0d00 audstub - ok
16:30:35.0565 0x0d00 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:30:35.0565 0x0d00 avgntflt - ok
16:30:35.0595 0x0d00 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:30:35.0595 0x0d00 avipbb - ok
16:30:35.0615 0x0d00 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:30:35.0615 0x0d00 avkmgr - ok
16:30:35.0635 0x0d00 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:30:35.0645 0x0d00 Beep - ok
16:30:35.0665 0x0d00 [ 4AF6B0CCD9974A69DF2C91301370B381, C33D7F12C9E81C4D7A5FDD642D975448DF78EC708115951078E4FDB80B13235A ] BingDesktopUpdate C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:30:35.0676 0x0d00 BingDesktopUpdate - ok
16:30:35.0716 0x0d00 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\System32\qmgr.dll
16:30:35.0736 0x0d00 BITS - ok
16:30:35.0766 0x0d00 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
16:30:35.0766 0x0d00 Browser - ok
16:30:35.0786 0x0d00 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:30:35.0786 0x0d00 cbidf2k - ok
16:30:35.0806 0x0d00 cd20xrnt - ok
16:30:35.0826 0x0d00 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:30:35.0826 0x0d00 Cdaudio - ok
16:30:35.0846 0x0d00 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:30:35.0856 0x0d00 Cdfs - ok
16:30:35.0876 0x0d00 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:30:35.0876 0x0d00 Cdrom - ok
16:30:35.0896 0x0d00 Changer - ok
16:30:35.0906 0x0d00 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:30:35.0916 0x0d00 CiSvc - ok
16:30:35.0936 0x0d00 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:30:35.0936 0x0d00 ClipSrv - ok
16:30:35.0956 0x0d00 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:35.0966 0x0d00 clr_optimization_v2.0.50727_32 - ok
16:30:35.0996 0x0d00 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:36.0006 0x0d00 clr_optimization_v4.0.30319_32 - ok
16:30:36.0026 0x0d00 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:30:36.0026 0x0d00 CmBatt - ok
16:30:36.0046 0x0d00 CmdIde - ok
16:30:36.0066 0x0d00 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:30:36.0066 0x0d00 Compbatt - ok
16:30:36.0086 0x0d00 COMSysApp - ok
16:30:36.0106 0x0d00 Cpqarray - ok
16:30:36.0136 0x0d00 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:30:36.0136 0x0d00 CryptSvc - ok
16:30:36.0166 0x0d00 [ 53E6F4B94EB64438164348DF7DCF35C5, 012F783880C366570CC1365972E15310BB507DDB689C9A42F7BB9570361D0A8B ] cs429x C:\WINDOWS\system32\drivers\cwawdm.sys
16:30:36.0166 0x0d00 cs429x - ok
16:30:36.0196 0x0d00 dac2w2k - ok
16:30:36.0216 0x0d00 dac960nt - ok
16:30:36.0256 0x0d00 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:30:36.0286 0x0d00 DcomLaunch - ok
16:30:36.0306 0x0d00 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:30:36.0316 0x0d00 Dhcp - ok
16:30:36.0326 0x0d00 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:30:36.0336 0x0d00 Disk - ok
16:30:36.0346 0x0d00 dmadmin - ok
16:30:36.0407 0x0d00 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:30:36.0477 0x0d00 dmboot - ok
16:30:36.0507 0x0d00 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:30:36.0517 0x0d00 dmio - ok
16:30:36.0537 0x0d00 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:30:36.0537 0x0d00 dmload - ok
16:30:36.0557 0x0d00 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:30:36.0557 0x0d00 dmserver - ok
16:30:36.0577 0x0d00 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:30:36.0577 0x0d00 DMusic - ok
16:30:36.0597 0x0d00 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:30:36.0607 0x0d00 Dnscache - ok
16:30:36.0627 0x0d00 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:30:36.0637 0x0d00 Dot3svc - ok
16:30:36.0657 0x0d00 dpti2o - ok
16:30:36.0677 0x0d00 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:30:36.0677 0x0d00 drmkaud - ok
16:30:36.0697 0x0d00 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:30:36.0697 0x0d00 EapHost - ok
16:30:36.0727 0x0d00 [ 8B33194D1290595FEE065889374EE5F9, B2AFA5B8423E5A8A5D6CC3472BCF0B3F7060993F52360140256E1D46E3F6C2AE ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
16:30:36.0727 0x0d00 EL90XBC - ok
16:30:36.0747 0x0d00 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:30:36.0757 0x0d00 ERSvc - ok
16:30:36.0777 0x0d00 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
16:30:36.0787 0x0d00 Eventlog - ok
16:30:36.0817 0x0d00 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\System32\es.dll
16:30:36.0827 0x0d00 EventSystem - ok
16:30:36.0857 0x0d00 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:30:36.0867 0x0d00 Fastfat - ok
16:30:36.0897 0x0d00 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:30:36.0897 0x0d00 FastUserSwitchingCompatibility - ok
16:30:36.0917 0x0d00 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:30:36.0927 0x0d00 Fdc - ok
16:30:36.0947 0x0d00 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:30:36.0947 0x0d00 Fips - ok
16:30:36.0967 0x0d00 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:30:36.0967 0x0d00 Flpydisk - ok
16:30:36.0987 0x0d00 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:30:36.0997 0x0d00 FltMgr - ok
16:30:37.0017 0x0d00 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:30:37.0017 0x0d00 FontCache3.0.0.0 - ok
16:30:37.0037 0x0d00 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:30:37.0037 0x0d00 Fs_Rec - ok
16:30:37.0057 0x0d00 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:30:37.0068 0x0d00 Ftdisk - ok
16:30:37.0088 0x0d00 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:30:37.0088 0x0d00 Gpc - ok
16:30:37.0108 0x0d00 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:30:37.0108 0x0d00 helpsvc - ok
16:30:37.0118 0x0d00 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:30:37.0128 0x0d00 HidServ - ok
16:30:37.0138 0x0d00 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:30:37.0138 0x0d00 HidUsb - ok
16:30:37.0158 0x0d00 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:30:37.0168 0x0d00 hkmsvc - ok
16:30:37.0178 0x0d00 hpn - ok
16:30:37.0208 0x0d00 [ C217100A04E6773CFB2D2A8B4C4AB836, 8A675D677C7888A77A160163FD7C58FE55C72018814E250712B8FD07D2429EB7 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:30:37.0218 0x0d00 HSFHWICH - ok
16:30:37.0298 0x0d00 [ 757491EC8C95A3AA4814EA25CDC2B1BA, 7671247DA99319A563F16F8860849598BF9D93FE12941D60DF1EA4FCCBE8A968 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:30:37.0348 0x0d00 HSF_DP - ok
16:30:37.0388 0x0d00 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:30:37.0408 0x0d00 HTTP - ok
16:30:37.0428 0x0d00 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:30:37.0438 0x0d00 HTTPFilter - ok
16:30:37.0468 0x0d00 hwdatacard - ok
16:30:37.0498 0x0d00 i2omgmt - ok
16:30:37.0518 0x0d00 i2omp - ok
16:30:37.0538 0x0d00 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:30:37.0538 0x0d00 i8042prt - ok
16:30:37.0608 0x0d00 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:30:37.0658 0x0d00 idsvc - ok
16:30:37.0688 0x0d00 [ A06EFD4965F8A3F97A8C9A291D032678, 3B78AFB110A115F7C2136EBFE715CBC073EC341AA0457A1E41D64F9B269DE5BC ] IJPLMSVC C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
16:30:37.0688 0x0d00 IJPLMSVC - ok
16:30:37.0708 0x0d00 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:30:37.0718 0x0d00 Imapi - ok
16:30:37.0748 0x0d00 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:30:37.0748 0x0d00 ImapiService - ok
16:30:37.0769 0x0d00 ini910u - ok
16:30:37.0799 0x0d00 [ 69C4E3C9E67A1F103B94E14FDD5F3213, 894ABDDBF95E3FFE59A4621AF94AFA7E6F6D780420845078622C76624C0326D2 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:30:37.0799 0x0d00 IntelIde - ok
16:30:37.0819 0x0d00 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:30:37.0819 0x0d00 intelppm - ok
16:30:37.0839 0x0d00 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:30:37.0839 0x0d00 ip6fw - ok
16:30:37.0859 0x0d00 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:30:37.0859 0x0d00 IpFilterDriver - ok
16:30:37.0879 0x0d00 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:30:37.0879 0x0d00 IpInIp - ok
16:30:37.0899 0x0d00 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:30:37.0909 0x0d00 IpNat - ok
16:30:37.0929 0x0d00 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:30:37.0929 0x0d00 IPSec - ok
16:30:37.0949 0x0d00 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:30:37.0959 0x0d00 IRENUM - ok
16:30:37.0979 0x0d00 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:30:37.0989 0x0d00 isapnp - ok
16:30:38.0009 0x0d00 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:30:38.0009 0x0d00 Kbdclass - ok
16:30:38.0029 0x0d00 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:30:38.0029 0x0d00 kbdhid - ok
16:30:38.0069 0x0d00 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:30:38.0069 0x0d00 kmixer - ok
16:30:38.0089 0x0d00 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:30:38.0099 0x0d00 KSecDD - ok
16:30:38.0119 0x0d00 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:30:38.0129 0x0d00 lanmanserver - ok
16:30:38.0159 0x0d00 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:30:38.0169 0x0d00 lanmanworkstation - ok
16:30:38.0189 0x0d00 lbrtfdc - ok
16:30:38.0229 0x0d00 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:30:38.0229 0x0d00 LmHosts - ok
16:30:38.0259 0x0d00 [ 7584FFB07305D2E9E3823059A9310B0F, 80EF0030DE31BF48F9487BECF7EFBF9A440A067F93B24C08FD63FFEA873DD53D ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:30:38.0269 0x0d00 MarvinBus - ok
16:30:38.0279 0x0d00 [ A1E9D936EAC07EE9386E87BAC1377FAD, EEBAE640D7F9BDF632D4532BC92FC581682D298C8AB31545A3E84B6AD36D7CB9 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:30:38.0279 0x0d00 mdmxsdk - ok
16:30:38.0299 0x0d00 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:30:38.0309 0x0d00 Messenger - ok
16:30:38.0319 0x0d00 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:30:38.0319 0x0d00 mnmdd - ok
16:30:38.0339 0x0d00 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:30:38.0339 0x0d00 mnmsrvc - ok
16:30:38.0359 0x0d00 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:30:38.0359 0x0d00 Modem - ok
16:30:38.0379 0x0d00 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:30:38.0379 0x0d00 Mouclass - ok
16:30:38.0399 0x0d00 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:30:38.0399 0x0d00 mouhid - ok
16:30:38.0419 0x0d00 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:30:38.0419 0x0d00 MountMgr - ok
16:30:38.0439 0x0d00 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:30:38.0450 0x0d00 MozillaMaintenance - ok
16:30:38.0470 0x0d00 mraid35x - ok
16:30:38.0500 0x0d00 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:30:38.0510 0x0d00 MRxDAV - ok
16:30:38.0560 0x0d00 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:30:38.0580 0x0d00 MRxSmb - ok
16:30:38.0610 0x0d00 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:30:38.0610 0x0d00 MSDTC - ok
16:30:38.0640 0x0d00 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:30:38.0640 0x0d00 Msfs - ok
16:30:38.0660 0x0d00 MSIServer - ok
16:30:38.0670 0x0d00 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:30:38.0670 0x0d00 MSKSSRV - ok
16:30:38.0690 0x0d00 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:30:38.0690 0x0d00 MSPCLOCK - ok
16:30:38.0710 0x0d00 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:30:38.0710 0x0d00 MSPQM - ok
16:30:38.0730 0x0d00 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:30:38.0730 0x0d00 mssmbios - ok
16:30:38.0760 0x0d00 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:30:38.0760 0x0d00 Mup - ok
16:30:38.0800 0x0d00 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:30:38.0820 0x0d00 napagent - ok
16:30:38.0850 0x0d00 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:30:38.0860 0x0d00 NDIS - ok
16:30:38.0880 0x0d00 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:30:38.0880 0x0d00 NdisTapi - ok
16:30:38.0900 0x0d00 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:30:38.0900 0x0d00 Ndisuio - ok
16:30:38.0920 0x0d00 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:30:38.0930 0x0d00 NdisWan - ok
16:30:38.0950 0x0d00 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:30:38.0950 0x0d00 NDProxy - ok
16:30:38.0970 0x0d00 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:30:38.0970 0x0d00 NetBIOS - ok
16:30:39.0000 0x0d00 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:30:39.0010 0x0d00 NetBT - ok
16:30:39.0030 0x0d00 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
16:30:39.0040 0x0d00 NetDDE - ok
16:30:39.0060 0x0d00 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:30:39.0070 0x0d00 NetDDEdsdm - ok
16:30:39.0090 0x0d00 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:30:39.0090 0x0d00 Netlogon - ok
16:30:39.0110 0x0d00 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
16:30:39.0130 0x0d00 Netman - ok
16:30:39.0151 0x0d00 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:30:39.0161 0x0d00 NetTcpPortSharing - ok
16:30:39.0171 0x0d00 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:30:39.0181 0x0d00 NIC1394 - ok
16:30:39.0211 0x0d00 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
16:30:39.0221 0x0d00 Nla - ok
16:30:39.0241 0x0d00 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:30:39.0241 0x0d00 Npfs - ok
16:30:39.0291 0x0d00 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:30:39.0331 0x0d00 Ntfs - ok
16:30:39.0351 0x0d00 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:30:39.0351 0x0d00 NtLmSsp - ok
16:30:39.0401 0x0d00 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:30:39.0421 0x0d00 NtmsSvc - ok
16:30:39.0451 0x0d00 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
16:30:39.0451 0x0d00 Null - ok
16:30:39.0471 0x0d00 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:30:39.0471 0x0d00 NwlnkFlt - ok
16:30:39.0491 0x0d00 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:30:39.0501 0x0d00 NwlnkFwd - ok
16:30:39.0541 0x0d00 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
16:30:39.0571 0x0d00 odserv - ok
16:30:39.0601 0x0d00 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:30:39.0601 0x0d00 ohci1394 - ok
16:30:39.0631 0x0d00 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:30:39.0641 0x0d00 ose - ok
16:30:39.0661 0x0d00 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:30:39.0661 0x0d00 Parport - ok
16:30:39.0691 0x0d00 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:30:39.0691 0x0d00 PartMgr - ok
16:30:39.0711 0x0d00 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:30:39.0711 0x0d00 ParVdm - ok
16:30:39.0731 0x0d00 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:30:39.0731 0x0d00 PCI - ok
16:30:39.0751 0x0d00 PCIDump - ok
16:30:39.0771 0x0d00 PCIIde - ok
16:30:39.0791 0x0d00 [ 1BEBE7DE8508A02650CDCE45C664C2A2, 67841EA7F1F6B7F19ABD38A004B23610A21AD5BD5E508EED16CC7856CBE44D9C ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
16:30:39.0791 0x0d00 PCLEPCI - ok
16:30:39.0821 0x0d00 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:30:39.0831 0x0d00 Pcmcia - ok
16:30:39.0842 0x0d00 PDCOMP - ok
16:30:39.0852 0x0d00 PDFRAME - ok
16:30:39.0872 0x0d00 PDRELI - ok
16:30:39.0892 0x0d00 PDRFRAME - ok
16:30:39.0902 0x0d00 perc2 - ok
16:30:39.0922 0x0d00 perc2hib - ok
16:30:39.0972 0x0d00 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
16:30:39.0982 0x0d00 PlugPlay - ok
16:30:39.0992 0x0d00 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:30:39.0992 0x0d00 PolicyAgent - ok
16:30:40.0012 0x0d00 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:30:40.0022 0x0d00 PptpMiniport - ok
16:30:40.0032 0x0d00 [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:30:40.0042 0x0d00 Processor - ok
16:30:40.0062 0x0d00 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:30:40.0062 0x0d00 ProtectedStorage - ok
16:30:40.0082 0x0d00 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:30:40.0082 0x0d00 PSched - ok
16:30:40.0102 0x0d00 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:30:40.0102 0x0d00 Ptilink - ok
16:30:40.0122 0x0d00 ql1080 - ok
16:30:40.0142 0x0d00 Ql10wnt - ok
16:30:40.0162 0x0d00 ql12160 - ok
16:30:40.0182 0x0d00 ql1240 - ok
16:30:40.0212 0x0d00 ql1280 - ok
16:30:40.0222 0x0d00 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:30:40.0232 0x0d00 RasAcd - ok
16:30:40.0262 0x0d00 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:30:40.0272 0x0d00 RasAuto - ok
16:30:40.0282 0x0d00 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:30:40.0292 0x0d00 Rasl2tp - ok
16:30:40.0312 0x0d00 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:30:40.0332 0x0d00 RasMan - ok
16:30:40.0342 0x0d00 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:30:40.0352 0x0d00 RasPppoe - ok
16:30:40.0362 0x0d00 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:30:40.0372 0x0d00 Raspti - ok
16:30:40.0392 0x0d00 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:30:40.0402 0x0d00 Rdbss - ok
16:30:40.0422 0x0d00 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:30:40.0422 0x0d00 RDPCDD - ok
16:30:40.0452 0x0d00 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:30:40.0462 0x0d00 rdpdr - ok
16:30:40.0492 0x0d00 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:30:40.0512 0x0d00 RDPWD - ok
16:30:40.0532 0x0d00 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:30:40.0543 0x0d00 RDSessMgr - ok
16:30:40.0563 0x0d00 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:30:40.0563 0x0d00 redbook - ok
16:30:40.0583 0x0d00 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:30:40.0583 0x0d00 RemoteAccess - ok
16:30:40.0603 0x0d00 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:30:40.0613 0x0d00 RemoteRegistry - ok
16:30:40.0633 0x0d00 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\System32\locator.exe
16:30:40.0633 0x0d00 RpcLocator - ok
16:30:40.0673 0x0d00 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:30:40.0693 0x0d00 RpcSs - ok
16:30:40.0723 0x0d00 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:30:40.0733 0x0d00 RSVP - ok
16:30:40.0743 0x0d00 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
16:30:40.0743 0x0d00 SamSs - ok
16:30:40.0773 0x0d00 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:30:40.0773 0x0d00 SCardSvr - ok
16:30:40.0803 0x0d00 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:30:40.0813 0x0d00 Schedule - ok
16:30:40.0843 0x0d00 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:30:40.0843 0x0d00 Secdrv - ok
16:30:40.0863 0x0d00 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
16:30:40.0863 0x0d00 seclogon - ok
16:30:40.0883 0x0d00 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
16:30:40.0883 0x0d00 SENS - ok
16:30:40.0903 0x0d00 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:30:40.0903 0x0d00 serenum - ok
16:30:40.0923 0x0d00 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:30:40.0933 0x0d00 Serial - ok
16:30:40.0993 0x0d00 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:30:40.0993 0x0d00 Sfloppy - ok
16:30:41.0023 0x0d00 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:30:41.0043 0x0d00 SharedAccess - ok
16:30:41.0063 0x0d00 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:30:41.0073 0x0d00 ShellHWDetection - ok
16:30:41.0093 0x0d00 Simbad - ok
16:30:41.0123 0x0d00 Sparrow - ok
16:30:41.0143 0x0d00 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:30:41.0143 0x0d00 splitter - ok
16:30:41.0163 0x0d00 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:30:41.0163 0x0d00 Spooler - ok
16:30:41.0183 0x0d00 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\System32\DRIVERS\sr.sys
16:30:41.0193 0x0d00 sr - ok
16:30:41.0223 0x0d00 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\System32\srsvc.dll
16:30:41.0234 0x0d00 srservice - ok
16:30:41.0274 0x0d00 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:30:41.0294 0x0d00 Srv - ok
16:30:41.0314 0x0d00 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:30:41.0314 0x0d00 SSDPSRV - ok
16:30:41.0334 0x0d00 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:30:41.0334 0x0d00 ssmdrv - ok
16:30:41.0374 0x0d00 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:30:41.0404 0x0d00 stisvc - ok
16:30:41.0424 0x0d00 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:30:41.0424 0x0d00 swenum - ok
16:30:41.0444 0x0d00 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:30:41.0444 0x0d00 swmidi - ok
16:30:41.0464 0x0d00 SwPrv - ok
16:30:41.0494 0x0d00 symc810 - ok
16:30:41.0514 0x0d00 symc8xx - ok
16:30:41.0534 0x0d00 sym_hi - ok
16:30:41.0544 0x0d00 sym_u3 - ok
16:30:41.0914 0x0d00 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:30:41.0924 0x0d00 sysaudio - ok
16:30:41.0945 0x0d00 syshost32 - ok
16:30:41.0965 0x0d00 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:30:41.0975 0x0d00 SysmonLog - ok
16:30:42.0015 0x0d00 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:30:42.0025 0x0d00 TapiSrv - ok
16:30:42.0065 0x0d00 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:30:42.0085 0x0d00 Tcpip - ok
16:30:42.0105 0x0d00 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:30:42.0105 0x0d00 TDPIPE - ok
16:30:42.0125 0x0d00 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:30:42.0125 0x0d00 TDTCP - ok
16:30:42.0145 0x0d00 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:30:42.0165 0x0d00 TermDD - ok
16:30:42.0195 0x0d00 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
16:30:42.0215 0x0d00 TermService - ok
16:30:42.0245 0x0d00 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:30:42.0255 0x0d00 Themes - ok
16:30:42.0275 0x0d00 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
16:30:42.0295 0x0d00 TlntSvr - ok
16:30:42.0305 0x0d00 TosIde - ok
16:30:42.0335 0x0d00 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:30:42.0345 0x0d00 TrkWks - ok
16:30:42.0375 0x0d00 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:30:42.0385 0x0d00 Udfs - ok
16:30:42.0415 0x0d00 ultra - ok
16:30:42.0465 0x0d00 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:30:42.0475 0x0d00 Update - ok
16:30:42.0515 0x0d00 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:30:42.0525 0x0d00 upnphost - ok
16:30:42.0555 0x0d00 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
16:30:42.0555 0x0d00 UPS - ok
16:30:42.0575 0x0d00 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:30:42.0575 0x0d00 usbccgp - ok
16:30:42.0595 0x0d00 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:30:42.0595 0x0d00 usbehci - ok
16:30:42.0626 0x0d00 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:30:42.0636 0x0d00 usbhub - ok
16:30:42.0656 0x0d00 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:30:42.0656 0x0d00 usbohci - ok
16:30:42.0676 0x0d00 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:30:42.0676 0x0d00 USBSTOR - ok
16:30:42.0696 0x0d00 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:30:42.0696 0x0d00 usbuhci - ok
16:30:42.0716 0x0d00 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:30:42.0716 0x0d00 VgaSave - ok
16:30:42.0736 0x0d00 ViaIde - ok
16:30:42.0756 0x0d00 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:30:42.0766 0x0d00 VolSnap - ok
16:30:42.0796 0x0d00 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
16:30:42.0816 0x0d00 VSS - ok
16:30:42.0846 0x0d00 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\System32\w32time.dll
16:30:42.0866 0x0d00 W32Time - ok
16:30:42.0896 0x0d00 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:30:42.0896 0x0d00 Wanarp - ok
16:30:42.0916 0x0d00 WDICA - ok
16:30:42.0936 0x0d00 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:30:42.0946 0x0d00 wdmaud - ok
16:30:42.0966 0x0d00 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
16:30:42.0976 0x0d00 WebClient - ok
16:30:43.0026 0x0d00 [ 3085330815CB14FC740053B610F8A1D3, BD43371B5600986CC9F8453CE8886526428D0CAAB345E82D3EA3315F1948EA9A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:30:43.0056 0x0d00 winachsf - ok
16:30:43.0096 0x0d00 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:30:43.0106 0x0d00 winmgmt - ok
16:30:43.0146 0x0d00 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:30:43.0146 0x0d00 WmdmPmSN - ok
16:30:43.0206 0x0d00 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:30:43.0236 0x0d00 Wmi - ok
16:30:43.0276 0x0d00 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:30:43.0286 0x0d00 WmiApSrv - ok
16:30:43.0357 0x0d00 [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
16:30:43.0417 0x0d00 WMPNetworkSvc - ok
16:30:43.0447 0x0d00 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:30:43.0447 0x0d00 WpdUsb - ok
16:30:43.0517 0x0d00 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:30:43.0557 0x0d00 WPFFontCache_v0400 - ok
16:30:43.0587 0x0d00 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:30:43.0597 0x0d00 wscsvc - ok
16:30:43.0617 0x0d00 WSearch - ok
16:30:43.0647 0x0d00 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:30:43.0647 0x0d00 wuauserv - ok
16:30:43.0677 0x0d00 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:30:43.0677 0x0d00 WudfPf - ok
16:30:43.0707 0x0d00 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:30:43.0707 0x0d00 WudfRd - ok
16:30:43.0727 0x0d00 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:30:43.0737 0x0d00 WudfSvc - ok
16:30:43.0787 0x0d00 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:30:43.0807 0x0d00 WZCSVC - ok
16:30:43.0837 0x0d00 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:30:43.0847 0x0d00 xmlprov - ok
16:30:43.0877 0x0d00 ================ Scan global ===============================
16:30:43.0897 0x0d00 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
16:30:43.0927 0x0d00 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
16:30:43.0977 0x0d00 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
16:30:44.0007 0x0d00 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
16:30:44.0007 0x0d00 [ Global ] - ok
16:30:44.0007 0x0d00 ================ Scan MBR ==================================
16:30:44.0018 0x0d00 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
16:30:44.0198 0x0d00 \Device\Harddisk0\DR0 - ok
16:30:44.0208 0x0d00 ================ Scan VBR ==================================
16:30:44.0218 0x0d00 [ BFBA8CB8B959E159D835C23067E4BBAB ] \Device\Harddisk0\DR0\Partition1
16:30:44.0218 0x0d00 \Device\Harddisk0\DR0\Partition1 - ok
16:30:44.0228 0x0d00 [ 36F13E87439F5EAC4D94E3ADB1245ADF ] \Device\Harddisk0\DR0\Partition2
16:30:44.0238 0x0d00 \Device\Harddisk0\DR0\Partition2 - ok
16:30:44.0238 0x0d00 ================ Scan generic autorun ======================
16:30:44.0278 0x0d00 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
16:30:44.0278 0x0d00 ATIModeChange - ok
16:30:44.0308 0x0d00 [ B320608941EF15D28C2785F3977129F7, EC46AF54D4ED054194F8581E5CD5E36B862D3AF4F77A36E3FAF1F673BCE1B085 ] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
16:30:44.0318 0x0d00 ATIPTA - ok
16:30:44.0348 0x0d00 [ A0B4823C28AD825728550796042C68A4, 1FCA79ADCE89E37D85FC1BF23BC56C2B5150C417513E4ED1A7EC1AA94095DE7E ] C:\Programme\Apoint\Apoint.exe
16:30:44.0358 0x0d00 Apoint - ok
16:30:44.0418 0x0d00 [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
16:30:44.0448 0x0d00 avgnt - ok
16:30:44.0478 0x0d00 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\System32\CTFMON.EXE
16:30:44.0478 0x0d00 CTFMON.EXE - ok
16:30:44.0488 0x0d00 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\System32\CTFMON.EXE
16:30:44.0488 0x0d00 CTFMON.EXE - ok
16:30:44.0508 0x0d00 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
16:30:44.0508 0x0d00 CTFMON.EXE - ok
16:30:44.0518 0x0d00 Waiting for KSN requests completion. In queue: 238
16:30:45.0520 0x0d00 Waiting for KSN requests completion. In queue: 238
16:30:46.0521 0x0d00 Waiting for KSN requests completion. In queue: 238
16:30:47.0613 0x0d00 AV detected via SS1: Avira Desktop, 14.0.6.522, disabled, updated
16:30:47.0623 0x0d00 Win FW state via NFM: enabled
16:30:49.0976 0x0d00 ============================================================
16:30:49.0976 0x0d00 Scan finished
16:30:49.0976 0x0d00 ============================================================
16:30:49.0986 0x0cf8 Detected object count: 1
16:30:49.0986 0x0cf8 Actual detected object count: 1
16:34:14.0490 0x0cf8 adf024b6850f634 ( Rootkit.Win32.Necurs.gen ) - skipped by user
16:34:14.0490 0x0cf8 adf024b6850f634 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip

schrauber 14.09.2014 18:34
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307





Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

foxproducts 14.09.2014 20:01
OK, das mit dem Code hab ich jetzt auch begriffen!
Hier der Log nach delete...

Code:
20:50:40.0000 0x074c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:50:41.0542 0x074c  ============================================================
20:50:41.0542 0x074c  Current date / time: 2014/09/14 20:50:41.0542
20:50:41.0542 0x074c  SystemInfo:
20:50:41.0542 0x074c 
20:50:41.0542 0x074c  OS Version: 5.1.2600 ServicePack: 3.0
20:50:41.0542 0x074c  Product type: Workstation
20:50:41.0552 0x074c  ComputerName: FOXPRODUCTS
20:50:41.0552 0x074c  UserName: fox
20:50:41.0552 0x074c  Windows directory: C:\WINDOWS
20:50:41.0552 0x074c  System windows directory: C:\WINDOWS
20:50:41.0552 0x074c  Processor architecture: Intel x86
20:50:41.0552 0x074c  Number of processors: 1
20:50:41.0552 0x074c  Page size: 0x1000
20:50:41.0552 0x074c  Boot type: Normal boot
20:50:41.0552 0x074c  ============================================================
20:50:41.0552 0x074c  BG loaded
20:50:45.0718 0x074c  System UUID: {5D2525DF-CD2A-BB78-9471-D074120B09BA}
20:50:49.0944 0x074c  Drive \Device\Harddisk0\DR0 - Size: 0x1DE7FA0000 ( 119.62 Gb ), SectorSize: 0x200, Cylinders: 0x3D00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
20:50:50.0004 0x074c  ============================================================
20:50:50.0004 0x074c  \Device\Harddisk0\DR0:
20:50:50.0044 0x074c  MBR partitions:
20:50:50.0044 0x074c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
20:50:50.0084 0x074c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2800AB2, BlocksNum 0xB400F66
20:50:50.0104 0x074c  ============================================================
20:50:50.0214 0x074c  C: <-> \Device\Harddisk0\DR0\Partition1
20:50:50.0435 0x074c  D: <-> \Device\Harddisk0\DR0\Partition2
20:50:50.0435 0x074c  ============================================================
20:50:50.0435 0x074c  Initialize success
20:50:50.0435 0x074c  ============================================================
20:51:53.0505 0x09b0  ============================================================
20:51:53.0505 0x09b0  Scan started
20:51:53.0505 0x09b0  Mode: Manual;
20:51:53.0505 0x09b0  ============================================================
20:51:53.0505 0x09b0  KSN ping started
20:52:14.0846 0x09b0  KSN ping finished: true
20:52:15.0507 0x09b0  ================ Scan system memory ========================
20:52:15.0507 0x09b0  System memory - ok
20:52:15.0517 0x09b0  ================ Scan services =============================
20:52:15.0757 0x09b0  Abiosdsk - ok
20:52:15.0797 0x09b0  abp480n5 - ok
20:52:15.0817 0x09b0  [ 0F2D66D5F08EBE2F77BB904288DCF6F0, 5969A64B6995DCAF16F9A76BD1235472F76D71DFE629B956221D2C3D73EDF98A ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
20:52:15.0917 0x09b0  ac97intc - ok
20:52:16.0248 0x09b0  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:52:16.0468 0x09b0  ACPI - ok
20:52:16.0478 0x09b0  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:52:16.0548 0x09b0  ACPIEC - ok
20:52:16.0568 0x09b0  adpu160m - ok
20:52:16.0608 0x09b0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec            C:\WINDOWS\system32\drivers\aec.sys
20:52:16.0699 0x09b0  aec - ok
20:52:16.0739 0x09b0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
20:52:16.0829 0x09b0  AFD - ok
20:52:16.0859 0x09b0  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:52:16.0949 0x09b0  agp440 - ok
20:52:16.0959 0x09b0  Aha154x - ok
20:52:16.0989 0x09b0  aic78u2 - ok
20:52:17.0009 0x09b0  aic78xx - ok
20:52:17.0029 0x09b0  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
20:52:17.0079 0x09b0  Alerter - ok
20:52:17.0099 0x09b0  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG            C:\WINDOWS\System32\alg.exe
20:52:17.0099 0x09b0  ALG - ok
20:52:17.0119 0x09b0  AliIde - ok
20:52:17.0139 0x09b0  amsint - ok
20:52:17.0229 0x09b0  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:52:17.0309 0x09b0  AntiVirSchedulerService - ok
20:52:17.0380 0x09b0  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:52:17.0480 0x09b0  AntiVirService - ok
20:52:17.0530 0x09b0  [ AEB775A2BAE0F392BA6ADC0BB706233A, 4D2F12AE674C0D8C256CAF3C45D03598A8C74E4E2B99E9674072D43D5A39804A ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:52:17.0590 0x09b0  ApfiltrService - ok
20:52:17.0620 0x09b0  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
20:52:17.0820 0x09b0  AppMgmt - ok
20:52:17.0840 0x09b0  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:52:17.0930 0x09b0  Arp1394 - ok
20:52:17.0970 0x09b0  [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E, 71FE8F94C2A71F1D97972C3E36A0D18B293C45941639B34D34BE22C60C751A48 ] ASAPIW2k        C:\WINDOWS\system32\drivers\ASAPIW2k.sys
20:52:18.0011 0x09b0  ASAPIW2k - ok
20:52:18.0031 0x09b0  asc - ok
20:52:18.0071 0x09b0  asc3350p - ok
20:52:18.0081 0x09b0  asc3550 - ok
20:52:18.0171 0x09b0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:52:18.0251 0x09b0  aspnet_state - ok
20:52:18.0291 0x09b0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:52:18.0331 0x09b0  AsyncMac - ok
20:52:18.0391 0x09b0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
20:52:18.0451 0x09b0  atapi - ok
20:52:18.0461 0x09b0  Atdisk - ok
20:52:18.0501 0x09b0  [ 1E39315954949A2A31FA45C08BE85499, C3834297D6ED5296A3648D5DD27939177AF25BBC9D438A87E5A6C1778A9E7115 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:52:18.0591 0x09b0  Ati HotKey Poller - ok
20:52:18.0641 0x09b0  [ 6361D85FAF2442BBEE2C25ADA6CB8512, 49BA3AB532797D2E6EE40921FB833029DE1B7D59B683C3D9B2E786CC08F064B3 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:52:18.0782 0x09b0  ati2mtag - ok
20:52:18.0822 0x09b0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:52:18.0922 0x09b0  Atmarpc - ok
20:52:18.0942 0x09b0  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:52:18.0992 0x09b0  AudioSrv - ok
20:52:19.0012 0x09b0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
20:52:19.0032 0x09b0  audstub - ok
20:52:19.0062 0x09b0  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:52:19.0092 0x09b0  avgntflt - ok
20:52:19.0122 0x09b0  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:52:19.0162 0x09b0  avipbb - ok
20:52:19.0192 0x09b0  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:52:19.0222 0x09b0  avkmgr - ok
20:52:19.0242 0x09b0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:52:19.0252 0x09b0  Beep - ok
20:52:19.0282 0x09b0  [ 4AF6B0CCD9974A69DF2C91301370B381, C33D7F12C9E81C4D7A5FDD642D975448DF78EC708115951078E4FDB80B13235A ] BingDesktopUpdate C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
20:52:19.0312 0x09b0  BingDesktopUpdate - ok
20:52:19.0352 0x09b0  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            C:\WINDOWS\System32\qmgr.dll
20:52:19.0403 0x09b0  BITS - ok
20:52:19.0423 0x09b0  [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser        C:\WINDOWS\System32\browser.dll
20:52:19.0463 0x09b0  Browser - ok
20:52:19.0483 0x09b0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
20:52:19.0493 0x09b0  cbidf2k - ok
20:52:19.0513 0x09b0  cd20xrnt - ok
20:52:19.0533 0x09b0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
20:52:19.0543 0x09b0  Cdaudio - ok
20:52:19.0563 0x09b0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:52:19.0593 0x09b0  Cdfs - ok
20:52:19.0613 0x09b0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:52:19.0643 0x09b0  Cdrom - ok
20:52:19.0673 0x09b0  Changer - ok
20:52:19.0693 0x09b0  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc          C:\WINDOWS\system32\cisvc.exe
20:52:19.0713 0x09b0  CiSvc - ok
20:52:19.0733 0x09b0  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
20:52:19.0753 0x09b0  ClipSrv - ok
20:52:19.0773 0x09b0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:19.0803 0x09b0  clr_optimization_v2.0.50727_32 - ok
20:52:19.0843 0x09b0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:19.0893 0x09b0  clr_optimization_v4.0.30319_32 - ok
20:52:19.0913 0x09b0  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:52:19.0923 0x09b0  CmBatt - ok
20:52:19.0943 0x09b0  CmdIde - ok
20:52:19.0963 0x09b0  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:52:19.0973 0x09b0  Compbatt - ok
20:52:19.0993 0x09b0  COMSysApp - ok
20:52:20.0023 0x09b0  Cpqarray - ok
20:52:20.0053 0x09b0  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:52:20.0083 0x09b0  CryptSvc - ok
20:52:20.0104 0x09b0  [ 53E6F4B94EB64438164348DF7DCF35C5, 012F783880C366570CC1365972E15310BB507DDB689C9A42F7BB9570361D0A8B ] cs429x          C:\WINDOWS\system32\drivers\cwawdm.sys
20:52:20.0124 0x09b0  cs429x - ok
20:52:20.0144 0x09b0  dac2w2k - ok
20:52:20.0164 0x09b0  dac960nt - ok
20:52:20.0204 0x09b0  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:52:20.0234 0x09b0  DcomLaunch - ok
20:52:20.0264 0x09b0  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:52:20.0264 0x09b0  Dhcp - ok
20:52:20.0284 0x09b0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:52:20.0304 0x09b0  Disk - ok
20:52:20.0324 0x09b0  dmadmin - ok
20:52:20.0394 0x09b0  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:52:20.0474 0x09b0  dmboot - ok
20:52:20.0504 0x09b0  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:52:20.0584 0x09b0  dmio - ok
20:52:20.0594 0x09b0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:52:20.0604 0x09b0  dmload - ok
20:52:20.0624 0x09b0  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:52:20.0644 0x09b0  dmserver - ok
20:52:20.0664 0x09b0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:52:20.0674 0x09b0  DMusic - ok
20:52:20.0694 0x09b0  [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:52:20.0714 0x09b0  Dnscache - ok
20:52:20.0734 0x09b0  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
20:52:20.0774 0x09b0  Dot3svc - ok
20:52:20.0795 0x09b0  dpti2o - ok
20:52:20.0805 0x09b0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
20:52:20.0825 0x09b0  drmkaud - ok
20:52:20.0845 0x09b0  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost        C:\WINDOWS\System32\eapsvc.dll
20:52:20.0855 0x09b0  EapHost - ok
20:52:20.0875 0x09b0  [ 8B33194D1290595FEE065889374EE5F9, B2AFA5B8423E5A8A5D6CC3472BCF0B3F7060993F52360140256E1D46E3F6C2AE ] EL90XBC        C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:52:20.0895 0x09b0  EL90XBC - ok
20:52:20.0915 0x09b0  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
20:52:20.0925 0x09b0  ERSvc - ok
20:52:20.0945 0x09b0  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog        C:\WINDOWS\system32\services.exe
20:52:20.0975 0x09b0  Eventlog - ok
20:52:21.0005 0x09b0  [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem    C:\WINDOWS\System32\es.dll
20:52:21.0045 0x09b0  EventSystem - ok
20:52:21.0075 0x09b0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
20:52:21.0105 0x09b0  Fastfat - ok
20:52:21.0135 0x09b0  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:52:21.0155 0x09b0  FastUserSwitchingCompatibility - ok
20:52:21.0175 0x09b0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
20:52:21.0185 0x09b0  Fdc - ok
20:52:21.0205 0x09b0  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:52:21.0225 0x09b0  Fips - ok
20:52:21.0245 0x09b0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:52:21.0255 0x09b0  Flpydisk - ok
20:52:21.0285 0x09b0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:52:21.0315 0x09b0  FltMgr - ok
20:52:21.0335 0x09b0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:21.0355 0x09b0  FontCache3.0.0.0 - ok
20:52:21.0375 0x09b0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:52:21.0385 0x09b0  Fs_Rec - ok
20:52:21.0415 0x09b0  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:52:21.0445 0x09b0  Ftdisk - ok
20:52:21.0465 0x09b0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:52:21.0485 0x09b0  Gpc - ok
20:52:21.0506 0x09b0  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:52:21.0526 0x09b0  helpsvc - ok
20:52:21.0546 0x09b0  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ        C:\WINDOWS\System32\hidserv.dll
20:52:21.0566 0x09b0  HidServ - ok
20:52:21.0586 0x09b0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:52:21.0596 0x09b0  HidUsb - ok
20:52:21.0616 0x09b0  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:52:21.0636 0x09b0  hkmsvc - ok
20:52:21.0646 0x09b0  hpn - ok
20:52:21.0676 0x09b0  [ C217100A04E6773CFB2D2A8B4C4AB836, 8A675D677C7888A77A160163FD7C58FE55C72018814E250712B8FD07D2429EB7 ] HSFHWICH        C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:52:21.0696 0x09b0  HSFHWICH - ok
20:52:21.0786 0x09b0  [ 757491EC8C95A3AA4814EA25CDC2B1BA, 7671247DA99319A563F16F8860849598BF9D93FE12941D60DF1EA4FCCBE8A968 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:52:21.0866 0x09b0  HSF_DP - ok
20:52:21.0906 0x09b0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:52:21.0946 0x09b0  HTTP - ok
20:52:21.0966 0x09b0  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:52:21.0976 0x09b0  HTTPFilter - ok
20:52:22.0006 0x09b0  hwdatacard - ok
20:52:22.0036 0x09b0  i2omgmt - ok
20:52:22.0056 0x09b0  i2omp - ok
20:52:22.0076 0x09b0  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:52:22.0096 0x09b0  i8042prt - ok
20:52:22.0166 0x09b0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc          C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:22.0267 0x09b0  idsvc - ok
20:52:22.0297 0x09b0  [ A06EFD4965F8A3F97A8C9A291D032678, 3B78AFB110A115F7C2136EBFE715CBC073EC341AA0457A1E41D64F9B269DE5BC ] IJPLMSVC        C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
20:52:22.0327 0x09b0  IJPLMSVC - ok
20:52:22.0347 0x09b0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
20:52:22.0357 0x09b0  Imapi - ok
20:52:22.0387 0x09b0  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\System32\imapi.exe
20:52:22.0397 0x09b0  ImapiService - ok
20:52:22.0417 0x09b0  ini910u - ok
20:52:22.0447 0x09b0  [ 69C4E3C9E67A1F103B94E14FDD5F3213, 894ABDDBF95E3FFE59A4621AF94AFA7E6F6D780420845078622C76624C0326D2 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:52:22.0447 0x09b0  IntelIde - ok
20:52:22.0467 0x09b0  [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:52:22.0487 0x09b0  intelppm - ok
20:52:22.0507 0x09b0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw          C:\WINDOWS\system32\drivers\ip6fw.sys
20:52:22.0517 0x09b0  ip6fw - ok
20:52:22.0537 0x09b0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:52:22.0557 0x09b0  IpFilterDriver - ok
20:52:22.0577 0x09b0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:52:22.0597 0x09b0  IpInIp - ok
20:52:22.0627 0x09b0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:52:22.0647 0x09b0  IpNat - ok
20:52:22.0667 0x09b0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:52:22.0687 0x09b0  IPSec - ok
20:52:22.0707 0x09b0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:52:22.0717 0x09b0  IRENUM - ok
20:52:22.0737 0x09b0  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:52:22.0757 0x09b0  isapnp - ok
20:52:22.0777 0x09b0  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:52:22.0787 0x09b0  Kbdclass - ok
20:52:22.0807 0x09b0  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:52:22.0817 0x09b0  kbdhid - ok
20:52:22.0847 0x09b0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:52:22.0877 0x09b0  kmixer - ok
20:52:22.0898 0x09b0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:52:22.0918 0x09b0  KSecDD - ok
20:52:22.0948 0x09b0  [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:52:22.0968 0x09b0  lanmanserver - ok
20:52:22.0998 0x09b0  [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:52:23.0018 0x09b0  lanmanworkstation - ok
20:52:23.0038 0x09b0  lbrtfdc - ok
20:52:23.0078 0x09b0  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
20:52:23.0088 0x09b0  LmHosts - ok
20:52:23.0118 0x09b0  [ 7584FFB07305D2E9E3823059A9310B0F, 80EF0030DE31BF48F9487BECF7EFBF9A440A067F93B24C08FD63FFEA873DD53D ] MarvinBus      C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
20:52:23.0138 0x09b0  MarvinBus - ok
20:52:23.0148 0x09b0  [ A1E9D936EAC07EE9386E87BAC1377FAD, EEBAE640D7F9BDF632D4532BC92FC581682D298C8AB31545A3E84B6AD36D7CB9 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:52:23.0168 0x09b0  mdmxsdk - ok
20:52:23.0188 0x09b0  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
20:52:23.0218 0x09b0  Messenger - ok
20:52:23.0228 0x09b0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
20:52:23.0238 0x09b0  mnmdd - ok
20:52:23.0258 0x09b0  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc        C:\WINDOWS\System32\mnmsrvc.exe
20:52:23.0278 0x09b0  mnmsrvc - ok
20:52:23.0298 0x09b0  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
20:52:23.0318 0x09b0  Modem - ok
20:52:23.0328 0x09b0  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:52:23.0358 0x09b0  Mouclass - ok
20:52:23.0378 0x09b0  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:52:23.0398 0x09b0  mouhid - ok
20:52:23.0408 0x09b0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:52:23.0428 0x09b0  MountMgr - ok
20:52:23.0458 0x09b0  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:52:23.0488 0x09b0  MozillaMaintenance - ok
20:52:23.0508 0x09b0  mraid35x - ok
20:52:23.0538 0x09b0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:52:23.0579 0x09b0  MRxDAV - ok
20:52:23.0629 0x09b0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:52:23.0669 0x09b0  MRxSmb - ok
20:52:23.0699 0x09b0  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC          C:\WINDOWS\System32\msdtc.exe
20:52:23.0709 0x09b0  MSDTC - ok
20:52:23.0739 0x09b0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:52:23.0759 0x09b0  Msfs - ok
20:52:23.0769 0x09b0  MSIServer - ok
20:52:23.0789 0x09b0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:52:23.0799 0x09b0  MSKSSRV - ok
20:52:23.0829 0x09b0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:52:23.0839 0x09b0  MSPCLOCK - ok
20:52:23.0859 0x09b0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
20:52:23.0869 0x09b0  MSPQM - ok
20:52:23.0889 0x09b0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:52:23.0909 0x09b0  mssmbios - ok
20:52:23.0929 0x09b0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
20:52:23.0959 0x09b0  Mup - ok
20:52:23.0999 0x09b0  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:52:24.0059 0x09b0  napagent - ok
20:52:24.0089 0x09b0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:52:24.0139 0x09b0  NDIS - ok
20:52:24.0149 0x09b0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:52:24.0169 0x09b0  NdisTapi - ok
20:52:24.0189 0x09b0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:52:24.0199 0x09b0  Ndisuio - ok
20:52:24.0219 0x09b0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:52:24.0239 0x09b0  NdisWan - ok
20:52:24.0270 0x09b0  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
20:52:24.0280 0x09b0  NDProxy - ok
20:52:24.0300 0x09b0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
20:52:24.0320 0x09b0  NetBIOS - ok
20:52:24.0340 0x09b0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
20:52:24.0370 0x09b0  NetBT - ok
20:52:24.0400 0x09b0  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:52:24.0430 0x09b0  NetDDE - ok
20:52:24.0450 0x09b0  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:52:24.0450 0x09b0  NetDDEdsdm - ok
20:52:24.0470 0x09b0  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        C:\WINDOWS\System32\lsass.exe
20:52:24.0490 0x09b0  Netlogon - ok
20:52:24.0520 0x09b0  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          C:\WINDOWS\System32\netman.dll
20:52:24.0550 0x09b0  Netman - ok
20:52:24.0580 0x09b0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:24.0620 0x09b0  NetTcpPortSharing - ok
20:52:24.0640 0x09b0  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:52:24.0660 0x09b0  NIC1394 - ok
20:52:24.0690 0x09b0  [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla            C:\WINDOWS\System32\mswsock.dll
20:52:24.0710 0x09b0  Nla - ok
20:52:24.0730 0x09b0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:52:24.0740 0x09b0  Npfs - ok
20:52:24.0790 0x09b0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:52:24.0880 0x09b0  Ntfs - ok
20:52:24.0900 0x09b0  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp        C:\WINDOWS\System32\lsass.exe
20:52:24.0910 0x09b0  NtLmSsp - ok
20:52:25.0021 0x09b0  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
20:52:25.0131 0x09b0  NtmsSvc - ok
20:52:25.0181 0x09b0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:52:25.0201 0x09b0  Null - ok
20:52:25.0221 0x09b0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:52:25.0261 0x09b0  NwlnkFlt - ok
20:52:25.0281 0x09b0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:52:25.0301 0x09b0  NwlnkFwd - ok
20:52:25.0361 0x09b0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:52:25.0461 0x09b0  odserv - ok
20:52:25.0481 0x09b0  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:52:25.0501 0x09b0  ohci1394 - ok
20:52:25.0531 0x09b0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:52:25.0571 0x09b0  ose - ok
20:52:25.0601 0x09b0  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
20:52:25.0621 0x09b0  Parport - ok
20:52:25.0641 0x09b0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
20:52:25.0662 0x09b0  PartMgr - ok
20:52:25.0682 0x09b0  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:52:25.0702 0x09b0  ParVdm - ok
20:52:25.0722 0x09b0  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
20:52:25.0742 0x09b0  PCI - ok
20:52:25.0762 0x09b0  PCIDump - ok
20:52:25.0772 0x09b0  PCIIde - ok
20:52:25.0802 0x09b0  [ 1BEBE7DE8508A02650CDCE45C664C2A2, 67841EA7F1F6B7F19ABD38A004B23610A21AD5BD5E508EED16CC7856CBE44D9C ] PCLEPCI        C:\WINDOWS\system32\drivers\pclepci.sys
20:52:25.0812 0x09b0  PCLEPCI - ok
20:52:25.0842 0x09b0  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:52:25.0882 0x09b0  Pcmcia - ok
20:52:25.0892 0x09b0  PDCOMP - ok
20:52:25.0912 0x09b0  PDFRAME - ok
20:52:25.0932 0x09b0  PDRELI - ok
20:52:25.0952 0x09b0  PDRFRAME - ok
20:52:25.0992 0x09b0  perc2 - ok
20:52:26.0022 0x09b0  perc2hib - ok
20:52:26.0102 0x09b0  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay        C:\WINDOWS\system32\services.exe
20:52:26.0102 0x09b0  PlugPlay - ok
20:52:26.0132 0x09b0  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent    C:\WINDOWS\System32\lsass.exe
20:52:26.0132 0x09b0  PolicyAgent - ok
20:52:26.0172 0x09b0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:52:26.0202 0x09b0  PptpMiniport - ok
20:52:26.0222 0x09b0  [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
20:52:26.0242 0x09b0  Processor - ok
20:52:26.0262 0x09b0  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:52:26.0272 0x09b0  ProtectedStorage - ok
20:52:26.0292 0x09b0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:52:26.0312 0x09b0  PSched - ok
20:52:26.0332 0x09b0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:52:26.0352 0x09b0  Ptilink - ok
20:52:26.0363 0x09b0  ql1080 - ok
20:52:26.0383 0x09b0  Ql10wnt - ok
20:52:26.0403 0x09b0  ql12160 - ok
20:52:26.0433 0x09b0  ql1240 - ok
20:52:26.0453 0x09b0  ql1280 - ok
20:52:26.0483 0x09b0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:52:26.0513 0x09b0  RasAcd - ok
20:52:26.0543 0x09b0  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
20:52:26.0563 0x09b0  RasAuto - ok
20:52:26.0583 0x09b0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:52:26.0613 0x09b0  Rasl2tp - ok
20:52:26.0643 0x09b0  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:52:26.0683 0x09b0  RasMan - ok
20:52:26.0703 0x09b0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:52:26.0723 0x09b0  RasPppoe - ok
20:52:26.0763 0x09b0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:52:26.0773 0x09b0  Raspti - ok
20:52:26.0813 0x09b0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:52:26.0843 0x09b0  Rdbss - ok
20:52:26.0863 0x09b0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:52:26.0873 0x09b0  RDPCDD - ok
20:52:26.0933 0x09b0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:52:26.0983 0x09b0  rdpdr - ok
20:52:27.0023 0x09b0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
20:52:27.0054 0x09b0  RDPWD - ok
20:52:27.0084 0x09b0  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
20:52:27.0134 0x09b0  RDSessMgr - ok
20:52:27.0154 0x09b0  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
20:52:27.0174 0x09b0  redbook - ok
20:52:27.0194 0x09b0  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:52:27.0214 0x09b0  RemoteAccess - ok
20:52:27.0234 0x09b0  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:52:27.0264 0x09b0  RemoteRegistry - ok
20:52:27.0284 0x09b0  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      C:\WINDOWS\System32\locator.exe
20:52:27.0304 0x09b0  RpcLocator - ok
20:52:27.0354 0x09b0  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
20:52:27.0384 0x09b0  RpcSs - ok
20:52:27.0414 0x09b0  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            C:\WINDOWS\System32\rsvp.exe
20:52:27.0464 0x09b0  RSVP - ok
20:52:27.0484 0x09b0  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs          C:\WINDOWS\system32\lsass.exe
20:52:27.0484 0x09b0  SamSs - ok
20:52:27.0514 0x09b0  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:52:27.0544 0x09b0  SCardSvr - ok
20:52:27.0574 0x09b0  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:52:27.0614 0x09b0  Schedule - ok
20:52:27.0654 0x09b0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:52:27.0684 0x09b0  Secdrv - ok
20:52:27.0704 0x09b0  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:52:27.0714 0x09b0  seclogon - ok
20:52:27.0734 0x09b0  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            C:\WINDOWS\system32\sens.dll
20:52:27.0775 0x09b0  SENS - ok
20:52:27.0785 0x09b0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
20:52:27.0805 0x09b0  serenum - ok
20:52:27.0825 0x09b0  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:52:27.0845 0x09b0  Serial - ok
20:52:27.0915 0x09b0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
20:52:27.0935 0x09b0  Sfloppy - ok
20:52:27.0975 0x09b0  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:52:27.0985 0x09b0  SharedAccess - ok
20:52:28.0035 0x09b0  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:52:28.0045 0x09b0  ShellHWDetection - ok
20:52:28.0065 0x09b0  Simbad - ok
20:52:28.0095 0x09b0  Sparrow - ok
20:52:28.0115 0x09b0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:52:28.0135 0x09b0  splitter - ok
20:52:28.0155 0x09b0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
20:52:28.0175 0x09b0  Spooler - ok
20:52:28.0195 0x09b0  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              C:\WINDOWS\System32\DRIVERS\sr.sys
20:52:28.0215 0x09b0  sr - ok
20:52:28.0345 0x09b0  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice      C:\WINDOWS\System32\srsvc.dll
20:52:28.0375 0x09b0  srservice - ok
20:52:28.0415 0x09b0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
20:52:28.0466 0x09b0  Srv - ok
20:52:28.0486 0x09b0  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
20:52:28.0496 0x09b0  SSDPSRV - ok
20:52:28.0516 0x09b0  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:52:28.0536 0x09b0  ssmdrv - ok
20:52:28.0586 0x09b0  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:52:28.0636 0x09b0  stisvc - ok
20:52:28.0666 0x09b0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:52:28.0686 0x09b0  swenum - ok
20:52:28.0706 0x09b0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:52:28.0726 0x09b0  swmidi - ok
20:52:28.0746 0x09b0  SwPrv - ok
20:52:28.0766 0x09b0  symc810 - ok
20:52:28.0776 0x09b0  symc8xx - ok
20:52:28.0806 0x09b0  sym_hi - ok
20:52:28.0826 0x09b0  sym_u3 - ok
20:52:28.0856 0x09b0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:52:28.0876 0x09b0  sysaudio - ok
20:52:28.0916 0x09b0  syshost32 - ok
20:52:28.0936 0x09b0  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
20:52:28.0976 0x09b0  SysmonLog - ok
20:52:29.0006 0x09b0  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
20:52:29.0046 0x09b0  TapiSrv - ok
20:52:29.0086 0x09b0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:52:29.0126 0x09b0  Tcpip - ok
20:52:29.0147 0x09b0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:52:29.0157 0x09b0  TDPIPE - ok
20:52:29.0177 0x09b0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
20:52:29.0197 0x09b0  TDTCP - ok
20:52:29.0217 0x09b0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:52:29.0237 0x09b0  TermDD - ok
20:52:29.0287 0x09b0  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService    C:\WINDOWS\System32\termsrv.dll
20:52:29.0327 0x09b0  TermService - ok
20:52:29.0367 0x09b0  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:52:29.0377 0x09b0  Themes - ok
20:52:29.0407 0x09b0  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr        C:\WINDOWS\System32\tlntsvr.exe
20:52:29.0437 0x09b0  TlntSvr - ok
20:52:29.0457 0x09b0  TosIde - ok
20:52:29.0477 0x09b0  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:52:29.0517 0x09b0  TrkWks - ok
20:52:29.0547 0x09b0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:52:29.0567 0x09b0  Udfs - ok
20:52:29.0607 0x09b0  ultra - ok
20:52:29.0647 0x09b0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:52:29.0697 0x09b0  Update - ok
20:52:29.0737 0x09b0  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:52:29.0787 0x09b0  upnphost - ok
20:52:29.0807 0x09b0  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS            C:\WINDOWS\System32\ups.exe
20:52:29.0827 0x09b0  UPS - ok
20:52:29.0858 0x09b0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:52:29.0868 0x09b0  usbccgp - ok
20:52:29.0888 0x09b0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:52:29.0908 0x09b0  usbehci - ok
20:52:29.0928 0x09b0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:52:29.0948 0x09b0  usbhub - ok
20:52:29.0968 0x09b0  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:52:29.0978 0x09b0  usbohci - ok
20:52:30.0008 0x09b0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:52:30.0018 0x09b0  USBSTOR - ok
20:52:30.0038 0x09b0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:52:30.0048 0x09b0  usbuhci - ok
20:52:30.0068 0x09b0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
20:52:30.0088 0x09b0  VgaSave - ok
20:52:30.0098 0x09b0  ViaIde - ok
20:52:30.0128 0x09b0  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
20:52:30.0148 0x09b0  VolSnap - ok
20:52:30.0198 0x09b0  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS            C:\WINDOWS\System32\vssvc.exe
20:52:30.0268 0x09b0  VSS - ok
20:52:30.0308 0x09b0  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time        C:\WINDOWS\System32\w32time.dll
20:52:30.0338 0x09b0  W32Time - ok
20:52:30.0358 0x09b0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:52:30.0378 0x09b0  Wanarp - ok
20:52:30.0398 0x09b0  WDICA - ok
20:52:30.0428 0x09b0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:52:30.0448 0x09b0  wdmaud - ok
20:52:30.0478 0x09b0  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient      C:\WINDOWS\System32\webclnt.dll
20:52:30.0498 0x09b0  WebClient - ok
20:52:30.0549 0x09b0  [ 3085330815CB14FC740053B610F8A1D3, BD43371B5600986CC9F8453CE8886526428D0CAAB345E82D3EA3315F1948EA9A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:52:30.0609 0x09b0  winachsf - ok
20:52:30.0659 0x09b0  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
20:52:30.0699 0x09b0  winmgmt - ok
20:52:30.0739 0x09b0  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:52:30.0769 0x09b0  WmdmPmSN - ok
20:52:30.0829 0x09b0  [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi            C:\WINDOWS\System32\advapi32.dll
20:52:30.0859 0x09b0  Wmi - ok
20:52:30.0899 0x09b0  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:52:30.0939 0x09b0  WmiApSrv - ok
20:52:31.0019 0x09b0  [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
20:52:31.0169 0x09b0  WMPNetworkSvc - ok
20:52:31.0199 0x09b0  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:52:31.0219 0x09b0  WpdUsb - ok
20:52:31.0350 0x09b0  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:52:31.0470 0x09b0  WPFFontCache_v0400 - ok
20:52:31.0490 0x09b0  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:52:31.0520 0x09b0  wscsvc - ok
20:52:31.0530 0x09b0  WSearch - ok
20:52:31.0560 0x09b0  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:52:31.0570 0x09b0  wuauserv - ok
20:52:31.0590 0x09b0  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:52:31.0620 0x09b0  WudfPf - ok
20:52:31.0640 0x09b0  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:52:31.0670 0x09b0  WudfRd - ok
20:52:31.0700 0x09b0  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
20:52:31.0720 0x09b0  WudfSvc - ok
20:52:31.0780 0x09b0  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:52:31.0820 0x09b0  WZCSVC - ok
20:52:31.0850 0x09b0  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
20:52:31.0900 0x09b0  xmlprov - ok
20:52:31.0921 0x09b0  ================ Scan global ===============================
20:52:31.0951 0x09b0  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
20:52:32.0001 0x09b0  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
20:52:32.0111 0x09b0  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
20:52:32.0171 0x09b0  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
20:52:32.0171 0x09b0  [ Global ] - ok
20:52:32.0181 0x09b0  ================ Scan MBR ==================================
20:52:32.0191 0x09b0  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:52:32.0642 0x09b0  \Device\Harddisk0\DR0 - ok
20:52:32.0642 0x09b0  ================ Scan VBR ==================================
20:52:32.0652 0x09b0  [ BFBA8CB8B959E159D835C23067E4BBAB ] \Device\Harddisk0\DR0\Partition1
20:52:32.0662 0x09b0  \Device\Harddisk0\DR0\Partition1 - ok
20:52:32.0672 0x09b0  [ 36F13E87439F5EAC4D94E3ADB1245ADF ] \Device\Harddisk0\DR0\Partition2
20:52:32.0672 0x09b0  \Device\Harddisk0\DR0\Partition2 - ok
20:52:32.0682 0x09b0  ================ Scan generic autorun ======================
20:52:32.0712 0x09b0  [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
20:52:32.0722 0x09b0  ATIModeChange - ok
20:52:32.0762 0x09b0  [ B320608941EF15D28C2785F3977129F7, EC46AF54D4ED054194F8581E5CD5E36B862D3AF4F77A36E3FAF1F673BCE1B085 ] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
20:52:32.0802 0x09b0  ATIPTA - ok
20:52:32.0832 0x09b0  [ A0B4823C28AD825728550796042C68A4, 1FCA79ADCE89E37D85FC1BF23BC56C2B5150C417513E4ED1A7EC1AA94095DE7E ] C:\Programme\Apoint\Apoint.exe
20:52:32.0862 0x09b0  Apoint - ok
20:52:32.0932 0x09b0  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
20:52:33.0002 0x09b0  avgnt - ok
20:52:33.0022 0x09b0  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\System32\CTFMON.EXE
20:52:33.0032 0x09b0  CTFMON.EXE - ok
20:52:33.0052 0x09b0  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\System32\CTFMON.EXE
20:52:33.0052 0x09b0  CTFMON.EXE - ok
20:52:33.0072 0x09b0  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
20:52:33.0072 0x09b0  CTFMON.EXE - ok
20:52:33.0082 0x09b0  Waiting for KSN requests completion. In queue: 185
20:52:34.0084 0x09b0  Waiting for KSN requests completion. In queue: 185
20:52:35.0085 0x09b0  Waiting for KSN requests completion. In queue: 185
20:52:36.0197 0x09b0  AV detected via SS1: Avira Desktop, 14.0.6.522, enabled, updated
20:52:36.0207 0x09b0  Win FW state via NFM: enabled
20:52:38.0750 0x09b0  ============================================================
20:52:38.0750 0x09b0  Scan finished
20:52:38.0750 0x09b0  ============================================================
20:52:38.0760 0x09a0  Detected object count: 0
20:52:38.0770 0x09a0  Actual detected object count: 0
Ich habe nichts weiter über diesen Trojaner finden können, was war er im Stande zu leisten?
MfG fox

schrauber 15.09.2014 14:25
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

foxproducts 16.09.2014 05:40
Guten morgen,

ich habe gestern Abend mehrmals probiert Combofix auszuführen, ohne Erfolg. Es wurde angemeckert das keine Windows Wiederherstellungskonsole vorhanden ist, ob diese automatisch heruntergeladen werden soll. Beim erstan mal habe ich das nicht gemacht, da passierte im Fenster "Scanvorgang" nichts weiter, anfänglich war noch Festplattenaktivität vorhanden, nach einigen Minuten dann nicht mehr. Das gleiche auch nach dem herunterladen der Wiederherstellungskonsole. Probiert habe ich das 3 mal, der Rechner und die Maus wurden in der Zeit nicht verwendet.
MfG

schrauber 16.09.2014 19:36
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

foxproducts 17.09.2014 15:49
Malwarebytes log
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.09.2014
Suchlauf-Zeit: 15:53:20
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.17.04
Rootkit Datenbank: v2014.09.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: fox

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 277640
Verstrichene Zeit: 9 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32, In Quarantäne, [25930de186f559ddf5ff1b067193ec14],

Registrierungswerte: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath, "C:\WINDOWS\Installer\{76ABAD85-40E8-8172-A6C8-8680866857CF}\syshost.exe" /service, In Quarantäne, [25930de186f559ddf5ff1b067193ec14]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
Trojan.Agent, C:\WINDOWS\Installer\{76ABAD85-40E8-8172-A6C8-8680866857CF}\syshost.exe, In Quarantäne, [25930de186f559ddf5ff1b067193ec14],

Physische Sektoren: 0
(No malicious items detected)


(end)
Adwarecleaner log
Code:
# AdwCleaner v3.310 - Bericht erstellt am 17/09/2014 um 16:20:06
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : fox - FOXPRODUCTS
# Gestartet von : C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1055 octets] - [17/09/2014 16:18:02]
AdwCleaner[S0].txt - [978 octets] - [17/09/2014 16:20:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1037 octets] ##########
JRT Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Microsoft Windows XP x86
Ran by fox on 17.09.2014 at 16:24:56,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Dokumente und Einstellungen\fox\Anwendungsdaten\mozilla\firefox\profiles\yamjmeqe.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.0.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Dokumente und Einstellungen\\\\fox\\
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147c00b481d62-020503a65ba59b8-7c6f1635-0-147c00b481e18\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1411081962");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"926b06cdf3e45aa01dd6109e2cc347f69dec783d\"");
user_pref("extensions.safesearch.SAUTH_userid", "4238549224");
user_pref("extensions.safesearch.SAUTH_utoken", "\"d964dca292de8abb70d02d8437c110190d90aef0\"");
user_pref("extensions.safesearch.install", "1407676270650");
user_pref("extensions.safesearch@avira.com.install-event-fired", true);





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.09.2014 at 16:31:15,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by fox (administrator) on FOXPRODUCTS on 17-09-2014 16:43:32
Running from C:\Dokumente und Einstellungen\fox\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\ApntEx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corp.) C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Programme\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2001-09-04] (ATI Technologies, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [315392 2003-01-24] (ATI Technologies, Inc.)
HKLM\...\Run: [Apoint] => C:\Programme\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-854245398-492894223-2147318819-1003\...\MountPoints2: {951ebdc0-b269-11e3-8139-00065bb877a3} - E:\AutoRun.exe
HKU\S-1-5-21-854245398-492894223-2147318819-1003\...\MountPoints2: {951ebdc3-b269-11e3-8139-00065bb877a3} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\abs@avira.com [2014-09-07]
FF Extension: Avira SafeSearch - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\safesearch@avira.com [2014-08-10]
FF Extension: Cliqz Beta - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\Extensions\cliqz@cliqz.com.xpi [2014-09-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-22]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Dokumente und Einstellungen\fox\Anwendungsdaten\Mozilla\Firefox\Profiles\yamjmeqe.default\extensions\cliqz@cliqz.com

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [151552 2003-01-20] () [File not signed]
R2 BingDesktopUpdate; C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-14] (Mozilla Foundation)
S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-10-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 ApfiltrService; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [108791 2004-11-16] (Alps Electric Co., Ltd.) [File not signed]
R3 ASAPIW2k; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [569984 2003-01-20] (ATI Technologies Inc.) [File not signed]
R3 cs429x; C:\WINDOWS\System32\drivers\cwawdm.sys [89088 2002-08-08] (Cirrus Logic, Inc.) [File not signed]
R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [73827 2002-04-05] (3Com Corporation) [File not signed]
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [159236 2002-07-15] (Conexant Systems) [File not signed]
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1174128 2002-07-15] (Conexant Systems) [File not signed]
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-01-28] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-17] (Malwarebytes Corporation)
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [9855 2001-10-22] (Conexant) [File not signed]
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [602480 2002-07-15] (Conexant Systems) [File not signed]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:31 - 2014-09-17 16:31 - 00001559 _____ () C:\Dokumente und Einstellungen\fox\Desktop\JRT.txt
2014-09-17 16:24 - 2014-09-17 16:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-17 16:24 - 2014-09-17 16:18 - 00001055 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner[R0].txt
2014-09-17 16:21 - 2014-09-17 16:21 - 00001117 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner[S0].txt
2014-09-17 16:17 - 2014-09-17 16:20 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:16 - 2014-09-17 16:16 - 00001529 _____ () C:\Dokumente und Einstellungen\fox\Desktop\mbam.txt
2014-09-17 15:52 - 2014-09-17 16:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 15:51 - 2014-09-17 15:51 - 00000755 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-09-17 15:51 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-17 15:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-17 15:50 - 2014-09-17 15:50 - 00002083 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Anleitung.txt
2014-09-17 15:49 - 2014-09-17 15:49 - 01016035 _____ (Thisisu) C:\Dokumente und Einstellungen\fox\Desktop\JRT.exe
2014-09-17 15:48 - 2014-09-17 15:48 - 01373475 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner_3.310.exe
2014-09-16 20:14 - 2013-06-28 21:01 - 00320512 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Prozessoren_alt.xls
2014-09-16 20:14 - 2013-06-13 20:54 - 00189440 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Prozessoren.xls
2014-09-15 23:16 - 2014-09-15 21:06 - 00000222 _____ () C:\Boot.bak
2014-09-15 23:15 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-09-15 23:14 - 2014-09-15 23:16 - 00000000 _RSHD () C:\cmdcons
2014-09-15 23:13 - 2014-09-15 23:20 - 00000000 ___SD () C:\ComboFix
2014-09-15 21:34 - 2014-09-15 21:34 - 00000000 ____D () C:\OETemp
2014-09-15 19:34 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-15 19:34 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-15 19:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-15 19:34 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-15 19:22 - 2014-09-15 19:34 - 00000000 ____D () C:\Qoobox
2014-09-15 19:21 - 2014-09-15 19:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-15 19:15 - 2014-09-15 19:16 - 05579386 ____R (Swearware) C:\Dokumente und Einstellungen\fox\Desktop\ComboFix.exe
2014-09-14 20:48 - 2014-09-14 20:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-14 16:51 - 2014-09-14 16:52 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-09-14 16:24 - 2014-09-14 16:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\fox\Desktop\tdsskiller.exe
2014-09-13 22:41 - 2014-09-13 22:41 - 00042054 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Addition.txt
2014-09-13 22:40 - 2014-09-17 16:43 - 00010004 _____ () C:\Dokumente und Einstellungen\fox\Desktop\FRST.txt
2014-09-13 22:40 - 2014-09-17 16:43 - 00000000 ____D () C:\FRST
2014-09-13 22:39 - 2014-09-13 22:39 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\fox\Desktop\FRST.exe
2014-09-13 13:49 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-09-13 13:49 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-09-09 22:13 - 2014-09-09 22:13 - 00000037 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Fernseher.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:43 - 2014-09-13 22:40 - 00010004 _____ () C:\Dokumente und Einstellungen\fox\Desktop\FRST.txt
2014-09-17 16:43 - 2014-09-13 22:40 - 00000000 ____D () C:\FRST
2014-09-17 16:43 - 2013-05-20 23:00 - 00000000 ____D () C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp
2014-09-17 16:41 - 2013-05-21 07:24 - 01253923 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-17 16:41 - 2002-09-11 17:24 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-17 16:40 - 2014-03-30 19:45 - 00000218 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job
2014-09-17 16:40 - 2013-05-20 23:00 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-17 16:40 - 2013-05-20 23:00 - 00000190 ___SH () C:\Dokumente und Einstellungen\fox\ntuser.ini
2014-09-17 16:40 - 2013-05-20 22:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-17 16:31 - 2014-09-17 16:31 - 00001559 _____ () C:\Dokumente und Einstellungen\fox\Desktop\JRT.txt
2014-09-17 16:24 - 2014-09-17 16:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-17 16:21 - 2014-09-17 16:21 - 00001117 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner[S0].txt
2014-09-17 16:20 - 2014-09-17 16:17 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:18 - 2014-09-17 16:24 - 00001055 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner[R0].txt
2014-09-17 16:16 - 2014-09-17 16:16 - 00001529 _____ () C:\Dokumente und Einstellungen\fox\Desktop\mbam.txt
2014-09-17 16:03 - 2014-09-17 15:52 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 16:03 - 2013-05-21 00:43 - 00000000 ____D () C:\WINDOWS\java
2014-09-17 15:51 - 2014-09-17 15:51 - 00000755 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-09-17 15:51 - 2013-05-20 23:49 - 00000000 ____D () C:\Programme
2014-09-17 15:51 - 2013-05-20 23:48 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-09-17 15:50 - 2014-09-17 15:50 - 00002083 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Anleitung.txt
2014-09-17 15:49 - 2014-09-17 15:49 - 01016035 _____ (Thisisu) C:\Dokumente und Einstellungen\fox\Desktop\JRT.exe
2014-09-17 15:48 - 2014-09-17 15:48 - 01373475 _____ () C:\Dokumente und Einstellungen\fox\Desktop\AdwCleaner_3.310.exe
2014-09-16 20:08 - 2013-05-21 10:48 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-15 23:20 - 2014-09-15 23:13 - 00000000 ___SD () C:\ComboFix
2014-09-15 23:16 - 2014-09-15 23:14 - 00000000 _RSHD () C:\cmdcons
2014-09-15 23:16 - 2013-05-21 00:47 - 00000338 __RSH () C:\boot.ini
2014-09-15 21:35 - 2014-08-10 15:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2014-09-15 21:35 - 2014-08-10 15:05 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-09-15 21:34 - 2014-09-15 21:34 - 00000000 ____D () C:\OETemp
2014-09-15 21:33 - 2013-07-20 09:38 - 00131638 _____ () C:\WINDOWS\setupapi.log
2014-09-15 21:12 - 2013-05-20 23:49 - 01186752 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 21:06 - 2014-09-15 23:16 - 00000222 _____ () C:\Boot.bak
2014-09-15 21:06 - 2013-05-20 23:00 - 00000000 ____D () C:\Dokumente und Einstellungen\fox
2014-09-15 21:06 - 2002-09-11 17:22 - 00000517 _____ () C:\WINDOWS\win.ini
2014-09-15 21:06 - 2002-09-11 17:19 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-15 19:34 - 2014-09-15 19:22 - 00000000 ____D () C:\Qoobox
2014-09-15 19:27 - 2013-05-20 22:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-15 19:21 - 2014-09-15 19:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-15 19:16 - 2014-09-15 19:15 - 05579386 ____R (Swearware) C:\Dokumente und Einstellungen\fox\Desktop\ComboFix.exe
2014-09-14 21:06 - 2013-08-27 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-14 21:03 - 2013-05-21 08:52 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-14 20:49 - 2013-05-21 10:32 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-09-14 20:48 - 2014-09-14 20:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-14 16:52 - 2014-09-14 16:51 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-09-14 16:40 - 2014-01-26 21:34 - 00000000 ____D () C:\Dokumente und Einstellungen\fox\Eigene Dateien\Backup
2014-09-14 16:40 - 2013-05-22 18:12 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-09-14 16:24 - 2014-09-14 16:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\fox\Desktop\tdsskiller.exe
2014-09-13 22:41 - 2014-09-13 22:41 - 00042054 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Addition.txt
2014-09-13 22:39 - 2014-09-13 22:39 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\fox\Desktop\FRST.exe
2014-09-13 13:26 - 2014-08-10 16:27 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-09-13 13:00 - 2013-05-20 23:00 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-09-13 12:32 - 2013-05-20 22:53 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-10 21:21 - 2014-08-10 17:28 - 00302778 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2014-09-09 22:13 - 2014-09-09 22:13 - 00000037 _____ () C:\Dokumente und Einstellungen\fox\Desktop\Fernseher.txt
2014-09-03 22:29 - 2014-08-10 17:28 - 00302778 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-854245398-492894223-2147318819-1003-0.dat
2014-08-29 22:29 - 2013-05-23 16:28 - 00000000 ____D () C:\Dokumente und Einstellungen\fox\Anwendungsdaten\vlc
2014-08-29 21:56 - 2013-05-20 23:00 - 00000000 ___HD () C:\Dokumente und Einstellungen\fox\Netzwerkumgebung

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\avgnt.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\DataCard_Setup.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\fox\Lokale Einstellungen\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

schrauber 17.09.2014 20:44

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

foxproducts 17.09.2014 23:21
ESET Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5727eb805dde66418003379857575be9
# engine=20202
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-17 10:07:28
# local_time=2014-09-18 12:07:28 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=73859
# found=1
# cleaned=1
# scan_time=1924
sh=DB97AEDAC707E6FBFC2D7D69D18A8135FD786AB4 ft=1 fh=d71fcb223b173b4f vn="Variante von Win32/Rootkit.Kryptik.ZI Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\TDSSKiller_Quarantine\14.09.2014_20.45.59\necurs0000\svc0000\tsk0000.dta"
Security Check Log
Code:
Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 3 x86 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Warten Sie, w„hrend WMIC installiert wird.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        11.8.800.168 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (32.0.1)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````
FRSTLog
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by fox (administrator) on FOXPRODUCTS on 18-09-2014 00:18:10
Running from C:\Dokumente und Einstellungen\fox\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Programme\Apoint\ApntEx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corp.) C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Programme\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
PS: FRST stürzt ständig ab und bei ESET wurde auch wieder etwas gefunden. Ist es nicht sinnvoller das System neu aufzusetzten?
MfG

schrauber 18.09.2014 14:00
ESET hat doch nur den Fund gemacht der schon lange in Quarantäne is. Neuaufsetzen ist 100%, das bereinigen hier nur 99,99999% ;)

FRST löschen und neu laden.

schrauber 18.09.2014 14:00
Ergänzung:

wer mit so einem alten System unterwegs is sollte eh neuaufsetzen, auf Win 7 oder 8 :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131