Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam (https://www.trojaner-board.de/115403-avira-meldet-exp-java-ternub-gen-yahoo-account-verschickt-spam.html)

Ruppi 19.05.2012 08:22
Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam
 
Hallo,
bei einem vollständigen Suchlauf meldet Avira AntiVir (Version 10.2.0.707) folgenden Fund:

Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

Habe diese dann in Quarantäne verschoben

Mir war zuvor aufgefallen, dass mein Yahoo Mail Account Spam verschickt hat. Habe dann mein Kennwort geändert. Kurze Zeit später wurde aber schon wieder Spam von dort verschickt.

Nun habe ich noch einen Vollscan mit zuvor aktualisiertem Malewarebytes gemacht: kein Fund!

Rechner scheint sich wieder normal zu verhalten.

Muß ich noch was machen?

Danke für jeden Tip!


Hier der Scan von Malewarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [Administrator]

19.05.2012 04:33:07
mbam-log-2012-05-19 (04-33-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419545
Laufzeit: 1 Stunde(n), 19 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


------

Anbei noch der Scan von Avira, bei dem zuvor der Exploit entdeckt wurde:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 18. Mai 2012 23:15

Es wird nach 3716013 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MICHAEL-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 14.07.2011 09:44:50
AVSCAN.DLL : 10.0.5.0 57192 Bytes 14.07.2011 09:44:50
LUKE.DLL : 10.3.0.5 45416 Bytes 14.07.2011 09:44:54
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:48
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 14.07.2011 09:44:54
AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 09:44:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:46:59
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:55:18
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:51:43
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 11:46:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:09:22
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:32:01
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:32:01
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:32:01
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:32:01
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:32:01
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:32:01
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:32:01
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:32:01
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:32:01
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:43:17
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 21:15:30
VBASE016.VDF : 7.11.30.70 2048 Bytes 17.05.2012 21:15:30
VBASE017.VDF : 7.11.30.71 2048 Bytes 17.05.2012 21:15:30
VBASE018.VDF : 7.11.30.72 2048 Bytes 17.05.2012 21:15:30
VBASE019.VDF : 7.11.30.73 2048 Bytes 17.05.2012 21:15:30
VBASE020.VDF : 7.11.30.74 2048 Bytes 17.05.2012 21:15:30
VBASE021.VDF : 7.11.30.75 2048 Bytes 17.05.2012 21:15:30
VBASE022.VDF : 7.11.30.76 2048 Bytes 17.05.2012 21:15:30
VBASE023.VDF : 7.11.30.77 2048 Bytes 17.05.2012 21:15:30
VBASE024.VDF : 7.11.30.78 2048 Bytes 17.05.2012 21:15:30
VBASE025.VDF : 7.11.30.79 2048 Bytes 17.05.2012 21:15:30
VBASE026.VDF : 7.11.30.80 2048 Bytes 17.05.2012 21:15:30
VBASE027.VDF : 7.11.30.81 2048 Bytes 17.05.2012 21:15:30
VBASE028.VDF : 7.11.30.82 2048 Bytes 17.05.2012 21:15:30
VBASE029.VDF : 7.11.30.83 2048 Bytes 17.05.2012 21:15:30
VBASE030.VDF : 7.11.30.84 2048 Bytes 17.05.2012 21:15:30
VBASE031.VDF : 7.11.30.120 109056 Bytes 18.05.2012 21:15:30
Engineversion : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 27.10.2011 20:11:56
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 12.05.2012 19:32:04
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:46:45
AESBX.DLL : 8.2.5.5 606579 Bytes 13.03.2012 10:12:02
AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 09:29:52
AEPACK.DLL : 8.2.16.13 807287 Bytes 12.05.2012 19:32:04
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 28.04.2012 20:45:03
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 18.05.2012 21:15:31
AEHELP.DLL : 8.1.21.0 254326 Bytes 12.05.2012 19:32:03
AEGEN.DLL : 8.1.5.28 422260 Bytes 28.04.2012 20:45:02
AEEXP.DLL : 8.1.0.40 82292 Bytes 18.05.2012 21:15:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 25.11.2010 10:00:31
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 11:45:27
AEBB.DLL : 8.1.1.0 53618 Bytes 10.09.2010 18:48:35
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:12
AVPREF.DLL : 10.0.3.2 44904 Bytes 14.07.2011 09:44:50
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 08:05:30
AVARKT.DLL : 10.0.26.1 255336 Bytes 14.07.2011 09:44:48
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 14.07.2011 09:44:49
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:54
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:56
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 14.07.2011 09:44:44
RCTEXT.DLL : 10.0.64.0 98664 Bytes 14.07.2011 09:44:44

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 18. Mai 2012 23:15

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_2_202_235_ActiveX.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '190' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSCamS32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '598' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395
[0] Archivtyp: ZIP
--> Sony.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49ff5ac4.qua' verschoben!


Ende des Suchlaufs: Samstag, 19. Mai 2012 03:43
Benötigte Zeit: 1:32:49 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26880 Verzeichnisse wurden überprüft
409967 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
409966 Dateien ohne Befall
4506 Archive wurden durchsucht
0 Warnungen
1 Hinweise
685650 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Der Klarkeit halber sollte ich vielleicht noch dazu sagen, dass der Avira Report von dem Zeitpunkt stammt, wo der Exploit gefunden wurde.
Dann wurde er in Quarantäne verschoben.
Danach habe ich den Malewarebites Scan gemacht.

Ich hoffe, so ist es besser verständlich.

cosinus 21.05.2012 12:13
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Ruppi 21.05.2012 15:26
Also erst mal vien herzlichen Dank für Deine Antwort!
Gerne poste ich den letzten scan mit Malewarebytes, der ist allerdings leider schon ewig her:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4404

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

07.08.2010 22:23:41
mbam-log-2010-08-07 (22-23-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 261187
Laufzeit: 44 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 21.05.2012 15:34
Hat MBAM nie was gefunden?

Ruppi 21.05.2012 16:58
Nein, kein Fund mit Malewarebytes, wahrscheinlich weil Avira vorher schon aufgeräumt hat.

cosinus 21.05.2012 18:37
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ruppi 21.05.2012 23:46
Hallo,

da stand dann nur folgendes:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Darüber hinaus war ESET folgenden 8 Dateien gegenüber skeptisch:
Code:
C:\Program Files\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.dll        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.exe        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll        probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll        probably a variant of Win32/Toolbar.Widgi application
C:\Users\Michael\Setup_FreeVideoConverter.exe        Win32/Toolbar.Widgi application

cosinus 22.05.2012 12:39
Ist nur Toolbar-Müll aber keine Malware

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ruppi 22.05.2012 12:55
Zitat:
Zitat von cosinus (Beitrag 831956)
Ist nur Toolbar-Müll aber keine Malware

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
Soweit ich das mit meinen bescheidenen Fähigkeiten feststellen kann, ja.

Zitat:
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Da ist soweit alles drin. Der einzige leere Ordner ist der "Autostart"

cosinus 22.05.2012 13:21
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Ruppi 22.05.2012 16:15
Vielen Dank!
Anbei das OTL file:

OTL Logfile:
Code:
OTL logfile created on: 22.05.2012 16:45:58 - Run 3
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Michael
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,43% Memory free
4,24 Gb Paging File | 3,15 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 125,07 Gb Free Space | 41,23% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ZSTATUS.EXE (Zenographics)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Michael\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 99 3E AB BD AD CC 01  [binary data]
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes,DefaultScope = {57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{16E302D2-038D-4FCF-A19E-0C049AA00C59}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-proxy.t-online.de:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.18 03:03:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.18 03:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 04:20:42 | 000,000,000 | ---D | M]
 
[2009.06.11 12:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions
[2010.01.09 12:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.17 17:35:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 03:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.16 11:07:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 23:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.18 13:38:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.19 18:09:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 22:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.05.19 03:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2008.11.03 01:25:00 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2009.06.11 12:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.18 03:03:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009.06.11 12:08:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.06.11 12:08:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.06.11 12:08:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.06.11 12:08:56 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.06.11 12:08:56 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.02 01:16:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([brokerage] https in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: luderworld.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: salsa-munich.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: vcn-online.de ([www] http in Trusted sites)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A21D5781-2D3B-4B48-8C3F-A4944A5F8470}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2906CF-BD49-4D04-ADB1-B42889BB7389}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-Mail - Verknüpfung.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet - Verknüpfung.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 16:42:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\OTL.exe
[2012.05.22 11:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.05.21 21:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.19 04:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.19 04:27:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.19 04:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.19 04:19:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.17 17:35:14 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.17 17:35:09 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.17 17:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.05.17 17:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.05.17 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.09 14:09:32 | 000,894,976 | ---- | C] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 16:42:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\OTL.exe
[2012.05.22 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:08:03 | 000,176,582 | ---- | M] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf
[2012.05.22 11:06:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.19 04:27:07 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.19 04:20:42 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.17 23:07:22 | 000,000,099 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\default.pls
[2012.05.17 17:35:16 | 000,000,998 | ---- | M] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.17 17:35:15 | 000,001,061 | ---- | M] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk
[2012.05.11 11:58:31 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.11 10:40:01 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.11 10:40:01 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.11 10:40:01 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.11 10:40:01 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.09 14:09:32 | 000,894,976 | ---- | M] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe
[2012.04.23 18:06:01 | 000,002,032 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 11:08:03 | 000,176,582 | ---- | C] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf
[2012.05.19 04:27:07 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.19 04:20:11 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.05.19 04:20:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.17 17:35:16 | 000,000,998 | ---- | C] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.17 17:35:15 | 000,001,061 | ---- | C] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk
[2011.05.10 21:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.10 21:24:27 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.08.25 13:39:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.16 02:42:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.16 02:40:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.16 02:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.02 01:07:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.02 01:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.02 01:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.02 01:07:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.02 01:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
 
========== LOP Check ==========
 
[2010.10.15 23:55:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canon
[2010.09.07 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Gast2\AppData\Roaming\Canon
[2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence
[2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv
[2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy
[2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
[2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft
[2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online
[2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard
[2012.05.22 01:10:31 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.03.27 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe
[2009.06.20 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ahead
[2010.04.18 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ArcSoft
[2011.05.10 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ATI
[2010.09.10 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Avira
[2009.06.29 17:48:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVS4YOU
[2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence
[2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010.01.12 13:00:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dvdcss
[2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv
[2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy
[2008.03.03 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hewlett-Packard
[2008.01.30 13:27:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities
[2008.03.02 02:34:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2010.05.20 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2008.06.23 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Player Classic
[2012.02.01 12:56:27 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2009.11.19 03:15:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mIRC
[2009.06.11 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
[2008.04.04 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nero
[2009.07.03 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NeroDigital™
[2011.01.18 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Real
[2009.10.03 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Skype
[2009.10.03 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\skypePM
[2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft
[2008.03.14 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony Corporation
[2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online
[2008.03.13 13:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Talkback
[2010.10.01 21:52:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vlc
[2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard
[2009.12.07 01:05:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.05.07 15:39:34 | 000,010,134 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe
[2010.05.20 02:45:40 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
[2011.01.18 02:59:52 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe
[2009.12.07 02:02:37 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.12.07 10:55:51 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2011.01.18 02:59:24 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.07.14 15:51:34 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_37a5f048\atapi.sys
[2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20658_none_dbad770d3da236bb\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\ERDNT\cache\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\ERDNT\cache\user32.dll
[2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2007.10.23 12:43:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\ERDNT\cache\winlogon.exe
[2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.10.19 17:59:42 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.10.19 17:59:40 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.10.19 17:59:42 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.10.19 17:59:48 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.10.19 17:59:49 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 22.05.2012 18:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ruppi 28.05.2012 20:10
Sorry, hat etwas gedauert, weil ich verhindert war.
Also jetzt das file:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 758265226 bytes
->Temporary Internet Files folder emptied: 1154302971 bytes
->Java cache emptied: 14937830 bytes
->FireFox cache emptied: 24827121 bytes
->Flash cache emptied: 95084 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 194232 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 387229607 bytes
RecycleBin emptied: 3342084 bytes
 
Total Files Cleaned = 2.235,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Gast2
->Flash cache emptied: 0 bytes
 
User: Michael
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05282012_194950

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 29.05.2012 08:28
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ruppi 30.05.2012 23:14
Anbei das Log:
Code:
00:08:50.0583 5992        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:08:50.0786 5992        ============================================================
00:08:50.0786 5992        Current date / time: 2012/05/31 00:08:50.0786
00:08:50.0786 5992        SystemInfo:
00:08:50.0786 5992       
00:08:50.0786 5992        OS Version: 6.0.6002 ServicePack: 2.0
00:08:50.0786 5992        Product type: Workstation
00:08:50.0786 5992        ComputerName: MICHAEL-PC
00:08:50.0786 5992        UserName: Michael
00:08:50.0786 5992        Windows directory: C:\Windows
00:08:50.0786 5992        System windows directory: C:\Windows
00:08:50.0786 5992        Processor architecture: Intel x86
00:08:50.0786 5992        Number of processors: 4
00:08:50.0786 5992        Page size: 0x1000
00:08:50.0786 5992        Boot type: Normal boot
00:08:50.0786 5992        ============================================================
00:08:51.0458 5992        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:08:51.0489 5992        Drive \Device\Harddisk9\DR9 - Size: 0xF2E80000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:08:51.0489 5992        ============================================================
00:08:51.0489 5992        \Device\Harddisk0\DR0:
00:08:51.0489 5992        MBR partitions:
00:08:51.0489 5992        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800
00:08:51.0489 5992        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
00:08:51.0489 5992        \Device\Harddisk9\DR9:
00:08:51.0489 5992        MBR partitions:
00:08:51.0489 5992        \Device\Harddisk9\DR9\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
00:08:51.0489 5992        ============================================================
00:08:51.0520 5992        C: <-> \Device\Harddisk0\DR0\Partition0
00:08:51.0567 5992        D: <-> \Device\Harddisk0\DR0\Partition1
00:08:51.0567 5992        ============================================================
00:08:51.0567 5992        Initialize success
00:08:51.0567 5992        ============================================================
00:09:55.0458 0400        ============================================================
00:09:55.0458 0400        Scan started
00:09:55.0458 0400        Mode: Manual; SigCheck; TDLFS;
00:09:55.0458 0400        ============================================================
00:09:56.0786 0400        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:09:56.0895 0400        ACPI - ok
00:09:56.0989 0400        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:09:56.0989 0400        AdobeFlashPlayerUpdateSvc - ok
00:09:57.0036 0400        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:09:57.0083 0400        adp94xx - ok
00:09:57.0130 0400        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:09:57.0145 0400        adpahci - ok
00:09:57.0177 0400        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:09:57.0192 0400        adpu160m - ok
00:09:57.0224 0400        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:09:57.0239 0400        adpu320 - ok
00:09:57.0255 0400        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:09:57.0536 0400        AeLookupSvc - ok
00:09:57.0599 0400        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:09:57.0677 0400        AFD - ok
00:09:57.0708 0400        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:09:57.0724 0400        agp440 - ok
00:09:57.0755 0400        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:09:57.0770 0400        aic78xx - ok
00:09:57.0802 0400        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:09:57.0911 0400        ALG - ok
00:09:57.0927 0400        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:09:57.0942 0400        aliide - ok
00:09:57.0974 0400        AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
00:09:58.0052 0400        AMD External Events Utility - ok
00:09:58.0083 0400        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:09:58.0083 0400        amdagp - ok
00:09:58.0099 0400        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:09:58.0114 0400        amdide - ok
00:09:58.0145 0400        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:09:58.0270 0400        AmdK7 - ok
00:09:58.0286 0400        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:09:58.0349 0400        AmdK8 - ok
00:09:58.0567 0400        amdkmdag        (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
00:09:58.0817 0400        amdkmdag - ok
00:09:58.0958 0400        amdkmdap        (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
00:09:59.0005 0400        amdkmdap - ok
00:09:59.0114 0400        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:09:59.0114 0400        AntiVirSchedulerService - ok
00:09:59.0161 0400        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:09:59.0177 0400        AntiVirService - ok
00:09:59.0224 0400        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:09:59.0286 0400        Appinfo - ok
00:09:59.0333 0400        Application Updater (293e66aa529f0fba1aa56340e293a389) C:\Program Files\Application Updater\ApplicationUpdater.exe
00:09:59.0364 0400        Application Updater ( UnsignedFile.Multi.Generic ) - warning
00:09:59.0364 0400        Application Updater - detected UnsignedFile.Multi.Generic (1)
00:09:59.0427 0400        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:09:59.0442 0400        arc - ok
00:09:59.0489 0400        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:09:59.0489 0400        arcsas - ok
00:09:59.0520 0400        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:59.0567 0400        AsyncMac - ok
00:09:59.0599 0400        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:09:59.0614 0400        atapi - ok
00:09:59.0661 0400        AtiHdmiService  (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
00:09:59.0708 0400        AtiHdmiService - ok
00:09:59.0755 0400        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0802 0400        AudioEndpointBuilder - ok
00:09:59.0802 0400        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0817 0400        Audiosrv - ok
00:09:59.0911 0400        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
00:09:59.0911 0400        avgio - ok
00:09:59.0942 0400        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:09:59.0942 0400        avgntflt - ok
00:09:59.0989 0400        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:10:00.0005 0400        avipbb - ok
00:10:00.0052 0400        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:10:00.0099 0400        Beep - ok
00:10:00.0145 0400        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:10:00.0192 0400        BFE - ok
00:10:00.0270 0400        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
00:10:00.0317 0400        BITS - ok
00:10:00.0317 0400        blbdrive - ok
00:10:00.0380 0400        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:10:00.0442 0400        bowser - ok
00:10:00.0474 0400        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:10:00.0505 0400        BrFiltLo - ok
00:10:00.0520 0400        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:10:00.0552 0400        BrFiltUp - ok
00:10:00.0583 0400        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:10:00.0614 0400        Browser - ok
00:10:00.0661 0400        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:10:00.0708 0400        Brserid - ok
00:10:00.0724 0400        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:10:00.0770 0400        BrSerWdm - ok
00:10:00.0786 0400        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:10:00.0817 0400        BrUsbMdm - ok
00:10:00.0833 0400        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:10:00.0895 0400        BrUsbSer - ok
00:10:00.0927 0400        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:10:00.0958 0400        BTHMODEM - ok
00:10:01.0083 0400        catchme - ok
00:10:01.0099 0400        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:10:01.0130 0400        cdfs - ok
00:10:01.0161 0400        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:10:01.0192 0400        cdrom - ok
00:10:01.0239 0400        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:01.0270 0400        CertPropSvc - ok
00:10:01.0317 0400        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:10:01.0349 0400        circlass - ok
00:10:01.0395 0400        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:10:01.0411 0400        CLFS - ok
00:10:01.0474 0400        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:01.0474 0400        clr_optimization_v2.0.50727_32 - ok
00:10:01.0552 0400        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:01.0567 0400        clr_optimization_v4.0.30319_32 - ok
00:10:01.0583 0400        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:10:01.0599 0400        cmdide - ok
00:10:01.0599 0400        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
00:10:01.0614 0400        Compbatt - ok
00:10:01.0614 0400        COMSysApp - ok
00:10:01.0630 0400        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:10:01.0645 0400        crcdisk - ok
00:10:01.0661 0400        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:10:01.0692 0400        Crusoe - ok
00:10:01.0739 0400        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:10:01.0770 0400        CryptSvc - ok
00:10:01.0849 0400        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:01.0911 0400        DcomLaunch - ok
00:10:01.0958 0400        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:10:02.0005 0400        DfsC - ok
00:10:02.0114 0400        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:10:02.0270 0400        DFSR - ok
00:10:02.0645 0400        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:10:02.0677 0400        Dhcp - ok
00:10:02.0724 0400        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:10:02.0739 0400        disk - ok
00:10:02.0786 0400        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:10:02.0817 0400        Dnscache - ok
00:10:02.0849 0400        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:10:02.0880 0400        dot3svc - ok
00:10:02.0911 0400        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:10:02.0958 0400        DPS - ok
00:10:02.0989 0400        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:10:03.0020 0400        drmkaud - ok
00:10:03.0099 0400        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:10:03.0130 0400        DXGKrnl - ok
00:10:03.0161 0400        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:10:03.0255 0400        E1G60 - ok
00:10:03.0349 0400        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:10:03.0380 0400        EapHost - ok
00:10:03.0411 0400        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:10:03.0427 0400        Ecache - ok
00:10:03.0474 0400        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:10:03.0505 0400        ehRecvr - ok
00:10:03.0536 0400        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:10:03.0614 0400        ehSched - ok
00:10:03.0630 0400        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:10:03.0661 0400        ehstart - ok
00:10:03.0724 0400        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
00:10:03.0739 0400        ElbyCDFL - ok
00:10:03.0770 0400        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:10:03.0786 0400        ElbyCDIO - ok
00:10:03.0786 0400        ElbyDelay      (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
00:10:03.0802 0400        ElbyDelay - ok
00:10:03.0833 0400        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:10:03.0864 0400        elxstor - ok
00:10:03.0911 0400        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:10:04.0020 0400        EMDMgmt - ok
00:10:04.0052 0400        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:10:04.0083 0400        EventSystem - ok
00:10:04.0145 0400        ewusbnet        (4b36d96340200512c7974307d0f7d8b3) C:\Windows\system32\DRIVERS\ewusbnet.sys
00:10:04.0177 0400        ewusbnet - ok
00:10:04.0224 0400        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:10:04.0286 0400        exfat - ok
00:10:04.0317 0400        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:10:04.0364 0400        fastfat - ok
00:10:04.0411 0400        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:10:04.0458 0400        fdc - ok
00:10:04.0489 0400        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:10:04.0536 0400        fdPHost - ok
00:10:04.0567 0400        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:10:04.0599 0400        FDResPub - ok
00:10:04.0630 0400        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:10:04.0630 0400        FileInfo - ok
00:10:04.0630 0400        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:10:04.0677 0400        Filetrace - ok
00:10:04.0708 0400        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:10:04.0739 0400        flpydisk - ok
00:10:04.0770 0400        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:10:04.0786 0400        FltMgr - ok
00:10:04.0864 0400        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:10:04.0958 0400        FontCache - ok
00:10:05.0020 0400        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:10:05.0020 0400        FontCache3.0.0.0 - ok
00:10:05.0083 0400        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:10:05.0130 0400        Fs_Rec - ok
00:10:05.0177 0400        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:10:05.0177 0400        gagp30kx - ok
00:10:05.0224 0400        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:10:05.0302 0400        gpsvc - ok
00:10:05.0349 0400        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:10:05.0427 0400        HdAudAddService - ok
00:10:05.0489 0400        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:10:05.0520 0400        HDAudBus - ok
00:10:05.0567 0400        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:10:05.0614 0400        HidBth - ok
00:10:05.0630 0400        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:10:05.0677 0400        HidIr - ok
00:10:05.0692 0400        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:10:05.0724 0400        hidserv - ok
00:10:05.0739 0400        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:10:05.0770 0400        HidUsb - ok
00:10:05.0802 0400        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:10:05.0849 0400        hkmsvc - ok
00:10:05.0895 0400        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:10:05.0942 0400        HpCISSs - ok
00:10:06.0020 0400        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:10:06.0099 0400        HTTP - ok
00:10:06.0161 0400        hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:10:06.0192 0400        hwdatacard - ok
00:10:06.0255 0400        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
00:10:06.0286 0400        hwusbdev - ok
00:10:06.0349 0400        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:10:06.0349 0400        i2omp - ok
00:10:06.0395 0400        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:10:06.0427 0400        i8042prt - ok
00:10:06.0474 0400        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
00:10:06.0505 0400        iaStor - ok
00:10:06.0536 0400        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:10:06.0552 0400        iaStorV - ok
00:10:06.0661 0400        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:10:06.0708 0400        idsvc - ok
00:10:06.0739 0400        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:10:06.0755 0400        iirsp - ok
00:10:06.0802 0400        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:10:06.0833 0400        IKEEXT - ok
00:10:06.0989 0400        IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
00:10:07.0145 0400        IntcAzAudAddService - ok
00:10:07.0286 0400        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:10:07.0302 0400        intelide - ok
00:10:07.0333 0400        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:10:07.0364 0400        intelppm - ok
00:10:07.0411 0400        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:10:07.0458 0400        IPBusEnum - ok
00:10:07.0474 0400        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:07.0505 0400        IpFilterDriver - ok
00:10:07.0536 0400        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:10:07.0599 0400        iphlpsvc - ok
00:10:07.0599 0400        IpInIp - ok
00:10:07.0630 0400        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:10:07.0661 0400        IPMIDRV - ok
00:10:07.0692 0400        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:10:07.0724 0400        IPNAT - ok
00:10:07.0755 0400        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:10:07.0770 0400        IRENUM - ok
00:10:07.0786 0400        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:10:07.0786 0400        isapnp - ok
00:10:07.0833 0400        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:10:07.0849 0400        iScsiPrt - ok
00:10:07.0864 0400        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:10:07.0864 0400        iteatapi - ok
00:10:07.0880 0400        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:10:07.0895 0400        iteraid - ok
00:10:07.0911 0400        JRAID          (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
00:10:07.0958 0400        JRAID - ok
00:10:07.0989 0400        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:10:08.0005 0400        kbdclass - ok
00:10:08.0020 0400        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:10:08.0052 0400        kbdhid - ok
00:10:08.0083 0400        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:08.0145 0400        KeyIso - ok
00:10:08.0177 0400        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:10:08.0208 0400        KSecDD - ok
00:10:08.0255 0400        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:10:08.0302 0400        KtmRm - ok
00:10:08.0349 0400        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:10:08.0411 0400        LanmanServer - ok
00:10:08.0474 0400        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:10:08.0520 0400        LanmanWorkstation - ok
00:10:08.0536 0400        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:10:08.0567 0400        lltdio - ok
00:10:08.0599 0400        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:10:08.0630 0400        lltdsvc - ok
00:10:08.0661 0400        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:10:08.0708 0400        lmhosts - ok
00:10:08.0755 0400        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:10:08.0770 0400        LSI_FC - ok
00:10:08.0786 0400        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:10:08.0786 0400        LSI_SAS - ok
00:10:08.0833 0400        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:10:08.0833 0400        LSI_SCSI - ok
00:10:08.0864 0400        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:10:08.0895 0400        luafv - ok
00:10:08.0958 0400        LVUSBSta        (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
00:10:08.0989 0400        LVUSBSta - ok
00:10:09.0020 0400        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:10:09.0036 0400        Mcx2Svc - ok
00:10:09.0067 0400        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:10:09.0099 0400        megasas - ok
00:10:09.0114 0400        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:09.0145 0400        MMCSS - ok
00:10:09.0145 0400        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:10:09.0192 0400        Modem - ok
00:10:09.0224 0400        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:10:09.0270 0400        monitor - ok
00:10:09.0302 0400        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:10:09.0317 0400        mouclass - ok
00:10:09.0317 0400        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:10:09.0349 0400        mouhid - ok
00:10:09.0364 0400        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:10:09.0380 0400        MountMgr - ok
00:10:09.0411 0400        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:10:09.0427 0400        mpio - ok
00:10:09.0442 0400        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:10:09.0458 0400        mpsdrv - ok
00:10:09.0505 0400        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:10:09.0552 0400        MpsSvc - ok
00:10:09.0567 0400        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:10:09.0583 0400        Mraid35x - ok
00:10:09.0614 0400        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:10:09.0645 0400        MRxDAV - ok
00:10:09.0677 0400        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:09.0724 0400        mrxsmb - ok
00:10:09.0755 0400        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:09.0786 0400        mrxsmb10 - ok
00:10:09.0786 0400        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:09.0802 0400        mrxsmb20 - ok
00:10:09.0817 0400        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:10:09.0833 0400        msahci - ok
00:10:09.0927 0400        MSCamSvc        (641199534871783dd74138fe0bcfdae7) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
00:10:09.0942 0400        MSCamSvc - ok
00:10:09.0958 0400        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:10:09.0974 0400        msdsm - ok
00:10:09.0989 0400        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:10:10.0020 0400        MSDTC - ok
00:10:10.0052 0400        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:10:10.0083 0400        Msfs - ok
00:10:10.0114 0400        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:10:10.0114 0400        msisadrv - ok
00:10:10.0145 0400        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:10:10.0192 0400        MSiSCSI - ok
00:10:10.0192 0400        msiserver - ok
00:10:10.0208 0400        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:10:10.0239 0400        MSKSSRV - ok
00:10:10.0255 0400        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:10.0302 0400        MSPCLOCK - ok
00:10:10.0317 0400        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:10:10.0333 0400        MSPQM - ok
00:10:10.0380 0400        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:10:10.0395 0400        MsRPC - ok
00:10:10.0427 0400        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:10:10.0427 0400        mssmbios - ok
00:10:10.0458 0400        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:10:10.0474 0400        MSTEE - ok
00:10:10.0489 0400        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:10:10.0505 0400        Mup - ok
00:10:10.0536 0400        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:10:10.0583 0400        napagent - ok
00:10:10.0614 0400        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:10:10.0645 0400        NativeWifiP - ok
00:10:10.0708 0400        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:10:10.0755 0400        NDIS - ok
00:10:10.0802 0400        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:10.0833 0400        NdisTapi - ok
00:10:10.0864 0400        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:10.0895 0400        Ndisuio - ok
00:10:10.0895 0400        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:10.0927 0400        NdisWan - ok
00:10:10.0942 0400        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:10:10.0989 0400        NDProxy - ok
00:10:11.0161 0400        Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
00:10:11.0208 0400        Nero BackItUp Scheduler 3 - ok
00:10:11.0270 0400        Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
00:10:11.0302 0400        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:11.0302 0400        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:11.0333 0400        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:10:11.0364 0400        NetBIOS - ok
00:10:11.0395 0400        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:10:11.0427 0400        netbt - ok
00:10:11.0489 0400        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:11.0505 0400        Netlogon - ok
00:10:11.0536 0400        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:10:11.0567 0400        Netman - ok
00:10:11.0614 0400        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:10:11.0692 0400        netprofm - ok
00:10:11.0770 0400        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:11.0786 0400        NetTcpPortSharing - ok
00:10:11.0817 0400        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:10:11.0817 0400        nfrd960 - ok
00:10:11.0849 0400        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:10:11.0895 0400        NlaSvc - ok
00:10:12.0020 0400        NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
00:10:12.0067 0400        NMIndexingService - ok
00:10:12.0099 0400        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:10:12.0130 0400        Npfs - ok
00:10:12.0177 0400        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:10:12.0208 0400        nsi - ok
00:10:12.0239 0400        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:10:12.0270 0400        nsiproxy - ok
00:10:12.0317 0400        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:10:12.0380 0400        Ntfs - ok
00:10:12.0427 0400        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:10:12.0474 0400        ntrigdigi - ok
00:10:12.0505 0400        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:10:12.0536 0400        Null - ok
00:10:12.0802 0400        nvlddmkm        (e633e4e0e6a65fea569dc2773f1c6d58) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:10:13.0130 0400        nvlddmkm - ok
00:10:13.0255 0400        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:10:13.0270 0400        nvraid - ok
00:10:13.0286 0400        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
00:10:13.0302 0400        nvrd32 - ok
00:10:13.0317 0400        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:10:13.0317 0400        nvstor - ok
00:10:13.0333 0400        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
00:10:13.0349 0400        nvstor32 - ok
00:10:13.0395 0400        nvsvc          (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
00:10:13.0411 0400        nvsvc - ok
00:10:13.0427 0400        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:10:13.0442 0400        nv_agp - ok
00:10:13.0442 0400        NwlnkFlt - ok
00:10:13.0442 0400        NwlnkFwd - ok
00:10:13.0583 0400        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:10:13.0614 0400        odserv - ok
00:10:13.0677 0400        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:10:13.0708 0400        ohci1394 - ok
00:10:13.0755 0400        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:13.0770 0400        ose - ok
00:10:13.0833 0400        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0927 0400        p2pimsvc - ok
00:10:13.0927 0400        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0942 0400        p2psvc - ok
00:10:13.0989 0400        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
00:10:14.0020 0400        Parport - ok
00:10:14.0052 0400        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:10:14.0067 0400        partmgr - ok
00:10:14.0099 0400        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
00:10:14.0145 0400        Parvdm - ok
00:10:14.0177 0400        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:10:14.0239 0400        PcaSvc - ok
00:10:14.0270 0400        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:10:14.0286 0400        pci - ok
00:10:14.0302 0400        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:10:14.0317 0400        pciide - ok
00:10:14.0333 0400        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:10:14.0349 0400        pcmcia - ok
00:10:14.0411 0400        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:10:14.0505 0400        PEAUTH - ok
00:10:14.0552 0400        PID_0928        (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
00:10:14.0567 0400        PID_0928 - ok
00:10:14.0645 0400        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:10:14.0739 0400        pla - ok
00:10:14.0864 0400        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
00:10:14.0880 0400        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
00:10:14.0880 0400        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
00:10:14.0927 0400        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:10:14.0974 0400        PlugPlay - ok
00:10:15.0036 0400        Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
00:10:15.0036 0400        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0036 0400        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0083 0400        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0114 0400        PNRPAutoReg - ok
00:10:15.0130 0400        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0145 0400        PNRPsvc - ok
00:10:15.0208 0400        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:10:15.0286 0400        PolicyAgent - ok
00:10:15.0349 0400        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:15.0364 0400        PptpMiniport - ok
00:10:15.0395 0400        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:10:15.0442 0400        Processor - ok
00:10:15.0474 0400        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:10:15.0505 0400        ProfSvc - ok
00:10:15.0536 0400        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:15.0552 0400        ProtectedStorage - ok
00:10:15.0567 0400        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:10:15.0599 0400        PSched - ok
00:10:15.0661 0400        PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
00:10:15.0677 0400        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0677 0400        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0739 0400        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:10:15.0802 0400        ql2300 - ok
00:10:15.0849 0400        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:10:15.0864 0400        ql40xx - ok
00:10:15.0895 0400        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:10:15.0911 0400        QWAVE - ok
00:10:15.0927 0400        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:10:15.0927 0400        QWAVEdrv - ok
00:10:15.0942 0400        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:15.0989 0400        RasAcd - ok
00:10:16.0005 0400        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:10:16.0052 0400        RasAuto - ok
00:10:16.0067 0400        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:16.0114 0400        Rasl2tp - ok
00:10:16.0145 0400        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:10:16.0177 0400        RasMan - ok
00:10:16.0177 0400        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:16.0208 0400        RasPppoe - ok
00:10:16.0208 0400        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:16.0239 0400        RasSstp - ok
00:10:16.0270 0400        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:16.0302 0400        rdbss - ok
00:10:16.0302 0400        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:16.0333 0400        RDPCDD - ok
00:10:16.0380 0400        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:10:16.0427 0400        rdpdr - ok
00:10:16.0427 0400        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:10:16.0458 0400        RDPENCDD - ok
00:10:16.0505 0400        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:10:16.0567 0400        RDPWD - ok
00:10:16.0599 0400        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:10:16.0645 0400        RemoteAccess - ok
00:10:16.0677 0400        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:10:16.0708 0400        RemoteRegistry - ok
00:10:16.0724 0400        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:10:16.0770 0400        RpcLocator - ok
00:10:16.0802 0400        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:16.0833 0400        RpcSs - ok
00:10:16.0880 0400        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:16.0911 0400        rspndr - ok
00:10:16.0958 0400        RTL8169        (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:10:16.0974 0400        RTL8169 - ok
00:10:17.0005 0400        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:17.0020 0400        SamSs - ok
00:10:17.0052 0400        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:10:17.0067 0400        sbp2port - ok
00:10:17.0099 0400        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:10:17.0130 0400        SCardSvr - ok
00:10:17.0177 0400        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:10:17.0255 0400        Schedule - ok
00:10:17.0286 0400        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:17.0302 0400        SCPolicySvc - ok
00:10:17.0317 0400        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:10:17.0380 0400        SDRSVC - ok
00:10:17.0395 0400        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:10:17.0442 0400        secdrv - ok
00:10:17.0458 0400        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:10:17.0505 0400        seclogon - ok
00:10:17.0536 0400        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
00:10:17.0583 0400        SENS - ok
00:10:17.0614 0400        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
00:10:17.0630 0400        Serenum - ok
00:10:17.0661 0400        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
00:10:17.0692 0400        Serial - ok
00:10:17.0708 0400        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:10:17.0724 0400        sermouse - ok
00:10:17.0755 0400        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:10:17.0802 0400        SessionEnv - ok
00:10:17.0817 0400        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:10:17.0880 0400        sffdisk - ok
00:10:17.0895 0400        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:10:17.0942 0400        sffp_mmc - ok
00:10:17.0974 0400        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:10:18.0005 0400        sffp_sd - ok
00:10:18.0036 0400        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:10:18.0067 0400        sfloppy - ok
00:10:18.0114 0400        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:10:18.0161 0400        SharedAccess - ok
00:10:18.0208 0400        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:10:18.0239 0400        ShellHWDetection - ok
00:10:18.0270 0400        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:10:18.0270 0400        sisagp - ok
00:10:18.0286 0400        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:10:18.0302 0400        SiSRaid2 - ok
00:10:18.0317 0400        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:10:18.0333 0400        SiSRaid4 - ok
00:10:18.0458 0400        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:10:18.0630 0400        slsvc - ok
00:10:18.0739 0400        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:10:18.0755 0400        SLUINotify - ok
00:10:18.0786 0400        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:10:18.0817 0400        Smb - ok
00:10:18.0833 0400        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:10:18.0849 0400        SNMPTRAP - ok
00:10:18.0880 0400        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:10:18.0895 0400        spldr - ok
00:10:18.0927 0400        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:10:18.0974 0400        Spooler - ok
00:10:19.0005 0400        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:10:19.0067 0400        srv - ok
00:10:19.0114 0400        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:10:19.0177 0400        srv2 - ok
00:10:19.0192 0400        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:19.0224 0400        srvnet - ok
00:10:19.0239 0400        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:10:19.0286 0400        SSDPSRV - ok
00:10:19.0317 0400        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:10:19.0317 0400        ssmdrv - ok
00:10:19.0349 0400        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:10:19.0380 0400        SstpSvc - ok
00:10:19.0442 0400        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:10:19.0474 0400        stisvc - ok
00:10:19.0489 0400        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:10:19.0505 0400        swenum - ok
00:10:19.0552 0400        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:10:19.0599 0400        swprv - ok
00:10:19.0614 0400        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:10:19.0630 0400        Symc8xx - ok
00:10:19.0645 0400        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:10:19.0645 0400        Sym_hi - ok
00:10:19.0661 0400        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:10:19.0661 0400        Sym_u3 - ok
00:10:19.0708 0400        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:10:19.0739 0400        SysMain - ok
00:10:19.0755 0400        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:10:19.0786 0400        TabletInputService - ok
00:10:19.0817 0400        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:10:19.0849 0400        TapiSrv - ok
00:10:19.0895 0400        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:10:19.0927 0400        TBS - ok
00:10:19.0989 0400        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:10:20.0020 0400        Tcpip - ok
00:10:20.0036 0400        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:20.0067 0400        Tcpip6 - ok
00:10:20.0099 0400        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:10:20.0161 0400        tcpipreg - ok
00:10:20.0208 0400        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:10:20.0239 0400        TDPIPE - ok
00:10:20.0239 0400        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:10:20.0286 0400        TDTCP - ok
00:10:20.0317 0400        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:10:20.0349 0400        tdx - ok
00:10:20.0364 0400        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:10:20.0380 0400        TermDD - ok
00:10:20.0411 0400        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:10:20.0505 0400        TermService - ok
00:10:20.0567 0400        TestHandler    (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
00:10:20.0583 0400        TestHandler ( UnsignedFile.Multi.Generic ) - warning
00:10:20.0583 0400        TestHandler - detected UnsignedFile.Multi.Generic (1)
00:10:20.0630 0400        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:10:20.0645 0400        Themes - ok
00:10:20.0677 0400        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:20.0692 0400        THREADORDER - ok
00:10:20.0724 0400        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:10:20.0770 0400        TrkWks - ok
00:10:20.0802 0400        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:10:20.0817 0400        TrustedInstaller - ok
00:10:20.0833 0400        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:20.0880 0400        tssecsrv - ok
00:10:20.0911 0400        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:10:20.0942 0400        tunmp - ok
00:10:20.0942 0400        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:20.0974 0400        tunnel - ok
00:10:21.0005 0400        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:10:21.0020 0400        uagp35 - ok
00:10:21.0052 0400        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:10:21.0083 0400        udfs - ok
00:10:21.0114 0400        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:10:21.0130 0400        UI0Detect - ok
00:10:21.0145 0400        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:10:21.0161 0400        uliagpkx - ok
00:10:21.0192 0400        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:10:21.0208 0400        uliahci - ok
00:10:21.0239 0400        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:10:21.0255 0400        UlSata - ok
00:10:21.0270 0400        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:10:21.0286 0400        ulsata2 - ok
00:10:21.0317 0400        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:10:21.0349 0400        umbus - ok
00:10:21.0380 0400        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:10:21.0427 0400        upnphost - ok
00:10:21.0458 0400        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:10:21.0489 0400        usbaudio - ok
00:10:21.0520 0400        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:21.0567 0400        usbccgp - ok
00:10:21.0599 0400        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:10:21.0645 0400        usbcir - ok
00:10:21.0677 0400        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:10:21.0692 0400        usbehci - ok
00:10:21.0708 0400        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:10:21.0739 0400        usbhub - ok
00:10:21.0755 0400        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:10:21.0802 0400        usbohci - ok
00:10:21.0817 0400        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:10:21.0849 0400        usbprint - ok
00:10:21.0880 0400        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:10:21.0911 0400        usbscan - ok
00:10:21.0942 0400        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:21.0974 0400        USBSTOR - ok
00:10:22.0005 0400        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:22.0020 0400        usbuhci - ok
00:10:22.0052 0400        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:10:22.0067 0400        UxSms - ok
00:10:22.0114 0400        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:10:22.0161 0400        vds - ok
00:10:22.0177 0400        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:22.0208 0400        vga - ok
00:10:22.0239 0400        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:10:22.0255 0400        VgaSave - ok
00:10:22.0270 0400        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:10:22.0286 0400        viaagp - ok
00:10:22.0286 0400        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:10:22.0333 0400        ViaC7 - ok
00:10:22.0333 0400        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:10:22.0349 0400        viaide - ok
00:10:22.0364 0400        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
00:10:22.0380 0400        viamraid - ok
00:10:22.0411 0400        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:10:22.0427 0400        volmgr - ok
00:10:22.0458 0400        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:10:22.0489 0400        volmgrx - ok
00:10:22.0520 0400        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:10:22.0536 0400        volsnap - ok
00:10:22.0552 0400        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:10:22.0567 0400        vsmraid - ok
00:10:22.0645 0400        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:10:22.0724 0400        VSS - ok
00:10:22.0817 0400        VX1000          (f4fab0b9d43a65f79fc838c94006f643) C:\Windows\system32\DRIVERS\VX1000.sys
00:10:22.0895 0400        VX1000 - ok
00:10:22.0989 0400        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:10:23.0020 0400        W32Time - ok
00:10:23.0052 0400        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:10:23.0099 0400        WacomPen - ok
00:10:23.0130 0400        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0161 0400        Wanarp - ok
00:10:23.0161 0400        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0177 0400        Wanarpv6 - ok
00:10:23.0208 0400        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:10:23.0239 0400        wcncsvc - ok
00:10:23.0286 0400        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:10:23.0302 0400        WcsPlugInService - ok
00:10:23.0317 0400        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:10:23.0333 0400        Wd - ok
00:10:23.0349 0400        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:10:23.0395 0400        Wdf01000 - ok
00:10:23.0411 0400        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0442 0400        WdiServiceHost - ok
00:10:23.0442 0400        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0458 0400        WdiSystemHost - ok
00:10:23.0505 0400        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:10:23.0520 0400        WebClient - ok
00:10:23.0552 0400        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:10:23.0583 0400        Wecsvc - ok
00:10:23.0599 0400        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:10:23.0614 0400        wercplsupport - ok
00:10:23.0661 0400        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:10:23.0692 0400        WerSvc - ok
00:10:23.0739 0400        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:10:23.0770 0400        WinDefend - ok
00:10:23.0770 0400        WinHttpAutoProxySvc - ok
00:10:23.0833 0400        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:10:23.0849 0400        Winmgmt - ok
00:10:23.0911 0400        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:10:24.0052 0400        WinRM - ok
00:10:24.0083 0400        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:10:24.0161 0400        Wlansvc - ok
00:10:24.0239 0400        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
00:10:24.0286 0400        WmiAcpi - ok
00:10:24.0317 0400        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:10:24.0333 0400        wmiApSrv - ok
00:10:24.0427 0400        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:10:24.0520 0400        WMPNetworkSvc - ok
00:10:24.0567 0400        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:10:24.0599 0400        WPCSvc - ok
00:10:24.0645 0400        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:10:24.0677 0400        WPDBusEnum - ok
00:10:24.0724 0400        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:10:24.0739 0400        WpdUsb - ok
00:10:24.0864 0400        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:10:24.0895 0400        WPFFontCache_v0400 - ok
00:10:24.0927 0400        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:10:24.0974 0400        ws2ifsl - ok
00:10:25.0005 0400        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:10:25.0020 0400        wscsvc - ok
00:10:25.0020 0400        WSearch - ok
00:10:25.0114 0400        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:10:25.0208 0400        wuauserv - ok
00:10:25.0333 0400        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:25.0380 0400        WUDFRd - ok
00:10:25.0395 0400        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:10:25.0411 0400        wudfsvc - ok
00:10:25.0520 0400        YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:10:25.0567 0400        YahooAUService - ok
00:10:25.0614 0400        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:10:25.0864 0400        \Device\Harddisk0\DR0 - ok
00:10:25.0864 0400        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk9\DR9
00:10:26.0036 0400        \Device\Harddisk9\DR9 - ok
00:10:26.0036 0400        Boot (0x1200)  (cf5de9159ffb1cb8eb6b55b583856064) \Device\Harddisk0\DR0\Partition0
00:10:26.0036 0400        \Device\Harddisk0\DR0\Partition0 - ok
00:10:26.0067 0400        Boot (0x1200)  (3753966672eaaec89d81e786665cec99) \Device\Harddisk0\DR0\Partition1
00:10:26.0067 0400        \Device\Harddisk0\DR0\Partition1 - ok
00:10:26.0067 0400        Boot (0x1200)  (33740cb783757988312b885debdb75eb) \Device\Harddisk9\DR9\Partition0
00:10:26.0067 0400        \Device\Harddisk9\DR9\Partition0 - ok
00:10:26.0083 0400        ============================================================
00:10:26.0083 0400        Scan finished
00:10:26.0083 0400        ============================================================
00:10:26.0083 4604        Detected object count: 6
00:10:26.0083 4604        Actual detected object count: 6
00:11:03.0036 4604        Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131