Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? (https://www.trojaner-board.de/115591-s-m-a-r-t-befall-bekomme-diesen-trojaner-meinem-laptop-raus.html)

spigi01 22.05.2012 15:48
S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?
 
Hallo
Ich habe mir letztens offensichtlich einen Trojaner downgeloded:headbang:
Gemäss Anleitung habe ich den defogger auf meinen Desktop gedownloaded und als Administrator ausgeführt (Win7). Nach der Anwahl von "disable" wurde ich zum Bestätigen aufgefordert, worauf dann leider "unable to create log" angezeigt wird. Wie soll ich weiter vorgehen?

Besten Dank für die Mühe

cosinus 23.05.2012 11:05
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

spigi01 23.05.2012 14:55
Ja, ich habe mein Laptop jetzt im abgesicherten Modus mit Netzwerktreibern hochgefahren, aber der defogger reagiert immer noch nicht, d.h. "unable to create log".:confused:

cosinus 23.05.2012 15:00
na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

spigi01 24.05.2012 12:48
Hallo

Es hat etwas lange gedauert, aber ich hoffe, dass ich den Anweisungen richtig gefolgt bin.
Zuerst das malewarelog:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Benutzer :: BENUTZER-PC [Administrator]

Schutz: Aktiviert

23.05.2012 18:55:35
mbam-log-2012-05-24 (10-36-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496016
Laufzeit: 3 Stunde(n), 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\UnXHpXtrAB.exe (Trojan.FakeHDD) -> 2688 -> Keine Aktion durchgeführt.
C:\ProgramData\dEALrSvqaxGNSn.exe (Trojan.FakeHDD) -> 3300 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UnXHpXtrAB.exe (Trojan.FakeHDD) -> Daten: C:\ProgramData\UnXHpXtrAB.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\UnXHpXtrAB.exe (Trojan.FakeHDD) -> Keine Aktion durchgeführt.
C:\ProgramData\dEALrSvqaxGNSn.exe (Trojan.FakeHDD) -> Keine Aktion durchgeführt.
C:\Users\Benutzer\AppData\Local\Temp\aXRgmtVNsIyJee.exe.tmp (Trojan.FakeHDD) -> Keine Aktion durchgeführt.
C:\Users\Benutzer\AppData\Local\Temp\ICReinstall\MusicConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)


dann das log.txt von Eset (sieht meiner Meinung nach etwas wenig sagend aus...)

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


Ich hoffe, dass man damit was anfangen kann.

Besten Dank im Voraus

Gruss,
Mark:killpc:

cosinus 24.05.2012 21:55
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

spigi01 25.05.2012 09:27
Besten Dank für deine Unterstützung erstmals

Meinem Patienten scheints doch schon viel besser zu gehen, die lästige software regt sich zumindest nicht mehr.

Die von malewarebytes gemeldeten threats habe ich eigentlich entfernt, mache aber zur Sicherheit nochmals einen run.

Zitat:
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Auf die Gefahr hin, dass ich mich jetzt als saublöd zeige..., wo soll ich mit der rechten Maustaste hin klicken?:stirn:

Danke

cosinus 25.05.2012 11:55
Rechtsklick auf FF oder IE => als Administrator ausführen
So stehts doch auch da http://cheesebuerger.de/images/midi/froehlich/a048.gif

spigi01 25.05.2012 12:43
:abklatsch:So, IE als admin gestartet und eset läuft.

malewarebytes Ergebnis:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.25.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Benutzer:: Benutzer-PC [Administrator]

Schutz: Aktiviert

25.05.2012 10:08:11
mbam-log-2012-05-25 (10-08-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 498414
Laufzeit: 2 Stunde(n), 41 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Das ist übrigens das Log vom ersten scan:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Benutzer:: Benutzer-PC [Administrator]

Schutz: Aktiviert

23.05.2012 18:55:35
mbam-log-2012-05-23 (18-55-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496016
Laufzeit: 3 Stunde(n), 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\UnXHpXtrAB.exe (Trojan.FakeHDD) -> 2688 -> Löschen bei Neustart.
C:\ProgramData\dEALrSvqaxGNSn.exe (Trojan.FakeHDD) -> 3300 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UnXHpXtrAB.exe (Trojan.FakeHDD) -> Daten: C:\ProgramData\UnXHpXtrAB.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\UnXHpXtrAB.exe (Trojan.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dEALrSvqaxGNSn.exe (Trojan.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benutzer\AppData\Local\Temp\aXRgmtVNsIyJee.exe.tmp (Trojan.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benutzer\AppData\Local\Temp\ICReinstall\MusicConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Gruss Mark

cosinus 25.05.2012 13:17
Und wieso postest du jetzt 2 Logs von Malwarebytes und nicht eins von ESET?

spigi01 25.05.2012 16:44
Hier ist das log von ESET:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=173d84777dd48f4692bddb8b69246e9b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-25 11:37:30
# local_time=2012-05-25 01:37:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 603385 74481351 4324 0
# compatibility_mode=5893 16776573 100 94 10687 89575721 0 0
# compatibility_mode=8192 67108863 100 0 94783 94783 0 0
# scanned=73778
# found=0
# cleaned=0
# scan_time=1319
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=173d84777dd48f4692bddb8b69246e9b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-25 01:58:27
# local_time=2012-05-25 03:58:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 604740 74482706 5679 0
# compatibility_mode=5893 16776573 100 94 12042 89577076 0 0
# compatibility_mode=8192 67108863 100 0 96138 96138 0 0
# scanned=318970
# found=2
# cleaned=0
# scan_time=8421
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Benutzer\AppData\Local\Temp\is1972027439\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
Gruss Mark

cosinus 25.05.2012 23:05
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

spigi01 26.05.2012 08:20
Ja, ich arbeite eigentlich im normalen modus und habe den Eindruck, dass alles normal läuft. Alle meine Programme, die an der Taskleiste angeknüpft, oder auf dem Desktop waren, sind ausgeblendet. Ich musste den IE neu anknüpfen, allerdings wird er mit einer (2) versehen....:confused:
Im Startmenu ist praktisch nichts mehr vorhanden, z.B. kein Office programm, auch unter "Dokumente" oder "Bilder" gähnende Leere....:sleepy:

Auch wenn ich den windows-explorer öffne, wird in vielen Ordnern angezeigt, dass sie leer seien, gehe ich aber auf Eigenschaften, bei z.B. eigene Bilder, finden sich unter Inhalt (vermutlich) alle Order.
Das war auch der Grund für
Zitat:
Auf die Gefahr hin, dass ich mich jetzt als saublöd zeige..., wo soll ich mit der rechten Maustaste hin klicken?
Ich musste den IE via Netzwerk-und Freigabecenter öffnen und dort gehts nicht mit der rechten Maustaste....

Ich habe mir schon überlegt, eine Systemwiederherstellung durch zu führen, auf einen Wiederherstellungspunkt vor dem Trojanerbefall, will aber erst abwarten, was du dazu meinst.

Nochmals Danke und freundliche Grüsse
Mark

So, jetzt wirds richtig geil:teufel1:
Ich habe gerade ein Telefon bekommen von so ner Type, die sich als Computerspezialist von Windows support center ausgegeben hat. Anscheinend generiere mein Computer tausende von Fehlermeldungen bei ihnen im system. Meine Windows registry werde in Kürze abgestellt, wenn ich nicht sofort was dagegen unternehme.... Für einen Spezialbetrag von ca. 150.-$ würden sie mir mein System wieder auf Vordermann bringen, dazu brauchen sie etwa 1.30 Std. freien Zugann auf meinen Laptop:headbang:
Das Gerät wurde von mir natürlich sofort vom Netz genommen und heruntergefahren. Alle e-banking Verträge mal vorsichtshalber gesperrt.
Ich hab zum Glück noch nen andern Compi und bin mir schwer am überlegen, ob ich überhaupt weiter versuchen soll, die malware zu entfernen, oder ob ich die Kiste einfach auf den Müll schmeisse:killpc:

mfG Mark

cosinus 26.05.2012 15:24
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

spigi01 27.05.2012 08:45
Hallo Arne

Sieht schon recht ordentlich aus.:dankeschoen:
Kann man sagen, dass mein Laptop jetzt wieder ok ist?
Bekomm ich jetzt keine komische Telfonanrufe mehr, kann ich wieder bedenklos e-banking und so machen damit????

Vorest mal vielen dank für die gute Unterstützung
Gruss, Mark

cosinus 28.05.2012 14:41
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

spigi01 29.05.2012 15:01
So, bin wieder da...
Code:
OTL logfile created on: 29.05.2012 12:40:28 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\Benutzer\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.42% Memory free
3.98 Gb Paging File | 2.60 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 7.74 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
 
Computer Name: Benutzer-PC | User Name: Benutzer| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 12:34:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.20 12:31:17 | 001,005,056 | ---- | M] (Swiss International Airlines) -- C:\Users\Benutzer\AppData\Local\Apps\2.0\A6YYZV7L.28E\W9R11LGZ.4T4\swis..tion_0c581f7c10d77799_0001.0000_5702398fa69462f7\Swiss.CLO.Hub.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.09.22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 09:20:43 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9c2da5bc8e93845d80dc6768efa78de7\System.Web.Services.ni.dll
MOD - [2012.05.12 09:20:37 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll
MOD - [2012.05.12 09:20:36 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll
MOD - [2012.05.12 09:20:35 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
MOD - [2012.05.12 09:20:34 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll
MOD - [2012.05.12 09:20:31 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll
MOD - [2012.05.12 09:20:02 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll
MOD - [2012.05.12 09:19:53 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\31df9a0b86a3259cb02bbe741e501b85\System.Data.Entity.ni.dll
MOD - [2012.05.12 09:18:36 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\bc5bf4e71af4c7689ffed22f5187d922\System.Data.DataSetExtensions.ni.dll
MOD - [2012.05.12 09:18:12 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\edfac26fdb2ed44310e9f22665a1ef95\System.Deployment.ni.dll
MOD - [2012.05.12 09:18:07 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
MOD - [2012.05.12 09:18:07 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.12 09:18:06 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
MOD - [2012.05.12 09:18:05 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
MOD - [2012.05.12 09:18:04 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
MOD - [2012.05.12 09:18:03 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012.05.12 09:17:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012.05.12 09:17:46 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll
MOD - [2012.05.12 05:48:06 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
MOD - [2012.05.12 05:47:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
MOD - [2012.05.12 05:47:35 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
MOD - [2012.05.12 05:47:34 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 05:43:44 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012.05.12 05:43:37 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\dcf415181fba99d99ec87eefdf082864\System.ComponentModel.Composition.ni.dll
MOD - [2012.05.12 05:43:34 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
MOD - [2012.05.12 05:43:23 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
MOD - [2012.05.12 05:43:18 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll
MOD - [2012.05.12 05:43:16 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012.05.12 05:43:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012.05.12 05:43:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012.05.12 05:43:06 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012.05.12 05:43:00 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll
MOD - [2012.05.12 05:42:58 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.10 16:40:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ucwncwif.sys -- (ucwncwif)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.05.11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007.05.11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.05.11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.unhooked.ch/2008/spotguide/
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 A0 EF 2D 22 0F CC 01  [binary data]
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes,DefaultScope = {C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=de_CH&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=859de00d-5391-4a9e-b1ec-6b23fd964022&apn_sauid=27C05271-8B6A-402F-B882-D66C7614CFA0
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2011.05.13 08:59:32 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.1.4 NPI89FFA4
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrewLink Offline HUB.appref-ms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE089F1A-8C43-4782-A157-BCC483F47148}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMPCHelper -
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tvnserver -
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 12:34:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Bachmann\Desktop\OTL.exe
[2012.05.29 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Local\AskToolbar
[2012.05.27 10:08:38 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Avira
[2012.05.27 10:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.27 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.27 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Local\APN
[2012.05.27 10:00:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.27 10:00:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.05.27 10:00:40 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.27 10:00:40 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.27 09:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.27 09:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.27 09:17:27 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mark Bachmann\Desktop\unhide.exe
[2012.05.26 11:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\ShowMyPCService
[2012.05.26 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShowMyPC
[2012.05.24 10:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.23 16:14:28 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Malwarebytes
[2012.05.23 16:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.23 16:14:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.23 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.23 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.23 16:12:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mark Bachmann\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.22 06:19:16 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.05.02 15:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.02 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.02 15:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.05.14 14:07:28 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 12:34:46 | 000,014,640 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 12:34:46 | 000,014,640 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 12:34:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Bachmann\Desktop\OTL.exe
[2012.05.29 12:31:15 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.29 12:31:15 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.29 12:31:15 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.29 12:31:15 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.29 12:25:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.29 12:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 12:24:00 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.27 10:02:48 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.27 09:17:27 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mark Bachmann\Desktop\unhide.exe
[2012.05.26 10:57:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 18:53:09 | 000,000,168 | ---- | M] () -- C:\ProgramData\-dEALrSvqaxGNSnr
[2012.05.23 18:53:09 | 000,000,000 | ---- | M] () -- C:\ProgramData\-dEALrSvqaxGNSn
[2012.05.23 18:52:17 | 000,000,256 | ---- | M] () -- C:\ProgramData\dEALrSvqaxGNSn
[2012.05.23 16:14:23 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 16:13:35 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mark Bachmann\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.22 16:33:36 | 000,050,477 | ---- | M] () -- C:\Users\Mark Bachmann\Desktop\Defogger.exe
[2012.05.22 15:00:20 | 000,000,000 | ---- | M] () -- C:\Users\Mark Bachmann\defogger_reenable
[2012.05.22 06:33:02 | 000,000,152 | ---- | M] () -- C:\ProgramData\-qy1qQi4MEWM1jtr
[2012.05.22 06:33:02 | 000,000,000 | ---- | M] () -- C:\ProgramData\-qy1qQi4MEWM1jt
[2012.05.22 06:29:14 | 000,000,256 | ---- | M] () -- C:\ProgramData\qy1qQi4MEWM1jt
[2012.05.18 11:12:58 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.12 08:35:21 | 000,481,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.02 15:19:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.27 10:02:48 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.27 09:34:28 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.27 09:34:28 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.27 09:34:28 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2011.lnk
[2012.05.27 09:34:28 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\CLX.PayMaker.lnk
[2012.05.27 09:34:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.27 09:34:28 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.05.27 09:34:28 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\TuneAid.lnk
[2012.05.27 09:34:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2012.05.27 09:34:28 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2010.lnk
[2012.05.27 09:34:28 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.05.27 09:34:27 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.05.27 09:34:27 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.27 09:34:27 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.05.27 09:34:27 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.05.27 09:34:27 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.05.27 09:34:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.05.27 09:34:27 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.05.27 09:34:27 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.05.27 09:34:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.05.27 09:34:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.05.27 09:34:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.23 18:54:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 18:53:09 | 000,000,168 | ---- | C] () -- C:\ProgramData\-dEALrSvqaxGNSnr
[2012.05.23 18:53:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\-dEALrSvqaxGNSn
[2012.05.23 18:52:17 | 000,000,256 | ---- | C] () -- C:\ProgramData\dEALrSvqaxGNSn
[2012.05.22 16:33:36 | 000,050,477 | ---- | C] () -- C:\Users\Mark Bachmann\Desktop\Defogger.exe
[2012.05.22 15:00:20 | 000,000,000 | ---- | C] () -- C:\Users\Mark Bachmann\defogger_reenable
[2012.05.22 06:33:02 | 000,000,152 | ---- | C] () -- C:\ProgramData\-qy1qQi4MEWM1jtr
[2012.05.22 06:33:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qy1qQi4MEWM1jt
[2012.05.22 06:19:14 | 000,000,256 | ---- | C] () -- C:\ProgramData\qy1qQi4MEWM1jt
[2012.02.11 17:03:49 | 000,007,625 | ---- | C] () -- C:\Users\Mark Bachmann\AppData\Local\Resmon.ResmonCfg
[2012.01.12 15:55:34 | 000,002,247 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.08.01 13:09:38 | 000,003,584 | ---- | C] () -- C:\Users\Mark Bachmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 10:29:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.13 09:01:45 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.05.13 09:01:45 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011.05.13 08:59:13 | 000,000,190 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011.05.13 08:57:52 | 000,000,739 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.05.13 08:54:06 | 000,199,121 | ---- | C] () -- C:\Windows\hppins11.dat
[2011.05.13 08:54:06 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2011.05.13 08:53:06 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat
[2011.05.10 16:28:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.05.10 15:48:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== LOP Check ==========
 
[2012.03.05 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\.Kanton ZH
[2011.07.27 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Acoustica
[2011.12.11 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\bookfactory.ch
[2012.03.05 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Information Factory
[2011.07.27 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\SynthMaker
[2011.05.16 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\TuneAid
[2011.12.09 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\uTorrent
[2011.05.16 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\WindSolutions
[2009.07.14 06:53:46 | 000,022,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.05 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\.Kanton ZH
[2011.07.27 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Acoustica
[2011.05.10 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Adobe
[2012.03.06 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Apple Computer
[2012.05.27 10:08:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Avira
[2011.12.11 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\bookfactory.ch
[2011.05.10 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Identities
[2012.03.05 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Information Factory
[2011.08.07 08:42:02 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\InstallShield
[2011.05.11 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Macromedia
[2012.05.23 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Media Center Programs
[2011.07.05 21:49:49 | 000,000,000 | --SD | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft
[2012.04.17 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Mozilla
[2011.10.26 14:31:41 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Skype
[2011.07.27 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\SynthMaker
[2011.05.16 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\TuneAid
[2011.12.09 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\uTorrent
[2011.05.16 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.10 16:52:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.05.10 16:52:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

Ganz schön lang das Log...

Gruss Mark

cosinus 30.05.2012 08:17
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=de_CH&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=859de00d-5391-4a9e-b1ec-6b23fd964022&apn_sauid=27C05271-8B6A-402F-B882-D66C7614CFA0
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Programme\Ask.com
C:\Users\Mark Bachmann\AppData\Local\AskToolbar
C:\ProgramData\-dEALrSvqaxGNSnr
C:\ProgramData\-dEALrSvqaxGNSn
C:\ProgramData\dEALrSvqaxGNSn
C:\ProgramData\-qy1qQi4MEWM1jtr
C:\ProgramData\-qy1qQi4MEWM1jt
C:\ProgramData\qy1qQi4MEWM1jt
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

spigi01 30.05.2012 10:55
Log nach dem OTL fix:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar folder moved successfully.
C:\ProgramData\-dEALrSvqaxGNSnr moved successfully.
C:\ProgramData\-dEALrSvqaxGNSn moved successfully.
C:\ProgramData\dEALrSvqaxGNSn moved successfully.
C:\ProgramData\-qy1qQi4MEWM1jtr moved successfully.
C:\ProgramData\-qy1qQi4MEWM1jt moved successfully.
C:\ProgramData\qy1qQi4MEWM1jt moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mark Bachmann
->Temp folder emptied: 784477271 bytes
->Temporary Internet Files folder emptied: 373832676 bytes
->Java cache emptied: 5025522 bytes
->Flash cache emptied: 2668 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1239040 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115191996 bytes
RecycleBin emptied: 3871422807 bytes
 
Total Files Cleaned = 4'913.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Mark Bachmann
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05302012_113606

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 30.05.2012 11:55
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

spigi01 30.05.2012 12:28
Alles mit Skip behalndelt, hier das Log
Code:
13:22:22.0812 5700        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
13:22:23.0031 5700        ============================================================
13:22:23.0031 5700        Current date / time: 2012/05/30 13:22:23.0031
13:22:23.0031 5700        SystemInfo:
13:22:23.0031 5700       
13:22:23.0031 5700        OS Version: 6.1.7601 ServicePack: 1.0
13:22:23.0031 5700        Product type: Workstation
13:22:23.0031 5700        ComputerName: MARKBACHMANN-PC
13:22:23.0031 5700        UserName: Mark Bachmann
13:22:23.0031 5700        Windows directory: C:\Windows
13:22:23.0031 5700        System windows directory: C:\Windows
13:22:23.0031 5700        Processor architecture: Intel x86
13:22:23.0031 5700        Number of processors: 2
13:22:23.0031 5700        Page size: 0x1000
13:22:23.0031 5700        Boot type: Normal boot
13:22:23.0031 5700        ============================================================
13:22:24.0903 5700        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:24.0903 5700        ============================================================
13:22:24.0903 5700        \Device\Harddisk0\DR0:
13:22:24.0903 5700        MBR partitions:
13:22:24.0903 5700        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:22:24.0903 5700        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:22:24.0903 5700        ============================================================
13:22:24.0918 5700        C: <-> \Device\Harddisk0\DR0\Partition1
13:22:24.0918 5700        ============================================================
13:22:24.0918 5700        Initialize success
13:22:24.0918 5700        ============================================================
13:24:08.0980 3728        ============================================================
13:24:08.0980 3728        Scan started
13:24:08.0980 3728        Mode: Manual; SigCheck; TDLFS;
13:24:08.0980 3728        ============================================================
13:24:11.0133 3728        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:24:11.0289 3728        1394ohci - ok
13:24:11.0320 3728        Accelerometer  (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:24:11.0336 3728        Accelerometer - ok
13:24:11.0398 3728        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:24:11.0445 3728        ACPI - ok
13:24:11.0508 3728        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:24:11.0617 3728        AcpiPmi - ok
13:24:11.0726 3728        ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
13:24:11.0820 3728        ADIHdAudAddService - ok
13:24:11.0898 3728        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:24:11.0929 3728        adp94xx - ok
13:24:11.0960 3728        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:24:11.0976 3728        adpahci - ok
13:24:12.0007 3728        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:24:12.0022 3728        adpu320 - ok
13:24:12.0069 3728        AEADIFilters    (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
13:24:12.0100 3728        AEADIFilters - ok
13:24:12.0132 3728        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:24:12.0163 3728        AeLookupSvc - ok
13:24:12.0256 3728        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:24:12.0334 3728        AFD - ok
13:24:12.0428 3728        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
13:24:12.0490 3728        AgereSoftModem - ok
13:24:12.0553 3728        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:24:12.0584 3728        agp440 - ok
13:24:12.0615 3728        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:24:12.0631 3728        aic78xx - ok
13:24:12.0678 3728        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:24:12.0756 3728        ALG - ok
13:24:12.0834 3728        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:24:12.0865 3728        aliide - ok
13:24:12.0880 3728        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:24:12.0896 3728        amdagp - ok
13:24:12.0912 3728        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:24:12.0927 3728        amdide - ok
13:24:12.0958 3728        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:24:13.0005 3728        AmdK8 - ok
13:24:13.0005 3728        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:24:13.0036 3728        AmdPPM - ok
13:24:13.0114 3728        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:24:13.0146 3728        amdsata - ok
13:24:13.0177 3728        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:24:13.0192 3728        amdsbs - ok
13:24:13.0208 3728        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:24:13.0224 3728        amdxata - ok
13:24:13.0333 3728        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:24:13.0364 3728        AntiVirSchedulerService - ok
13:24:13.0411 3728        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:24:13.0442 3728        AntiVirService - ok
13:24:13.0473 3728        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:24:13.0504 3728        AntiVirWebService - ok
13:24:13.0551 3728        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:24:13.0692 3728        AppID - ok
13:24:13.0738 3728        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:24:13.0801 3728        AppIDSvc - ok
13:24:13.0832 3728        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:24:13.0894 3728        Appinfo - ok
13:24:13.0988 3728        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:14.0004 3728        Apple Mobile Device - ok
13:24:14.0082 3728        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:24:14.0144 3728        AppMgmt - ok
13:24:14.0191 3728        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:24:14.0222 3728        arc - ok
13:24:14.0238 3728        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:24:14.0253 3728        arcsas - ok
13:24:14.0284 3728        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:14.0472 3728        AsyncMac - ok
13:24:14.0518 3728        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:24:14.0534 3728        atapi - ok
13:24:14.0596 3728        ATSwpWDF        (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
13:24:14.0643 3728        ATSwpWDF - ok
13:24:14.0721 3728        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:24:14.0768 3728        AudioEndpointBuilder - ok
13:24:14.0784 3728        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:24:14.0815 3728        Audiosrv - ok
13:24:14.0862 3728        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:24:14.0893 3728        avgntflt - ok
13:24:14.0924 3728        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:24:14.0940 3728        avipbb - ok
13:24:14.0971 3728        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
13:24:14.0986 3728        avkmgr - ok
13:24:15.0033 3728        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:24:15.0111 3728        AxInstSV - ok
13:24:15.0174 3728        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:24:15.0220 3728        b06bdrv - ok
13:24:15.0252 3728        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:24:15.0283 3728        b57nd60x - ok
13:24:15.0330 3728        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:24:15.0376 3728        BDESVC - ok
13:24:15.0423 3728        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:24:15.0486 3728        Beep - ok
13:24:16.0406 3728        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:24:16.0515 3728        BFE - ok
13:24:16.0624 3728        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:24:16.0702 3728        BITS - ok
13:24:16.0702 3728        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:24:16.0734 3728        blbdrive - ok
13:24:16.0936 3728        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:24:16.0952 3728        Bonjour Service - ok
13:24:16.0999 3728        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:24:17.0030 3728        bowser - ok
13:24:17.0092 3728        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:24:17.0170 3728        BrFiltLo - ok
13:24:17.0186 3728        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:24:17.0248 3728        BrFiltUp - ok
13:24:17.0311 3728        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:24:17.0404 3728        Browser - ok
13:24:17.0467 3728        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:24:17.0545 3728        Brserid - ok
13:24:17.0654 3728        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:24:17.0701 3728        BrSerWdm - ok
13:24:17.0732 3728        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:24:17.0763 3728        BrUsbMdm - ok
13:24:17.0779 3728        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:24:17.0841 3728        BrUsbSer - ok
13:24:17.0935 3728        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:24:18.0028 3728        BthEnum - ok
13:24:18.0044 3728        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:24:18.0075 3728        BTHMODEM - ok
13:24:18.0106 3728        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:24:18.0138 3728        BthPan - ok
13:24:18.0200 3728        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:24:18.0231 3728        BTHPORT - ok
13:24:18.0278 3728        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:24:18.0325 3728        bthserv - ok
13:24:18.0356 3728        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:24:18.0372 3728        BTHUSB - ok
13:24:18.0418 3728        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:24:18.0481 3728        cdfs - ok
13:24:18.0574 3728        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:24:18.0606 3728        cdrom - ok
13:24:18.0715 3728        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:24:18.0793 3728        CertPropSvc - ok
13:24:18.0808 3728        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:24:18.0824 3728        circlass - ok
13:24:18.0871 3728        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:24:18.0886 3728        CLFS - ok
13:24:18.0964 3728        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:18.0996 3728        clr_optimization_v2.0.50727_32 - ok
13:24:19.0089 3728        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:19.0136 3728        clr_optimization_v4.0.30319_32 - ok
13:24:19.0167 3728        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:19.0183 3728        CmBatt - ok
13:24:19.0214 3728        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:24:19.0230 3728        cmdide - ok
13:24:19.0308 3728        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:24:19.0370 3728        CNG - ok
13:24:19.0386 3728        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:24:19.0401 3728        Compbatt - ok
13:24:19.0479 3728        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:24:19.0542 3728        CompositeBus - ok
13:24:19.0557 3728        COMSysApp - ok
13:24:19.0588 3728        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:24:19.0604 3728        crcdisk - ok
13:24:19.0666 3728        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:24:19.0729 3728        CryptSvc - ok
13:24:19.0791 3728        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:24:19.0869 3728        CSC - ok
13:24:19.0900 3728        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:24:19.0947 3728        CscService - ok
13:24:19.0978 3728        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:24:20.0025 3728        DcomLaunch - ok
13:24:20.0056 3728        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:24:20.0103 3728        defragsvc - ok
13:24:20.0181 3728        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:24:20.0228 3728        DfsC - ok
13:24:20.0290 3728        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:24:20.0384 3728        Dhcp - ok
13:24:20.0400 3728        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:24:20.0446 3728        discache - ok
13:24:20.0524 3728        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:24:20.0571 3728        Disk - ok
13:24:20.0602 3728        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:24:20.0634 3728        Dnscache - ok
13:24:20.0696 3728        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:24:20.0727 3728        dot3svc - ok
13:24:20.0790 3728        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:24:20.0868 3728        DPS - ok
13:24:20.0899 3728        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:24:20.0930 3728        drmkaud - ok
13:24:20.0992 3728        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:24:21.0024 3728        DXGKrnl - ok
13:24:21.0055 3728        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:24:21.0102 3728        EapHost - ok
13:24:21.0289 3728        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:24:21.0382 3728        ebdrv - ok
13:24:21.0570 3728        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:24:21.0616 3728        EFS - ok
13:24:21.0741 3728        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:24:21.0819 3728        ehRecvr - ok
13:24:21.0850 3728        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:24:21.0913 3728        ehSched - ok
13:24:21.0991 3728        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:24:22.0038 3728        elxstor - ok
13:24:22.0084 3728        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:24:22.0116 3728        ErrDev - ok
13:24:22.0162 3728        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:24:22.0209 3728        EventSystem - ok
13:24:22.0240 3728        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:24:22.0287 3728        exfat - ok
13:24:22.0318 3728        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:24:22.0350 3728        fastfat - ok
13:24:22.0428 3728        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:24:22.0506 3728        Fax - ok
13:24:22.0537 3728        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:24:22.0568 3728        fdc - ok
13:24:22.0599 3728        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:24:22.0630 3728        fdPHost - ok
13:24:22.0646 3728        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:24:22.0693 3728        FDResPub - ok
13:24:22.0708 3728        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:24:22.0724 3728        FileInfo - ok
13:24:22.0740 3728        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:24:22.0786 3728        Filetrace - ok
13:24:22.0802 3728        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:22.0818 3728        flpydisk - ok
13:24:22.0864 3728        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:24:22.0880 3728        FltMgr - ok
13:24:22.0942 3728        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:24:22.0974 3728        FontCache - ok
13:24:23.0052 3728        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:23.0083 3728        FontCache3.0.0.0 - ok
13:24:23.0098 3728        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:24:23.0114 3728        FsDepends - ok
13:24:23.0161 3728        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:24:23.0176 3728        Fs_Rec - ok
13:24:23.0239 3728        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:24:23.0270 3728        fvevol - ok
13:24:23.0301 3728        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:24:23.0317 3728        gagp30kx - ok
13:24:23.0348 3728        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:24:23.0364 3728        GEARAspiWDM - ok
13:24:23.0442 3728        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:24:23.0488 3728        gpsvc - ok
13:24:23.0598 3728        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:23.0629 3728        gupdate - ok
13:24:23.0629 3728        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:23.0644 3728        gupdatem - ok
13:24:23.0676 3728        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:23.0691 3728        gusvc - ok
13:24:23.0722 3728        HBtnKey        (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys
13:24:23.0738 3728        HBtnKey - ok
13:24:23.0769 3728        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:24:23.0816 3728        hcw85cir - ok
13:24:23.0878 3728        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:24:23.0910 3728        HdAudAddService - ok
13:24:23.0941 3728        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:24:23.0972 3728        HDAudBus - ok
13:24:23.0972 3728        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:24:23.0988 3728        HidBatt - ok
13:24:24.0019 3728        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:24:24.0050 3728        HidBth - ok
13:24:24.0081 3728        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:24:24.0097 3728        HidIr - ok
13:24:24.0128 3728        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:24:24.0175 3728        hidserv - ok
13:24:24.0237 3728        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:24:24.0268 3728        HidUsb - ok
13:24:24.0315 3728        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:24:24.0362 3728        hkmsvc - ok
13:24:24.0409 3728        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:24:24.0471 3728        HomeGroupListener - ok
13:24:24.0534 3728        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:24:24.0596 3728        HomeGroupProvider - ok
13:24:24.0643 3728        hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:24:24.0643 3728        hpdskflt - ok
13:24:24.0783 3728        hpqcxs08        (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:24:24.0814 3728        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:24:24.0814 3728        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:24:24.0846 3728        hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:24:24.0861 3728        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:24:24.0861 3728        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:24:24.0924 3728        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:24:24.0939 3728        HpSAMD - ok
13:24:24.0939 3728        hpsrv          (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
13:24:24.0955 3728        hpsrv - ok
13:24:25.0048 3728        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:24:25.0080 3728        HTTP - ok
13:24:25.0142 3728        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:24:25.0142 3728        hwpolicy - ok
13:24:25.0204 3728        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:24:25.0251 3728        i8042prt - ok
13:24:25.0329 3728        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:24:25.0360 3728        iaStorV - ok
13:24:25.0548 3728        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:25.0594 3728        idsvc - ok
13:24:25.0875 3728        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:24:26.0000 3728        igfx - ok
13:24:26.0140 3728        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:24:26.0172 3728        iirsp - ok
13:24:26.0250 3728        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:24:26.0312 3728        IKEEXT - ok
13:24:26.0374 3728        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:24:26.0406 3728        intelide - ok
13:24:26.0421 3728        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:24:26.0437 3728        intelppm - ok
13:24:26.0484 3728        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:24:26.0530 3728        IPBusEnum - ok
13:24:26.0562 3728        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:26.0624 3728        IpFilterDriver - ok
13:24:26.0702 3728        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:24:26.0764 3728        iphlpsvc - ok
13:24:26.0811 3728        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:24:26.0858 3728        IPMIDRV - ok
13:24:26.0874 3728        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:24:26.0920 3728        IPNAT - ok
13:24:27.0045 3728        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:24:27.0076 3728        iPod Service - ok
13:24:27.0108 3728        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:24:27.0186 3728        IRENUM - ok
13:24:27.0248 3728        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:24:27.0279 3728        isapnp - ok
13:24:27.0342 3728        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:24:27.0373 3728        iScsiPrt - ok
13:24:27.0420 3728        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:24:27.0435 3728        kbdclass - ok
13:24:27.0466 3728        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:24:27.0482 3728        kbdhid - ok
13:24:27.0529 3728        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:27.0560 3728        KeyIso - ok
13:24:27.0576 3728        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:24:27.0591 3728        KSecDD - ok
13:24:27.0638 3728        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:24:27.0654 3728        KSecPkg - ok
13:24:27.0700 3728        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:24:27.0747 3728        KtmRm - ok
13:24:27.0810 3728        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:24:27.0856 3728        LanmanServer - ok
13:24:27.0903 3728        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:24:27.0966 3728        LanmanWorkstation - ok
13:24:28.0012 3728        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:28.0075 3728        lltdio - ok
13:24:28.0106 3728        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:24:28.0153 3728        lltdsvc - ok
13:24:28.0168 3728        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:24:28.0200 3728        lmhosts - ok
13:24:28.0231 3728        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:24:28.0246 3728        LSI_FC - ok
13:24:28.0262 3728        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:24:28.0278 3728        LSI_SAS - ok
13:24:28.0278 3728        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:24:28.0293 3728        LSI_SAS2 - ok
13:24:28.0309 3728        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:24:28.0324 3728        LSI_SCSI - ok
13:24:28.0340 3728        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:24:28.0371 3728        luafv - ok
13:24:28.0558 3728        lvpopflt        (b0456b8a332135c1216ff2374b584161) C:\Windows\system32\DRIVERS\lvpopflt.sys
13:24:28.0621 3728        lvpopflt - ok
13:24:28.0808 3728        LVUSBSta        (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys
13:24:28.0824 3728        LVUSBSta - ok
13:24:29.0011 3728        LVUVC          (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys
13:24:29.0104 3728        LVUVC - ok
13:24:29.0276 3728        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:24:29.0307 3728        MBAMProtector - ok
13:24:29.0432 3728        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:29.0479 3728        MBAMService - ok
13:24:29.0541 3728        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:24:29.0572 3728        Mcx2Svc - ok
13:24:29.0604 3728        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:24:29.0619 3728        megasas - ok
13:24:29.0666 3728        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:24:29.0682 3728        MegaSR - ok
13:24:29.0728 3728        Microsoft SharePoint Workspace Audit Service - ok
13:24:29.0760 3728        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:24:29.0806 3728        MMCSS - ok
13:24:29.0822 3728        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:24:29.0869 3728        Modem - ok
13:24:29.0916 3728        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:24:29.0931 3728        monitor - ok
13:24:29.0994 3728        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:24:30.0040 3728        mouclass - ok
13:24:30.0072 3728        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:30.0103 3728        mouhid - ok
13:24:30.0150 3728        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:24:30.0165 3728        mountmgr - ok
13:24:30.0228 3728        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:24:30.0259 3728        mpio - ok
13:24:30.0274 3728        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:24:30.0306 3728        mpsdrv - ok
13:24:30.0384 3728        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:24:30.0462 3728        MpsSvc - ok
13:24:30.0508 3728        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:24:30.0524 3728        MRxDAV - ok
13:24:30.0586 3728        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:30.0664 3728        mrxsmb - ok
13:24:30.0727 3728        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:30.0789 3728        mrxsmb10 - ok
13:24:30.0805 3728        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:30.0836 3728        mrxsmb20 - ok
13:24:30.0883 3728        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:24:30.0914 3728        msahci - ok
13:24:30.0976 3728        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:24:31.0008 3728        msdsm - ok
13:24:31.0039 3728        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:24:31.0070 3728        MSDTC - ok
13:24:31.0101 3728        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:24:31.0132 3728        Msfs - ok
13:24:31.0148 3728        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:24:31.0179 3728        mshidkmdf - ok
13:24:31.0179 3728        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:24:31.0195 3728        msisadrv - ok
13:24:31.0226 3728        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:24:31.0273 3728        MSiSCSI - ok
13:24:31.0273 3728        msiserver - ok
13:24:31.0304 3728        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:31.0367 3728        MSKSSRV - ok
13:24:31.0398 3728        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:31.0429 3728        MSPCLOCK - ok
13:24:31.0445 3728        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:24:31.0476 3728        MSPQM - ok
13:24:31.0491 3728        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:24:31.0523 3728        MsRPC - ok
13:24:31.0569 3728        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:24:31.0601 3728        mssmbios - ok
13:24:31.0616 3728        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:24:31.0647 3728        MSTEE - ok
13:24:31.0647 3728        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:24:31.0663 3728        MTConfig - ok
13:24:31.0663 3728        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:24:31.0694 3728        Mup - ok
13:24:31.0757 3728        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:24:31.0803 3728        napagent - ok
13:24:31.0866 3728        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:31.0897 3728        NativeWifiP - ok
13:24:32.0006 3728        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:24:32.0053 3728        NDIS - ok
13:24:32.0100 3728        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:32.0147 3728        NdisCap - ok
13:24:32.0162 3728        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:32.0209 3728        NdisTapi - ok
13:24:32.0256 3728        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:32.0303 3728        Ndisuio - ok
13:24:32.0365 3728        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:32.0412 3728        NdisWan - ok
13:24:32.0459 3728        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:24:32.0490 3728        NDProxy - ok
13:24:32.0537 3728        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
13:24:32.0568 3728        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:32.0568 3728        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:32.0615 3728        Netaapl        (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
13:24:32.0677 3728        Netaapl - ok
13:24:32.0724 3728        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:24:32.0786 3728        NetBIOS - ok
13:24:32.0833 3728        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:24:32.0895 3728        NetBT - ok
13:24:32.0958 3728        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:32.0989 3728        Netlogon - ok
13:24:33.0051 3728        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:24:33.0114 3728        Netman - ok
13:24:33.0145 3728        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:24:33.0176 3728        netprofm - ok
13:24:33.0285 3728        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:33.0317 3728        NetTcpPortSharing - ok
13:24:33.0535 3728        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:24:33.0675 3728        netw5v32 - ok
13:24:33.0800 3728        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:24:33.0831 3728        nfrd960 - ok
13:24:33.0894 3728        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:24:33.0972 3728        NlaSvc - ok
13:24:33.0987 3728        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:24:34.0034 3728        Npfs - ok
13:24:34.0050 3728        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:24:34.0097 3728        nsi - ok
13:24:34.0097 3728        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:24:34.0143 3728        nsiproxy - ok
13:24:34.0253 3728        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:24:34.0284 3728        Ntfs - ok
13:24:34.0315 3728        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:24:34.0362 3728        Null - ok
13:24:34.0455 3728        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:24:34.0471 3728        nvraid - ok
13:24:34.0549 3728        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:24:34.0580 3728        nvstor - ok
13:24:34.0627 3728        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:24:34.0658 3728        nv_agp - ok
13:24:34.0705 3728        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:24:34.0736 3728        ohci1394 - ok
13:24:34.0814 3728        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:34.0845 3728        ose - ok
13:24:35.0204 3728        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:24:35.0329 3728        osppsvc - ok
13:24:35.0454 3728        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:24:35.0516 3728        p2pimsvc - ok
13:24:35.0547 3728        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:24:35.0563 3728        p2psvc - ok
13:24:35.0610 3728        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:24:35.0625 3728        Parport - ok
13:24:35.0672 3728        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:24:35.0688 3728        partmgr - ok
13:24:35.0703 3728        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:24:35.0735 3728        Parvdm - ok
13:24:35.0766 3728        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:24:35.0781 3728        PcaSvc - ok
13:24:35.0844 3728        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:24:35.0859 3728        pci - ok
13:24:35.0906 3728        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:24:35.0922 3728        pciide - ok
13:24:35.0937 3728        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:24:35.0969 3728        pcmcia - ok
13:24:35.0984 3728        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:24:36.0000 3728        pcw - ok
13:24:36.0047 3728        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:24:36.0093 3728        PEAUTH - ok
13:24:36.0187 3728        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:24:36.0265 3728        PeerDistSvc - ok
13:24:36.0390 3728        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:24:36.0468 3728        pla - ok
13:24:36.0639 3728        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:24:36.0717 3728        PlugPlay - ok
13:24:36.0749 3728        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
13:24:36.0764 3728        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:36.0764 3728        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:36.0780 3728        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:24:36.0811 3728        PNRPAutoReg - ok
13:24:36.0842 3728        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:24:36.0858 3728        PNRPsvc - ok
13:24:36.0920 3728        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:24:36.0983 3728        PolicyAgent - ok
13:24:37.0045 3728        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:24:37.0076 3728        Power - ok
13:24:37.0139 3728        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:37.0217 3728        PptpMiniport - ok
13:24:37.0232 3728        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:24:37.0248 3728        Processor - ok
13:24:37.0310 3728        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:24:37.0357 3728        ProfSvc - ok
13:24:37.0404 3728        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:37.0451 3728        ProtectedStorage - ok
13:24:37.0466 3728        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:24:37.0513 3728        Psched - ok
13:24:37.0591 3728        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:24:37.0638 3728        ql2300 - ok
13:24:37.0778 3728        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:24:37.0809 3728        ql40xx - ok
13:24:37.0841 3728        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:24:37.0887 3728        QWAVE - ok
13:24:37.0903 3728        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:24:37.0919 3728        QWAVEdrv - ok
13:24:37.0919 3728        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:37.0965 3728        RasAcd - ok
13:24:37.0997 3728        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:38.0043 3728        RasAgileVpn - ok
13:24:38.0059 3728        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:24:38.0090 3728        RasAuto - ok
13:24:38.0137 3728        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:38.0199 3728        Rasl2tp - ok
13:24:38.0246 3728        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:24:38.0309 3728        RasMan - ok
13:24:38.0324 3728        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:38.0355 3728        RasPppoe - ok
13:24:38.0387 3728        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:38.0433 3728        RasSstp - ok
13:24:38.0496 3728        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:38.0558 3728        rdbss - ok
13:24:38.0589 3728        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:38.0605 3728        rdpbus - ok
13:24:38.0667 3728        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:38.0714 3728        RDPCDD - ok
13:24:38.0730 3728        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:24:38.0761 3728        RDPDR - ok
13:24:38.0792 3728        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:24:38.0839 3728        RDPENCDD - ok
13:24:38.0855 3728        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:24:38.0886 3728        RDPREFMP - ok
13:24:38.0948 3728        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:24:38.0995 3728        RDPWD - ok
13:24:39.0057 3728        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:24:39.0104 3728        rdyboost - ok
13:24:39.0135 3728        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:24:39.0182 3728        RemoteAccess - ok
13:24:39.0213 3728        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:24:39.0260 3728        RemoteRegistry - ok
13:24:39.0307 3728        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:24:39.0323 3728        RFCOMM - ok
13:24:39.0338 3728        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:24:39.0385 3728        RpcEptMapper - ok
13:24:39.0416 3728        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:24:39.0447 3728        RpcLocator - ok
13:24:39.0525 3728        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:24:39.0572 3728        RpcSs - ok
13:24:39.0603 3728        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:39.0666 3728        rspndr - ok
13:24:39.0697 3728        s217bus        (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
13:24:39.0713 3728        s217bus - ok
13:24:39.0744 3728        s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
13:24:39.0744 3728        s217mdfl - ok
13:24:39.0759 3728        s217mdm        (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
13:24:39.0775 3728        s217mdm - ok
13:24:39.0822 3728        s217nd5        (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
13:24:39.0853 3728        s217nd5 - ok
13:24:39.0884 3728        s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
13:24:39.0915 3728        s217obex - ok
13:24:39.0931 3728        s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
13:24:39.0947 3728        s217unic - ok
13:24:39.0993 3728        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:24:40.0040 3728        s3cap - ok
13:24:40.0071 3728        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:40.0087 3728        SamSs - ok
13:24:40.0118 3728        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:24:40.0134 3728        sbp2port - ok
13:24:40.0165 3728        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:24:40.0212 3728        SCardSvr - ok
13:24:40.0259 3728        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:24:40.0290 3728        scfilter - ok
13:24:40.0399 3728        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:24:40.0461 3728        Schedule - ok
13:24:40.0508 3728        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:24:40.0555 3728        SCPolicySvc - ok
13:24:40.0602 3728        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:24:40.0664 3728        SDRSVC - ok
13:24:40.0695 3728        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:24:40.0758 3728        secdrv - ok
13:24:40.0789 3728        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:24:40.0820 3728        seclogon - ok
13:24:40.0851 3728        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:24:40.0883 3728        SENS - ok
13:24:40.0914 3728        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:24:40.0945 3728        SensrSvc - ok
13:24:40.0961 3728        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:24:40.0976 3728        Serenum - ok
13:24:40.0992 3728        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:24:41.0023 3728        Serial - ok
13:24:41.0070 3728        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:24:41.0101 3728        sermouse - ok
13:24:41.0163 3728        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:24:41.0210 3728        SessionEnv - ok
13:24:41.0257 3728        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:24:41.0304 3728        sffdisk - ok
13:24:41.0335 3728        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:41.0351 3728        sffp_mmc - ok
13:24:41.0351 3728        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:24:41.0366 3728        sffp_sd - ok
13:24:41.0397 3728        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:24:41.0413 3728        sfloppy - ok
13:24:41.0460 3728        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:24:41.0507 3728        SharedAccess - ok
13:24:41.0569 3728        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:24:41.0616 3728        ShellHWDetection - ok
13:24:41.0678 3728        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:24:41.0709 3728        sisagp - ok
13:24:41.0725 3728        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:24:41.0741 3728        SiSRaid2 - ok
13:24:41.0756 3728        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:24:41.0772 3728        SiSRaid4 - ok
13:24:41.0819 3728        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:24:41.0850 3728        Smb - ok
13:24:41.0881 3728        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:24:41.0897 3728        SNMPTRAP - ok
13:24:41.0928 3728        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:24:41.0928 3728        spldr - ok
13:24:42.0006 3728        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:24:42.0084 3728        Spooler - ok
13:24:42.0271 3728        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:24:42.0380 3728        sppsvc - ok
13:24:42.0536 3728        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:24:42.0583 3728        sppuinotify - ok
13:24:42.0692 3728        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:24:42.0755 3728        srv - ok
13:24:42.0817 3728        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:24:42.0864 3728        srv2 - ok
13:24:42.0879 3728        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:24:42.0895 3728        srvnet - ok
13:24:42.0926 3728        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:24:42.0957 3728        SSDPSRV - ok
13:24:43.0004 3728        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:24:43.0020 3728        ssmdrv - ok
13:24:43.0035 3728        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:24:43.0067 3728        SstpSvc - ok
13:24:43.0098 3728        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:24:43.0113 3728        stexstor - ok
13:24:43.0145 3728        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:24:43.0176 3728        StillCam - ok
13:24:43.0254 3728        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:24:43.0316 3728        StiSvc - ok
13:24:43.0363 3728        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:24:43.0394 3728        storflt - ok
13:24:43.0410 3728        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:24:43.0441 3728        StorSvc - ok
13:24:43.0457 3728        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:24:43.0457 3728        storvsc - ok
13:24:43.0503 3728        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:24:43.0535 3728        swenum - ok
13:24:43.0581 3728        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:24:43.0628 3728        swprv - ok
13:24:43.0753 3728        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:24:43.0784 3728        SysMain - ok
13:24:43.0847 3728        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:24:43.0893 3728        TabletInputService - ok
13:24:43.0971 3728        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:24:44.0018 3728        TapiSrv - ok
13:24:44.0034 3728        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:24:44.0081 3728        TBS - ok
13:24:44.0221 3728        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:24:44.0283 3728        Tcpip - ok
13:24:44.0299 3728        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:24:44.0330 3728        TCPIP6 - ok
13:24:44.0377 3728        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:24:44.0439 3728        tcpipreg - ok
13:24:44.0502 3728        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:24:44.0549 3728        TDPIPE - ok
13:24:44.0595 3728        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:24:44.0627 3728        TDTCP - ok
13:24:44.0673 3728        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:24:44.0720 3728        tdx - ok
13:24:44.0783 3728        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:24:44.0798 3728        TermDD - ok
13:24:44.0861 3728        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:24:44.0907 3728        TermService - ok
13:24:44.0939 3728        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:24:44.0985 3728        Themes - ok
13:24:45.0017 3728        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:24:45.0048 3728        THREADORDER - ok
13:24:45.0079 3728        TPM            (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:24:45.0110 3728        TPM - ok
13:24:45.0126 3728        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:24:45.0173 3728        TrkWks - ok
13:24:45.0266 3728        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:24:45.0329 3728        TrustedInstaller - ok
13:24:45.0344 3728        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:45.0375 3728        tssecsrv - ok
13:24:45.0438 3728        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:24:45.0485 3728        TsUsbFlt - ok
13:24:45.0563 3728        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:24:45.0609 3728        tunnel - ok
13:24:45.0625 3728        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:24:45.0641 3728        uagp35 - ok
13:24:45.0656 3728        ucwncwif - ok
13:24:45.0719 3728        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:24:45.0797 3728        udfs - ok
13:24:45.0828 3728        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:24:45.0859 3728        UI0Detect - ok
13:24:45.0906 3728        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:24:45.0937 3728        uliagpkx - ok
13:24:45.0999 3728        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:24:46.0031 3728        umbus - ok
13:24:46.0062 3728        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:24:46.0093 3728        UmPass - ok
13:24:46.0140 3728        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:24:46.0187 3728        UmRdpService - ok
13:24:46.0218 3728        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:24:46.0265 3728        upnphost - ok
13:24:46.0327 3728        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:24:46.0374 3728        USBAAPL - ok
13:24:46.0436 3728        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:24:46.0499 3728        usbaudio - ok
13:24:46.0545 3728        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
13:24:46.0592 3728        usbccgp - ok
13:24:46.0655 3728        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:24:46.0686 3728        usbcir - ok
13:24:46.0701 3728        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:24:46.0717 3728        usbehci - ok
13:24:46.0748 3728        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:24:46.0779 3728        usbhub - ok
13:24:46.0795 3728        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:24:46.0811 3728        usbohci - ok
13:24:46.0842 3728        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:24:46.0857 3728        usbprint - ok
13:24:46.0904 3728        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:46.0967 3728        USBSTOR - ok
13:24:47.0029 3728        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:24:47.0060 3728        usbuhci - ok
13:24:47.0091 3728        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:24:47.0123 3728        UxSms - ok
13:24:47.0169 3728        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:47.0185 3728        VaultSvc - ok
13:24:47.0247 3728        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:24:47.0279 3728        vdrvroot - ok
13:24:47.0357 3728        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:24:47.0419 3728        vds - ok
13:24:47.0450 3728        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:47.0481 3728        vga - ok
13:24:47.0497 3728        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:24:47.0528 3728        VgaSave - ok
13:24:47.0575 3728        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:24:47.0591 3728        vhdmp - ok
13:24:47.0653 3728        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:24:47.0700 3728        viaagp - ok
13:24:47.0715 3728        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:24:47.0731 3728        ViaC7 - ok
13:24:47.0747 3728        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:24:47.0762 3728        viaide - ok
13:24:47.0825 3728        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:24:47.0856 3728        vmbus - ok
13:24:47.0887 3728        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:24:47.0903 3728        VMBusHID - ok
13:24:47.0918 3728        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:24:47.0934 3728        volmgr - ok
13:24:47.0981 3728        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:24:47.0996 3728        volmgrx - ok
13:24:48.0059 3728        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:24:48.0105 3728        volsnap - ok
13:24:48.0137 3728        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:24:48.0152 3728        vsmraid - ok
13:24:48.0277 3728        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:24:48.0339 3728        VSS - ok
13:24:48.0355 3728        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:24:48.0386 3728        vwifibus - ok
13:24:48.0433 3728        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:24:48.0495 3728        W32Time - ok
13:24:48.0527 3728        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:24:48.0558 3728        WacomPen - ok
13:24:48.0620 3728        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:48.0683 3728        WANARP - ok
13:24:48.0683 3728        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:48.0714 3728        Wanarpv6 - ok
13:24:48.0854 3728        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:24:48.0917 3728        WatAdminSvc - ok
13:24:49.0041 3728        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:24:49.0104 3728        wbengine - ok
13:24:49.0135 3728        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:24:49.0166 3728        WbioSrvc - ok
13:24:49.0244 3728        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:24:49.0291 3728        wcncsvc - ok
13:24:49.0307 3728        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:24:49.0353 3728        WcsPlugInService - ok
13:24:49.0400 3728        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:24:49.0431 3728        Wd - ok
13:24:49.0478 3728        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:24:49.0509 3728        Wdf01000 - ok
13:24:49.0525 3728        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:24:49.0587 3728        WdiServiceHost - ok
13:24:49.0587 3728        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:24:49.0603 3728        WdiSystemHost - ok
13:24:49.0665 3728        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:24:49.0712 3728        WebClient - ok
13:24:49.0728 3728        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:24:49.0759 3728        Wecsvc - ok
13:24:49.0790 3728        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:24:49.0837 3728        wercplsupport - ok
13:24:49.0868 3728        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:24:49.0899 3728        WerSvc - ok
13:24:49.0931 3728        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:24:49.0962 3728        WfpLwf - ok
13:24:49.0962 3728        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:24:49.0977 3728        WIMMount - ok
13:24:50.0102 3728        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:24:50.0165 3728        WinDefend - ok
13:24:50.0180 3728        WinHttpAutoProxySvc - ok
13:24:50.0243 3728        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:24:50.0305 3728        Winmgmt - ok
13:24:50.0399 3728        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:24:50.0445 3728        WinRM - ok
13:24:50.0586 3728        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:24:50.0633 3728        WinUsb - ok
13:24:50.0711 3728        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:24:50.0773 3728        Wlansvc - ok
13:24:50.0820 3728        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:24:50.0835 3728        WmiAcpi - ok
13:24:50.0898 3728        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:24:50.0929 3728        wmiApSrv - ok
13:24:51.0085 3728        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:24:51.0132 3728        WMPNetworkSvc - ok
13:24:51.0163 3728        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:24:51.0194 3728        WPCSvc - ok
13:24:51.0241 3728        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:24:51.0319 3728        WPDBusEnum - ok
13:24:51.0350 3728        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:24:51.0428 3728        ws2ifsl - ok
13:24:51.0444 3728        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
13:24:51.0475 3728        wscsvc - ok
13:24:51.0491 3728        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:24:51.0522 3728        WSDPrintDevice - ok
13:24:51.0537 3728        WSearch - ok
13:24:51.0709 3728        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:24:51.0787 3728        wuauserv - ok
13:24:51.0943 3728        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:24:51.0990 3728        WudfPf - ok
13:24:52.0052 3728        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:52.0099 3728        WUDFRd - ok
13:24:52.0161 3728        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:24:52.0208 3728        wudfsvc - ok
13:24:52.0239 3728        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:24:52.0271 3728        WwanSvc - ok
13:24:52.0349 3728        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:24:52.0583 3728        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:24:52.0583 3728        \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:24:52.0598 3728        Boot (0x1200)  (ce491615b4c7214f08fef38a76ec1503) \Device\Harddisk0\DR0\Partition0
13:24:52.0598 3728        \Device\Harddisk0\DR0\Partition0 - ok
13:24:52.0629 3728        Boot (0x1200)  (ca8b0dfded686013ffbae896772428a1) \Device\Harddisk0\DR0\Partition1
13:24:52.0629 3728        \Device\Harddisk0\DR0\Partition1 - ok
13:24:52.0629 3728        ============================================================
13:24:52.0629 3728        Scan finished
13:24:52.0629 3728        ============================================================
13:24:52.0645 5988        Detected object count: 5
13:24:52.0645 5988        Actual detected object count: 5
13:26:21.0524 5988        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:26:21.0524 5988        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus 30.05.2012 12:47
Zitat:
13:26:21.0524 5988 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

spigi01 30.05.2012 17:37
Code:
18:32:50.0002 5280        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
18:32:50.0173 5280        ============================================================
18:32:50.0173 5280        Current date / time: 2012/05/30 18:32:50.0173
18:32:50.0173 5280        SystemInfo:
18:32:50.0173 5280       
18:32:50.0173 5280        OS Version: 6.1.7601 ServicePack: 1.0
18:32:50.0173 5280        Product type: Workstation
18:32:50.0173 5280        ComputerName: MARKBACHMANN-PC
18:32:50.0173 5280        UserName: Mark Bachmann
18:32:50.0173 5280        Windows directory: C:\Windows
18:32:50.0173 5280        System windows directory: C:\Windows
18:32:50.0173 5280        Processor architecture: Intel x86
18:32:50.0173 5280        Number of processors: 2
18:32:50.0173 5280        Page size: 0x1000
18:32:50.0173 5280        Boot type: Normal boot
18:32:50.0173 5280        ============================================================
18:32:51.0796 5280        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:32:51.0796 5280        ============================================================
18:32:51.0796 5280        \Device\Harddisk0\DR0:
18:32:51.0796 5280        MBR partitions:
18:32:51.0796 5280        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:32:51.0796 5280        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
18:32:51.0796 5280        ============================================================
18:32:51.0827 5280        C: <-> \Device\Harddisk0\DR0\Partition1
18:32:51.0827 5280        ============================================================
18:32:51.0827 5280        Initialize success
18:32:51.0827 5280        ============================================================
18:33:02.0778 5432        ============================================================
18:33:02.0778 5432        Scan started
18:33:02.0778 5432        Mode: Manual; SigCheck; TDLFS;
18:33:02.0778 5432        ============================================================
18:33:04.0026 5432        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:33:04.0151 5432        1394ohci - ok
18:33:04.0198 5432        Accelerometer  (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:33:04.0214 5432        Accelerometer - ok
18:33:04.0276 5432        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:33:04.0292 5432        ACPI - ok
18:33:04.0354 5432        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:33:04.0416 5432        AcpiPmi - ok
18:33:04.0510 5432        ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
18:33:04.0557 5432        ADIHdAudAddService - ok
18:33:04.0635 5432        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:04.0666 5432        adp94xx - ok
18:33:04.0775 5432        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:04.0791 5432        adpahci - ok
18:33:04.0822 5432        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:04.0838 5432        adpu320 - ok
18:33:04.0900 5432        AEADIFilters    (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
18:33:04.0931 5432        AEADIFilters - ok
18:33:04.0947 5432        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:33:04.0994 5432        AeLookupSvc - ok
18:33:05.0103 5432        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:33:05.0150 5432        AFD - ok
18:33:05.0228 5432        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
18:33:05.0306 5432        AgereSoftModem - ok
18:33:05.0352 5432        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:33:05.0368 5432        agp440 - ok
18:33:05.0415 5432        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:33:05.0430 5432        aic78xx - ok
18:33:05.0493 5432        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:33:05.0555 5432        ALG - ok
18:33:05.0618 5432        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:33:05.0633 5432        aliide - ok
18:33:05.0742 5432        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:33:05.0758 5432        amdagp - ok
18:33:05.0774 5432        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:33:05.0789 5432        amdide - ok
18:33:05.0836 5432        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:05.0883 5432        AmdK8 - ok
18:33:05.0883 5432        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:05.0914 5432        AmdPPM - ok
18:33:05.0976 5432        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:33:06.0008 5432        amdsata - ok
18:33:06.0023 5432        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:06.0039 5432        amdsbs - ok
18:33:06.0054 5432        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:33:06.0070 5432        amdxata - ok
18:33:06.0164 5432        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:33:06.0179 5432        AntiVirSchedulerService - ok
18:33:06.0226 5432        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:33:06.0242 5432        AntiVirService - ok
18:33:06.0273 5432        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:33:06.0304 5432        AntiVirWebService - ok
18:33:06.0351 5432        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:33:06.0476 5432        AppID - ok
18:33:06.0507 5432        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:33:06.0569 5432        AppIDSvc - ok
18:33:06.0694 5432        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:33:06.0741 5432        Appinfo - ok
18:33:06.0819 5432        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:33:06.0834 5432        Apple Mobile Device - ok
18:33:06.0881 5432        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:33:06.0928 5432        AppMgmt - ok
18:33:06.0975 5432        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:33:06.0990 5432        arc - ok
18:33:07.0006 5432        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:07.0037 5432        arcsas - ok
18:33:07.0053 5432        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:07.0209 5432        AsyncMac - ok
18:33:07.0256 5432        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:33:07.0271 5432        atapi - ok
18:33:07.0334 5432        ATSwpWDF        (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
18:33:07.0396 5432        ATSwpWDF - ok
18:33:07.0474 5432        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:33:07.0521 5432        AudioEndpointBuilder - ok
18:33:07.0536 5432        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:33:07.0568 5432        Audiosrv - ok
18:33:07.0708 5432        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:33:07.0724 5432        avgntflt - ok
18:33:07.0770 5432        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:33:07.0786 5432        avipbb - ok
18:33:07.0833 5432        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
18:33:07.0848 5432        avkmgr - ok
18:33:07.0926 5432        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:33:07.0989 5432        AxInstSV - ok
18:33:08.0051 5432        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:33:08.0098 5432        b06bdrv - ok
18:33:08.0129 5432        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:33:08.0160 5432        b57nd60x - ok
18:33:08.0207 5432        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:33:08.0254 5432        BDESVC - ok
18:33:08.0301 5432        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:33:08.0348 5432        Beep - ok
18:33:08.0426 5432        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:33:08.0488 5432        BFE - ok
18:33:08.0550 5432        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:33:08.0613 5432        BITS - ok
18:33:08.0722 5432        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:08.0753 5432        blbdrive - ok
18:33:08.0862 5432        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:33:08.0878 5432        Bonjour Service - ok
18:33:08.0909 5432        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:33:08.0940 5432        bowser - ok
18:33:08.0972 5432        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:09.0034 5432        BrFiltLo - ok
18:33:09.0050 5432        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:09.0096 5432        BrFiltUp - ok
18:33:09.0143 5432        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:33:09.0206 5432        Browser - ok
18:33:09.0252 5432        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:33:09.0299 5432        Brserid - ok
18:33:09.0330 5432        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:09.0362 5432        BrSerWdm - ok
18:33:09.0377 5432        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:09.0408 5432        BrUsbMdm - ok
18:33:09.0424 5432        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:09.0471 5432        BrUsbSer - ok
18:33:09.0549 5432        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:33:09.0596 5432        BthEnum - ok
18:33:09.0674 5432        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:09.0705 5432        BTHMODEM - ok
18:33:09.0720 5432        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:33:09.0752 5432        BthPan - ok
18:33:09.0830 5432        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
18:33:09.0861 5432        BTHPORT - ok
18:33:09.0908 5432        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:33:09.0954 5432        bthserv - ok
18:33:09.0970 5432        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
18:33:09.0986 5432        BTHUSB - ok
18:33:10.0032 5432        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:10.0079 5432        cdfs - ok
18:33:10.0157 5432        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:33:10.0188 5432        cdrom - ok
18:33:10.0251 5432        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:33:10.0298 5432        CertPropSvc - ok
18:33:10.0313 5432        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:33:10.0360 5432        circlass - ok
18:33:10.0391 5432        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:33:10.0407 5432        CLFS - ok
18:33:10.0500 5432        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:10.0516 5432        clr_optimization_v2.0.50727_32 - ok
18:33:10.0610 5432        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:10.0656 5432        clr_optimization_v4.0.30319_32 - ok
18:33:10.0766 5432        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:10.0781 5432        CmBatt - ok
18:33:10.0828 5432        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:33:10.0844 5432        cmdide - ok
18:33:10.0906 5432        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:33:10.0937 5432        CNG - ok
18:33:10.0984 5432        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:11.0000 5432        Compbatt - ok
18:33:11.0078 5432        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:33:11.0109 5432        CompositeBus - ok
18:33:11.0124 5432        COMSysApp - ok
18:33:11.0156 5432        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:11.0171 5432        crcdisk - ok
18:33:11.0249 5432        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:33:11.0296 5432        CryptSvc - ok
18:33:11.0358 5432        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:33:11.0405 5432        CSC - ok
18:33:11.0483 5432        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:33:11.0514 5432        CscService - ok
18:33:11.0577 5432        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:33:11.0686 5432        DcomLaunch - ok
18:33:11.0842 5432        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:33:11.0889 5432        defragsvc - ok
18:33:11.0967 5432        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:33:11.0998 5432        DfsC - ok
18:33:12.0045 5432        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:33:12.0107 5432        Dhcp - ok
18:33:12.0138 5432        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:33:12.0185 5432        discache - ok
18:33:12.0263 5432        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:33:12.0279 5432        Disk - ok
18:33:12.0310 5432        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:33:12.0357 5432        Dnscache - ok
18:33:12.0419 5432        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:33:12.0466 5432        dot3svc - ok
18:33:12.0513 5432        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:33:12.0560 5432        DPS - ok
18:33:12.0638 5432        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:33:12.0669 5432        drmkaud - ok
18:33:12.0731 5432        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:12.0747 5432        DXGKrnl - ok
18:33:12.0794 5432        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:33:12.0840 5432        EapHost - ok
18:33:13.0012 5432        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:33:13.0106 5432        ebdrv - ok
18:33:13.0216 5432        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:33:13.0263 5432        EFS - ok
18:33:13.0372 5432        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:33:13.0434 5432        ehRecvr - ok
18:33:13.0465 5432        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:33:13.0512 5432        ehSched - ok
18:33:13.0590 5432        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:13.0621 5432        elxstor - ok
18:33:13.0699 5432        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:33:13.0731 5432        ErrDev - ok
18:33:13.0777 5432        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:33:13.0824 5432        EventSystem - ok
18:33:13.0855 5432        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:33:13.0902 5432        exfat - ok
18:33:13.0918 5432        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:33:13.0965 5432        fastfat - ok
18:33:14.0043 5432        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:33:14.0089 5432        Fax - ok
18:33:14.0121 5432        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:33:14.0152 5432        fdc - ok
18:33:14.0183 5432        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:33:14.0230 5432        fdPHost - ok
18:33:14.0245 5432        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:33:14.0292 5432        FDResPub - ok
18:33:14.0323 5432        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:33:14.0339 5432        FileInfo - ok
18:33:14.0370 5432        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:33:14.0433 5432        Filetrace - ok
18:33:14.0479 5432        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:14.0526 5432        flpydisk - ok
18:33:14.0776 5432        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:33:14.0791 5432        FltMgr - ok
18:33:15.0292 5432        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:33:15.0370 5432        FontCache - ok
18:33:15.0541 5432        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:33:15.0557 5432        FontCache3.0.0.0 - ok
18:33:15.0682 5432        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:33:15.0697 5432        FsDepends - ok
18:33:15.0760 5432        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:15.0775 5432        Fs_Rec - ok
18:33:15.0931 5432        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:15.0978 5432        fvevol - ok
18:33:16.0025 5432        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:16.0040 5432        gagp30kx - ok
18:33:16.0134 5432        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:33:16.0150 5432        GEARAspiWDM - ok
18:33:16.0229 5432        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:33:16.0307 5432        gpsvc - ok
18:33:16.0619 5432        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:16.0634 5432        gupdate - ok
18:33:16.0728 5432        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:16.0743 5432        gupdatem - ok
18:33:16.0821 5432        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:16.0837 5432        gusvc - ok
18:33:16.0915 5432        HBtnKey        (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys
18:33:16.0931 5432        HBtnKey - ok
18:33:16.0977 5432        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:33:17.0071 5432        hcw85cir - ok
18:33:17.0602 5432        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:33:17.0696 5432        HdAudAddService - ok
18:33:17.0992 5432        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:33:18.0055 5432        HDAudBus - ok
18:33:18.0117 5432        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:18.0226 5432        HidBatt - ok
18:33:18.0258 5432        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:33:18.0336 5432        HidBth - ok
18:33:18.0429 5432        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:33:18.0538 5432        HidIr - ok
18:33:18.0694 5432        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:33:18.0757 5432        hidserv - ok
18:33:19.0069 5432        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:33:19.0100 5432        HidUsb - ok
18:33:19.0194 5432        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:33:19.0272 5432        hkmsvc - ok
18:33:19.0381 5432        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:33:19.0552 5432        HomeGroupListener - ok
18:33:19.0708 5432        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:33:19.0818 5432        HomeGroupProvider - ok
18:33:19.0958 5432        hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:33:19.0974 5432        hpdskflt - ok
18:33:20.0629 5432        hpqcxs08        (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:33:20.0676 5432        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:33:20.0676 5432        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:33:20.0738 5432        hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:33:20.0800 5432        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:33:20.0800 5432        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:33:20.0894 5432        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:33:20.0910 5432        HpSAMD - ok
18:33:21.0019 5432        hpsrv          (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
18:33:21.0019 5432        hpsrv - ok
18:33:21.0222 5432        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:33:21.0284 5432        HTTP - ok
18:33:21.0331 5432        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:33:21.0346 5432        hwpolicy - ok
18:33:21.0409 5432        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:33:21.0471 5432        i8042prt - ok
18:33:21.0690 5432        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:33:21.0721 5432        iaStorV - ok
18:33:22.0111 5432        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:22.0220 5432        idsvc - ok
18:33:23.0828 5432        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:33:24.0155 5432        igfx - ok
18:33:24.0592 5432        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:33:24.0623 5432        iirsp - ok
18:33:25.0279 5432        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:33:25.0403 5432        IKEEXT - ok
18:33:25.0450 5432        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:33:25.0466 5432        intelide - ok
18:33:25.0544 5432        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:33:25.0559 5432        intelppm - ok
18:33:25.0715 5432        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:33:25.0778 5432        IPBusEnum - ok
18:33:25.0856 5432        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:25.0903 5432        IpFilterDriver - ok
18:33:26.0636 5432        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:33:26.0714 5432        iphlpsvc - ok
18:33:26.0854 5432        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:33:26.0901 5432        IPMIDRV - ok
18:33:26.0995 5432        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:33:27.0057 5432        IPNAT - ok
18:33:27.0759 5432        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:33:27.0806 5432        iPod Service - ok
18:33:27.0931 5432        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:33:27.0962 5432        IRENUM - ok
18:33:28.0071 5432        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:33:28.0087 5432        isapnp - ok
18:33:28.0133 5432        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:33:28.0165 5432        iScsiPrt - ok
18:33:28.0227 5432        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:33:28.0243 5432        kbdclass - ok
18:33:28.0274 5432        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:33:28.0289 5432        kbdhid - ok
18:33:28.0399 5432        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:28.0414 5432        KeyIso - ok
18:33:28.0492 5432        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:33:28.0508 5432        KSecDD - ok
18:33:28.0617 5432        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:28.0633 5432        KSecPkg - ok
18:33:28.0773 5432        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:33:28.0835 5432        KtmRm - ok
18:33:28.0991 5432        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:33:29.0038 5432        LanmanServer - ok
18:33:29.0132 5432        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:33:29.0194 5432        LanmanWorkstation - ok
18:33:29.0366 5432        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:29.0428 5432        lltdio - ok
18:33:29.0506 5432        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:33:29.0537 5432        lltdsvc - ok
18:33:29.0584 5432        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:33:29.0725 5432        lmhosts - ok
18:33:29.0771 5432        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:29.0803 5432        LSI_FC - ok
18:33:29.0818 5432        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:29.0834 5432        LSI_SAS - ok
18:33:29.0865 5432        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:29.0881 5432        LSI_SAS2 - ok
18:33:29.0896 5432        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:29.0912 5432        LSI_SCSI - ok
18:33:29.0927 5432        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:33:29.0974 5432        luafv - ok
18:33:30.0785 5432        lvpopflt        (b0456b8a332135c1216ff2374b584161) C:\Windows\system32\DRIVERS\lvpopflt.sys
18:33:30.0926 5432        lvpopflt - ok
18:33:31.0300 5432        LVUSBSta        (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys
18:33:31.0300 5432        LVUSBSta - ok
18:33:32.0362 5432        LVUVC          (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys
18:33:32.0677 5432        LVUVC - ok
18:33:32.0989 5432        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:33:33.0005 5432        MBAMProtector - ok
18:33:33.0551 5432        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:33:33.0566 5432        MBAMService - ok
18:33:33.0738 5432        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:33:33.0769 5432        Mcx2Svc - ok
18:33:33.0800 5432        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:33:33.0816 5432        megasas - ok
18:33:33.0972 5432        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:33.0987 5432        MegaSR - ok
18:33:34.0159 5432        Microsoft SharePoint Workspace Audit Service - ok
18:33:34.0221 5432        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:33:34.0268 5432        MMCSS - ok
18:33:34.0299 5432        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:33:34.0362 5432        Modem - ok
18:33:34.0424 5432        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:33:34.0455 5432        monitor - ok
18:33:34.0611 5432        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:33:34.0627 5432        mouclass - ok
18:33:34.0752 5432        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:34.0814 5432        mouhid - ok
18:33:34.0923 5432        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:33:34.0955 5432        mountmgr - ok
18:33:35.0001 5432        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:33:35.0017 5432        mpio - ok
18:33:35.0064 5432        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:33:35.0111 5432        mpsdrv - ok
18:33:35.0423 5432        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:33:35.0485 5432        MpsSvc - ok
18:33:35.0625 5432        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:33:35.0703 5432        MRxDAV - ok
18:33:35.0922 5432        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:35.0984 5432        mrxsmb - ok
18:33:36.0156 5432        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:36.0203 5432        mrxsmb10 - ok
18:33:36.0296 5432        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:36.0343 5432        mrxsmb20 - ok
18:33:36.0452 5432        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:33:36.0468 5432        msahci - ok
18:33:36.0593 5432        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:33:36.0608 5432        msdsm - ok
18:33:36.0655 5432        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:33:36.0702 5432        MSDTC - ok
18:33:36.0858 5432        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:33:36.0889 5432        Msfs - ok
18:33:36.0951 5432        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:37.0014 5432        mshidkmdf - ok
18:33:37.0107 5432        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:33:37.0123 5432        msisadrv - ok
18:33:37.0185 5432        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:33:37.0248 5432        MSiSCSI - ok
18:33:37.0248 5432        msiserver - ok
18:33:37.0341 5432        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:37.0388 5432        MSKSSRV - ok
18:33:37.0435 5432        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:37.0591 5432        MSPCLOCK - ok
18:33:37.0669 5432        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:33:37.0747 5432        MSPQM - ok
18:33:37.0841 5432        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:33:37.0856 5432        MsRPC - ok
18:33:37.0934 5432        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:33:37.0950 5432        mssmbios - ok
18:33:37.0997 5432        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:33:38.0028 5432        MSTEE - ok
18:33:38.0059 5432        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:38.0090 5432        MTConfig - ok
18:33:38.0231 5432        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:33:38.0246 5432        Mup - ok
18:33:38.0714 5432        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:33:38.0792 5432        napagent - ok
18:33:38.0917 5432        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:38.0979 5432        NativeWifiP - ok
18:33:39.0276 5432        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:33:39.0338 5432        NDIS - ok
18:33:39.0369 5432        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:39.0557 5432        NdisCap - ok
18:33:39.0603 5432        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:39.0791 5432        NdisTapi - ok
18:33:39.0853 5432        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:39.0947 5432        Ndisuio - ok
18:33:40.0103 5432        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:40.0149 5432        NdisWan - ok
18:33:40.0259 5432        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:33:40.0305 5432        NDProxy - ok
18:33:40.0415 5432        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
18:33:40.0477 5432        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:33:40.0477 5432        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:33:40.0649 5432        Netaapl        (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
18:33:40.0695 5432        Netaapl - ok
18:33:40.0758 5432        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:33:40.0914 5432        NetBIOS - ok
18:33:41.0007 5432        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:33:41.0085 5432        NetBT - ok
18:33:41.0132 5432        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:41.0163 5432        Netlogon - ok
18:33:41.0210 5432        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:33:41.0382 5432        Netman - ok
18:33:41.0475 5432        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:33:41.0538 5432        netprofm - ok
18:33:42.0302 5432        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:42.0318 5432        NetTcpPortSharing - ok
18:33:43.0457 5432        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
18:33:43.0753 5432        netw5v32 - ok
18:33:43.0878 5432        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:43.0893 5432        nfrd960 - ok
18:33:43.0971 5432        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:33:44.0159 5432        NlaSvc - ok
18:33:44.0221 5432        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:33:44.0393 5432        Npfs - ok
18:33:44.0486 5432        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:33:44.0517 5432        nsi - ok
18:33:44.0549 5432        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:33:44.0596 5432        nsiproxy - ok
18:33:44.0830 5432        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:33:44.0908 5432        Ntfs - ok
18:33:44.0924 5432        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:33:45.0033 5432        Null - ok
18:33:45.0127 5432        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:33:45.0142 5432        nvraid - ok
18:33:45.0189 5432        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:33:45.0205 5432        nvstor - ok
18:33:45.0314 5432        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:33:45.0345 5432        nv_agp - ok
18:33:45.0454 5432        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:33:45.0704 5432        ohci1394 - ok
18:33:45.0782 5432        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:45.0798 5432        ose - ok
18:33:46.0780 5432        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:47.0061 5432        osppsvc - ok
18:33:47.0467 5432        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:33:47.0607 5432        p2pimsvc - ok
18:33:47.0935 5432        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:33:47.0997 5432        p2psvc - ok
18:33:48.0075 5432        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:33:48.0106 5432        Parport - ok
18:33:48.0200 5432        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:33:48.0216 5432        partmgr - ok
18:33:48.0231 5432        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:33:48.0325 5432        Parvdm - ok
18:33:48.0356 5432        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:33:48.0387 5432        PcaSvc - ok
18:33:48.0465 5432        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:33:48.0496 5432        pci - ok
18:33:48.0574 5432        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:33:48.0606 5432        pciide - ok
18:33:48.0746 5432        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:48.0762 5432        pcmcia - ok
18:33:48.0777 5432        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:33:48.0793 5432        pcw - ok
18:33:48.0918 5432        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:33:48.0980 5432        PEAUTH - ok
18:33:49.0261 5432        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:33:49.0323 5432        PeerDistSvc - ok
18:33:49.0651 5432        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:33:49.0900 5432        pla - ok
18:33:50.0166 5432        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:33:50.0275 5432        PlugPlay - ok
18:33:50.0322 5432        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
18:33:50.0384 5432        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:33:50.0384 5432        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:33:50.0446 5432        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:33:50.0509 5432        PNRPAutoReg - ok
18:33:50.0680 5432        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:33:50.0712 5432        PNRPsvc - ok
18:33:50.0883 5432        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:33:50.0977 5432        PolicyAgent - ok
18:33:51.0055 5432        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:33:51.0086 5432        Power - ok
18:33:51.0180 5432        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:51.0242 5432        PptpMiniport - ok
18:33:51.0273 5432        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:33:51.0304 5432        Processor - ok
18:33:51.0398 5432        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:33:51.0429 5432        ProfSvc - ok
18:33:51.0492 5432        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:51.0538 5432        ProtectedStorage - ok
18:33:51.0585 5432        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:33:51.0710 5432        Psched - ok
18:33:51.0819 5432        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:33:51.0897 5432        ql2300 - ok
18:33:52.0038 5432        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:52.0069 5432        ql40xx - ok
18:33:52.0100 5432        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:33:52.0147 5432        QWAVE - ok
18:33:52.0147 5432        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:33:52.0178 5432        QWAVEdrv - ok
18:33:52.0194 5432        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:52.0240 5432        RasAcd - ok
18:33:52.0303 5432        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:52.0350 5432        RasAgileVpn - ok
18:33:52.0381 5432        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:33:52.0412 5432        RasAuto - ok
18:33:52.0428 5432        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:52.0474 5432        Rasl2tp - ok
18:33:52.0552 5432        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:33:52.0693 5432        RasMan - ok
18:33:52.0724 5432        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:52.0755 5432        RasPppoe - ok
18:33:52.0786 5432        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:52.0833 5432        RasSstp - ok
18:33:52.0927 5432        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:53.0005 5432        rdbss - ok
18:33:53.0020 5432        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:53.0036 5432        rdpbus - ok
18:33:53.0083 5432        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:53.0130 5432        RDPCDD - ok
18:33:53.0176 5432        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:33:53.0239 5432        RDPDR - ok
18:33:53.0270 5432        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:33:53.0317 5432        RDPENCDD - ok
18:33:53.0332 5432        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:33:53.0379 5432        RDPREFMP - ok
18:33:53.0442 5432        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:33:53.0473 5432        RDPWD - ok
18:33:53.0535 5432        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:33:53.0551 5432        rdyboost - ok
18:33:53.0691 5432        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:33:53.0738 5432        RemoteAccess - ok
18:33:53.0785 5432        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:33:53.0832 5432        RemoteRegistry - ok
18:33:53.0863 5432        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:53.0894 5432        RFCOMM - ok
18:33:53.0910 5432        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:33:53.0972 5432        RpcEptMapper - ok
18:33:54.0003 5432        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:33:54.0034 5432        RpcLocator - ok
18:33:54.0112 5432        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:33:54.0144 5432        RpcSs - ok
18:33:54.0175 5432        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:54.0206 5432        rspndr - ok
18:33:54.0253 5432        s217bus        (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
18:33:54.0268 5432        s217bus - ok
18:33:54.0300 5432        s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
18:33:54.0315 5432        s217mdfl - ok
18:33:54.0315 5432        s217mdm        (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
18:33:54.0331 5432        s217mdm - ok
18:33:54.0378 5432        s217nd5        (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
18:33:54.0378 5432        s217nd5 - ok
18:33:54.0424 5432        s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
18:33:54.0440 5432        s217obex - ok
18:33:54.0456 5432        s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
18:33:54.0471 5432        s217unic - ok
18:33:54.0534 5432        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:33:54.0580 5432        s3cap - ok
18:33:54.0674 5432        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:54.0690 5432        SamSs - ok
18:33:54.0736 5432        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:33:54.0752 5432        sbp2port - ok
18:33:54.0783 5432        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:33:54.0830 5432        SCardSvr - ok
18:33:54.0877 5432        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:54.0908 5432        scfilter - ok
18:33:54.0986 5432        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:33:55.0080 5432        Schedule - ok
18:33:55.0126 5432        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:33:55.0220 5432        SCPolicySvc - ok
18:33:55.0282 5432        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:33:55.0392 5432        SDRSVC - ok
18:33:55.0438 5432        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:33:55.0485 5432        secdrv - ok
18:33:55.0532 5432        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:33:55.0610 5432        seclogon - ok
18:33:55.0688 5432        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:33:55.0797 5432        SENS - ok
18:33:55.0844 5432        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:33:55.0938 5432        SensrSvc - ok
18:33:56.0062 5432        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:33:56.0109 5432        Serenum - ok
18:33:56.0125 5432        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:33:56.0156 5432        Serial - ok
18:33:56.0203 5432        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:33:56.0234 5432        sermouse - ok
18:33:56.0499 5432        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:33:56.0562 5432        SessionEnv - ok
18:33:56.0733 5432        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:33:56.0764 5432        sffdisk - ok
18:33:56.0780 5432        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:33:56.0811 5432        sffp_mmc - ok
18:33:56.0827 5432        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:33:56.0842 5432        sffp_sd - ok
18:33:56.0920 5432        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:56.0952 5432        sfloppy - ok
18:33:56.0998 5432        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:33:57.0061 5432        SharedAccess - ok
18:33:57.0217 5432        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:33:57.0264 5432        ShellHWDetection - ok
18:33:57.0388 5432        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:33:57.0404 5432        sisagp - ok
18:33:57.0435 5432        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:57.0466 5432        SiSRaid2 - ok
18:33:57.0482 5432        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:57.0498 5432        SiSRaid4 - ok
18:33:57.0529 5432        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:33:57.0560 5432        Smb - ok
18:33:57.0732 5432        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:33:57.0794 5432        SNMPTRAP - ok
18:33:57.0825 5432        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:33:57.0841 5432        spldr - ok
18:33:57.0919 5432        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:33:58.0012 5432        Spooler - ok
18:33:58.0543 5432        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:33:58.0683 5432        sppsvc - ok
18:33:58.0917 5432        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:33:59.0073 5432        sppuinotify - ok
18:33:59.0323 5432        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:33:59.0416 5432        srv - ok
18:33:59.0494 5432        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:33:59.0572 5432        srv2 - ok
18:33:59.0744 5432        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:33:59.0806 5432        srvnet - ok
18:33:59.0838 5432        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:33:59.0884 5432        SSDPSRV - ok
18:33:59.0962 5432        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:33:59.0978 5432        ssmdrv - ok
18:33:59.0994 5432        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:34:00.0072 5432        SstpSvc - ok
18:34:00.0150 5432        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:00.0181 5432        stexstor - ok
18:34:00.0196 5432        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
18:34:00.0243 5432        StillCam - ok
18:34:00.0415 5432        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:34:00.0462 5432        StiSvc - ok
18:34:00.0555 5432        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:34:00.0571 5432        storflt - ok
18:34:00.0696 5432        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
18:34:00.0742 5432        StorSvc - ok
18:34:00.0789 5432        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:34:00.0805 5432        storvsc - ok
18:34:00.0883 5432        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:34:00.0898 5432        swenum - ok
18:34:01.0008 5432        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:34:01.0054 5432        swprv - ok
18:34:01.0257 5432        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:34:01.0382 5432        SysMain - ok
18:34:01.0600 5432        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:34:01.0663 5432        TabletInputService - ok
18:34:01.0881 5432        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:34:01.0912 5432        TapiSrv - ok
18:34:02.0162 5432        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:34:02.0209 5432        TBS - ok
18:34:02.0911 5432        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:34:03.0004 5432        Tcpip - ok
18:34:03.0067 5432        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:03.0114 5432        TCPIP6 - ok
18:34:03.0238 5432        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:34:03.0285 5432        tcpipreg - ok
18:34:03.0379 5432        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:34:03.0426 5432        TDPIPE - ok
18:34:03.0504 5432        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:34:03.0550 5432        TDTCP - ok
18:34:03.0706 5432        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:34:03.0847 5432        tdx - ok
18:34:03.0940 5432        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:34:03.0956 5432        TermDD - ok
18:34:04.0206 5432        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:34:04.0315 5432        TermService - ok
18:34:04.0486 5432        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:34:04.0502 5432        Themes - ok
18:34:04.0580 5432        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:34:04.0611 5432        THREADORDER - ok
18:34:04.0736 5432        TPM            (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
18:34:04.0783 5432        TPM - ok
18:34:04.0892 5432        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:34:04.0970 5432        TrkWks - ok
18:34:05.0142 5432        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:34:05.0188 5432        TrustedInstaller - ok
18:34:05.0344 5432        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:05.0376 5432        tssecsrv - ok
18:34:05.0485 5432        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:34:05.0547 5432        TsUsbFlt - ok
18:34:05.0688 5432        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:05.0734 5432        tunnel - ok
18:34:05.0766 5432        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:05.0781 5432        uagp35 - ok
18:34:05.0890 5432        ucwncwif - ok
18:34:06.0062 5432        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:34:06.0124 5432        udfs - ok
18:34:06.0140 5432        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:34:06.0187 5432        UI0Detect - ok
18:34:06.0390 5432        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:34:06.0405 5432        uliagpkx - ok
18:34:06.0577 5432        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:34:06.0608 5432        umbus - ok
18:34:06.0670 5432        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:34:06.0702 5432        UmPass - ok
18:34:06.0858 5432        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:34:06.0873 5432        UmRdpService - ok
18:34:07.0060 5432        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:34:07.0123 5432        upnphost - ok
18:34:07.0248 5432        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:34:07.0294 5432        USBAAPL - ok
18:34:07.0388 5432        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
18:34:07.0435 5432        usbaudio - ok
18:34:07.0840 5432        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
18:34:07.0856 5432        usbccgp - ok
18:34:07.0996 5432        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:34:08.0043 5432        usbcir - ok
18:34:08.0059 5432        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:08.0074 5432        usbehci - ok
18:34:08.0106 5432        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:08.0137 5432        usbhub - ok
18:34:08.0230 5432        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:34:08.0277 5432        usbohci - ok
18:34:08.0355 5432        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:08.0402 5432        usbprint - ok
18:34:08.0511 5432        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:08.0542 5432        USBSTOR - ok
18:34:08.0558 5432        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:08.0574 5432        usbuhci - ok
18:34:08.0698 5432        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:34:08.0745 5432        UxSms - ok
18:34:08.0808 5432        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:34:08.0839 5432        VaultSvc - ok
18:34:08.0932 5432        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:34:08.0948 5432        vdrvroot - ok
18:34:09.0244 5432        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:34:09.0307 5432        vds - ok
18:34:09.0369 5432        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:09.0400 5432        vga - ok
18:34:09.0510 5432        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:34:09.0541 5432        VgaSave - ok
18:34:09.0681 5432        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:34:09.0697 5432        vhdmp - ok
18:34:09.0744 5432        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:34:09.0759 5432        viaagp - ok
18:34:09.0790 5432        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:34:09.0915 5432        ViaC7 - ok
18:34:10.0009 5432        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:34:10.0040 5432        viaide - ok
18:34:10.0149 5432        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:34:10.0165 5432        vmbus - ok
18:34:10.0305 5432        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:34:10.0352 5432        VMBusHID - ok
18:34:10.0368 5432        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:34:10.0383 5432        volmgr - ok
18:34:10.0461 5432        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:34:10.0492 5432        volmgrx - ok
18:34:10.0680 5432        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:34:10.0695 5432        volsnap - ok
18:34:10.0726 5432        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:10.0742 5432        vsmraid - ok
18:34:11.0023 5432        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:34:11.0288 5432        VSS - ok
18:34:11.0319 5432        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:34:11.0444 5432        vwifibus - ok
18:34:11.0616 5432        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:34:11.0787 5432        W32Time - ok
18:34:11.0896 5432        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:11.0943 5432        WacomPen - ok
18:34:12.0052 5432        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:12.0084 5432        WANARP - ok
18:34:12.0084 5432        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:12.0115 5432        Wanarpv6 - ok
18:34:12.0723 5432        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:34:12.0832 5432        WatAdminSvc - ok
18:34:13.0020 5432        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:34:13.0176 5432        wbengine - ok
18:34:13.0207 5432        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:34:13.0254 5432        WbioSrvc - ok
18:34:13.0410 5432        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:34:13.0503 5432        wcncsvc - ok
18:34:13.0550 5432        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:34:13.0612 5432        WcsPlugInService - ok
18:34:13.0659 5432        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:34:13.0675 5432        Wd - ok
18:34:13.0924 5432        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:34:13.0956 5432        Wdf01000 - ok
18:34:14.0049 5432        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:34:14.0158 5432        WdiServiceHost - ok
18:34:14.0158 5432        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:34:14.0190 5432        WdiSystemHost - ok
18:34:14.0314 5432        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:34:14.0361 5432        WebClient - ok
18:34:14.0408 5432        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:34:14.0455 5432        Wecsvc - ok
18:34:14.0470 5432        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:34:14.0533 5432        wercplsupport - ok
18:34:14.0611 5432        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:34:14.0642 5432        WerSvc - ok
18:34:14.0767 5432        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:14.0798 5432        WfpLwf - ok
18:34:14.0829 5432        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:34:14.0845 5432        WIMMount - ok
18:34:15.0204 5432        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:34:15.0250 5432        WinDefend - ok
18:34:15.0250 5432        WinHttpAutoProxySvc - ok
18:34:15.0453 5432        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:34:15.0547 5432        Winmgmt - ok
18:34:15.0812 5432        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:34:15.0906 5432        WinRM - ok
18:34:16.0062 5432        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:16.0124 5432        WinUsb - ok
18:34:16.0327 5432        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:34:16.0374 5432        Wlansvc - ok
18:34:16.0405 5432        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:34:16.0420 5432        WmiAcpi - ok
18:34:16.0764 5432        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:16.0810 5432        wmiApSrv - ok
18:34:17.0434 5432        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:34:17.0512 5432        WMPNetworkSvc - ok
18:34:17.0544 5432        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:34:17.0606 5432        WPCSvc - ok
18:34:17.0653 5432        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:34:17.0700 5432        WPDBusEnum - ok
18:34:17.0746 5432        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:17.0840 5432        ws2ifsl - ok
18:34:17.0856 5432        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:34:17.0887 5432        wscsvc - ok
18:34:17.0980 5432        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:34:18.0012 5432        WSDPrintDevice - ok
18:34:18.0027 5432        WSearch - ok
18:34:18.0714 5432        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:34:18.0854 5432        wuauserv - ok
18:34:19.0353 5432        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:34:19.0384 5432        WudfPf - ok
18:34:19.0478 5432        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:19.0509 5432        WUDFRd - ok
18:34:19.0618 5432        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:34:19.0650 5432        wudfsvc - ok
18:34:20.0055 5432        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:34:20.0227 5432        WwanSvc - ok
18:34:20.0320 5432        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:34:21.0256 5432        \Device\Harddisk0\DR0 - ok
18:34:21.0272 5432        Boot (0x1200)  (ce491615b4c7214f08fef38a76ec1503) \Device\Harddisk0\DR0\Partition0
18:34:21.0334 5432        \Device\Harddisk0\DR0\Partition0 - ok
18:34:21.0366 5432        Boot (0x1200)  (ca8b0dfded686013ffbae896772428a1) \Device\Harddisk0\DR0\Partition1
18:34:21.0444 5432        \Device\Harddisk0\DR0\Partition1 - ok
18:34:21.0444 5432        ============================================================
18:34:21.0444 5432        Scan finished
18:34:21.0444 5432        ============================================================
18:34:21.0459 5424        Detected object count: 4
18:34:21.0459 5424        Actual detected object count: 4
18:34:27.0231 5424        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0231 5424        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 30.05.2012 20:50
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

spigi01 31.05.2012 08:08
Code:
ComboFix 12-05-30.04 - Mark Bachmann 31.05.2012  8:38.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.2039.1135 [GMT 2:00]
ausgeführt von:: c:\users\Mark Bachmann\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark Bachmann\Desktop\Internet Security.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-31 06:46 . 2012-05-31 06:47        --------        d-----w-        c:\users\Mark Bachmann\AppData\Local\temp
2012-05-31 06:46 . 2012-05-31 06:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-31 06:21 . 2012-05-31 06:21        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\offreg.dll
2012-05-30 16:26 . 2012-05-30 16:26        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-05-30 09:36 . 2012-05-30 09:36        --------        d-----w-        C:\_OTL
2012-05-29 10:39 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\mpengine.dll
2012-05-27 08:08 . 2012-05-27 08:08        --------        d-----w-        c:\users\Mark Bachmann\AppData\Roaming\Avira
2012-05-27 08:02 . 2012-05-27 08:02        --------        d-----w-        c:\users\Default\AppData\Local\AskToolbar
2012-05-27 08:01 . 2012-05-30 09:36        --------        d-----w-        c:\program files\Ask.com
2012-05-27 08:01 . 2012-05-27 08:01        --------        d-----w-        c:\users\Mark Bachmann\AppData\Local\APN
2012-05-27 08:00 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-27 08:00 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-27 08:00 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-27 07:59 . 2012-05-27 08:02        --------        d-----w-        c:\programdata\Avira
2012-05-27 07:59 . 2012-05-27 07:59        --------        d-----w-        c:\program files\Avira
2012-05-26 09:22 . 2012-05-26 09:35        --------        d-----w-        c:\program files\ShowMyPCService
2012-05-24 08:55 . 2012-05-24 08:55        --------        d-----w-        c:\program files\ESET
2012-05-23 14:14 . 2012-05-23 14:14        --------        d-----w-        c:\users\Mark Bachmann\AppData\Roaming\Malwarebytes
2012-05-23 14:14 . 2012-05-24 08:39        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-23 14:14 . 2012-05-23 14:14        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-23 14:14 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-11 09:34 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-11 09:33 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 09:33 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:33 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 09:33 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 09:32 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-11 09:32 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-11 09:32 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 09:31 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-11 09:31 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 13:18 . 2012-05-02 13:18        --------        d-----w-        c:\program files\iPod
2012-05-02 13:18 . 2012-05-02 13:19        --------        d-----w-        c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 12:07 . 2011-05-14 12:07        399736        ----a-w-        c:\program files\uTorrent.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 2453504]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CrewLink Offline HUB.appref-ms [2012-1-12 354]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ucwncwif;ucwncwif;c:\windows\system32\drivers\ucwncwif.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1343400]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 21532078
*Deregistered* - 21532078
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unhooked.ch/2008/spotguide/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Z0 - Music Converter - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-31  08:50:09
ComboFix-quarantined-files.txt  2012-05-31 06:50
.
Vor Suchlauf: 11 Verzeichnis(se), 16'805'007'360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 16'710'451'200 Bytes frei
.
- - End Of File - - 2CE1DFC6FFBF4A64DBBEDFC44541AB63

cosinus 31.05.2012 10:12
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Folder::
c:\users\Default\AppData\Local\AskToolbar
c:\program files\Ask.com

File::
c:\windows\system32\drivers\ucwncwif.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-

Driver::
ucwncwif
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

spigi01 31.05.2012 11:50
Code:
ComboFix 12-05-31.01 - Mark Bachmann 31.05.2012  12:24:56.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.2039.1297 [GMT 2:00]
ausgeführt von:: c:\users\Mark Bachmann\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Mark Bachmann\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ucwncwif.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\AviraBrowserSecurity.exe
c:\program files\Ask.com\cb_161f.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_de4.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\UpdateTask.exe
c:\users\Default\AppData\Local\AskToolbar
c:\users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll
c:\users\Default\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ucwncwif
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-31 10:33 . 2012-05-31 10:44        --------        d-----w-        c:\users\Mark Bachmann\AppData\Local\temp
2012-05-31 10:33 . 2012-05-31 10:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-31 09:26 . 2012-05-31 09:26        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\offreg.dll
2012-05-30 16:26 . 2012-05-30 16:26        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-05-30 09:36 . 2012-05-30 09:36        --------        d-----w-        C:\_OTL
2012-05-29 10:39 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\mpengine.dll
2012-05-27 08:08 . 2012-05-27 08:08        --------        d-----w-        c:\users\Mark Bachmann\AppData\Roaming\Avira
2012-05-27 08:01 . 2012-05-27 08:01        --------        d-----w-        c:\users\Mark Bachmann\AppData\Local\APN
2012-05-27 08:00 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-27 08:00 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-27 08:00 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-27 07:59 . 2012-05-27 08:02        --------        d-----w-        c:\programdata\Avira
2012-05-27 07:59 . 2012-05-27 07:59        --------        d-----w-        c:\program files\Avira
2012-05-26 09:22 . 2012-05-26 09:35        --------        d-----w-        c:\program files\ShowMyPCService
2012-05-24 08:55 . 2012-05-24 08:55        --------        d-----w-        c:\program files\ESET
2012-05-23 14:14 . 2012-05-23 14:14        --------        d-----w-        c:\users\Mark Bachmann\AppData\Roaming\Malwarebytes
2012-05-23 14:14 . 2012-05-24 08:39        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-23 14:14 . 2012-05-23 14:14        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-23 14:14 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-11 09:34 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-11 09:33 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 09:33 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:33 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 09:33 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 09:32 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-11 09:32 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-11 09:32 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 09:31 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-11 09:31 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 13:18 . 2012-05-02 13:18        --------        d-----w-        c:\program files\iPod
2012-05-02 13:18 . 2012-05-02 13:19        --------        d-----w-        c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 12:07 . 2011-05-14 12:07        399736        ----a-w-        c:\program files\uTorrent.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 2453504]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CrewLink Offline HUB.appref-ms [2012-1-12 354]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1343400]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unhooked.ch/2008/spotguide/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-31  12:48:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-31 10:48
ComboFix2.txt  2012-05-31 06:50
.
Vor Suchlauf: 13 Verzeichnis(se), 15'458'189'312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15'271'825'408 Bytes frei
.
- - End Of File - - 0C4B6A07282A407288214D4BB0F2732D

cosinus 31.05.2012 13:10
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

spigi01 31.05.2012 15:24
Hallo Arne

GMER hat nicht geklappt. Bei aswMBR musste ich (none) eingeben, dann hats aber funktioniert.
Hier die Logs von OSAM und aswMBR:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:04:47 on 31.05.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"pwkcikob" (pwkcikob) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\pwkcikob.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{48580E34-E37A-454A-8EC4-FC7598B01D77} "IfolorUploader Control" - "Ifolor AG" - C:\Windows\DOWNLO~1\IFOLOR~1.OCX / hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"CrewLink Offline HUB.appref-ms" - ? - C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrewLink Offline HUB.appref-ms
"desktop.ini" - ? - C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"HP Color LaserJet CM1312 MFP Series Fax" - "Hewlett-Packard Company" - C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 16:12:34
-----------------------------
16:12:34.416    OS Version: Windows 6.1.7601 Service Pack 1
16:12:34.416    Number of processors: 2 586 0xF0D
16:12:34.416    ComputerName: MARKBACHMANN-PC  UserName: Mark Bachmann
16:12:35.539    Initialize success
16:12:40.624    AVAST engine defs: 12053100
16:12:49.033    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
16:12:49.033    Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7BP Size: 114473MB BusType: 11
16:12:49.048    Disk 0 MBR read successfully
16:12:49.048    Disk 0 MBR scan
16:12:49.064    Disk 0 Windows 7 default MBR code
16:12:49.080    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:12:49.095    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      114371 MB offset 206848
16:12:49.111    Disk 0 scanning sectors +234438656
16:12:49.189    Disk 0 scanning C:\Windows\system32\drivers
16:13:05.023    Service scanning
16:13:43.165    Modules scanning
16:13:57.891    Disk 0 trace - called modules:
16:13:57.923    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
16:13:57.923    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e91030]
16:13:57.938    3 CLASSPNP.SYS[8900459e] -> nt!IofCallDriver -> [0x85e90558]
16:13:57.938    5 hpdskflt.sys[891d1f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85dab030]
16:13:57.938    Scan finished successfully
16:20:41.417    Disk 0 MBR has been saved successfully to "C:\Users\Mark Bachmann\Desktop\MBR.dat"
16:20:41.417    The log file has been saved successfully to "C:\Users\Mark Bachmann\Desktop\aswMBR.txt"
Hoffe, das ist gut so.

Zwischendurch mal wieder vielen hezlichen Dank für deine Bemühungen

Mark

cosinus 31.05.2012 15:28
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

spigi01 31.05.2012 17:21
Als erstes das malwarebytes Log, ich habe die 4 threads entfernen lassen.

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark Bachmann :: MARKBACHMANN-PC [Administrator]

Schutz: Deaktiviert

31.05.2012 16:30:04
mbam-log-2012-05-31 (16-30-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418435
Laufzeit: 1 Stunde(n), 35 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\TDSSKiller_Quarantine\30.05.2012_18.23.56\tdlfs0000\tsk0007.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\30.05.2012_18.23.56\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mark Bachmann\AppData\Local\temp\is1590112554\IWantThis_SRC_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mark Bachmann\Downloads\DownloadManagerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 31.05.2012 18:49
Nur 2x harmlose Adware und 2x TDSS-Überreste, eigentlich Backups, denn die liegen inaktiv in der Q :)

spigi01 31.05.2012 20:25
Hier das Log vom SuperAntiSpyware Scan:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/31/2012 at 09:20 PM

Application Version : 5.0.1150

Core Rules Database Version : 8662
Trace Rules Database Version: 6474

Scan type      : Complete Scan
Total Scan Time : 02:46:23

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 795
Memory threats detected  : 0
Registry items scanned    : 34069
Registry threats detected : 0
File items scanned        : 261444
File threats detected    : 53

Adware.Tracking Cookie
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\KHOZA199.txt [ /www.googleadservices.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\O2PH2LPC.txt [ /doubleclick.net ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\Q3GT7220.txt [ /ad.zanox.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\AMENWUXF.txt [ /serving-sys.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\IZHWRXS5.txt [ /mediaplex.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\B7LRHD16.txt [ /www.googleadservices.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\01PQ1DM4.txt [ /adserver.adtechus.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\A7FF3QVI.txt [ /2o7.net ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\RD7381X0.txt [ /apmebf.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\15LTGR52.txt [ /eas.apm.emediate.eu ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\Z6F2N1LM.txt [ /zanox.com ]
        C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Cookies\LJN1BFWC.txt [ /ad.yieldmanager.com ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GXGQ4V0.txt [ Cookie:mark bachmann@in.getclicky.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ITY7BQ4W.txt [ Cookie:mark bachmann@fastclick.net/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FB155WB3.txt [ Cookie:mark bachmann@questionmarket.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWDMA5YW.txt [ Cookie:mark bachmann@adfarm1.adition.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7N74WS6H.txt [ Cookie:mark bachmann@mrd.motorpresse-statistik.de/track/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K4H2KWRP.txt [ Cookie:mark bachmann@adtech.de/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W0PSD00H.txt [ Cookie:mark bachmann@ru4.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUBQYD7F.txt [ Cookie:mark bachmann@doubleclick.net/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTRHDND0.txt [ Cookie:mark bachmann@serving-sys.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD387BZI.txt [ Cookie:mark bachmann@tribalfusion.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTCOQO5M.txt [ Cookie:mark bachmann@media6degrees.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HN5G1ZCT.txt [ Cookie:mark bachmann@ad2.adfarm1.adition.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0FQSBYU.txt [ Cookie:mark bachmann@webmasterplan.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OR3PQ98G.txt [ Cookie:mark bachmann@worldsexguide.com/forum/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1CTZCA7.txt [ Cookie:mark bachmann@counters.gigya.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PN6QXW95.txt [ Cookie:mark bachmann@windfinder.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL70YPVP.txt [ Cookie:mark bachmann@imrworldwide.com/cgi-bin ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZOF5J5A.txt [ Cookie:mark bachmann@adform.net/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5A3YYBJ8.txt [ Cookie:mark bachmann@bs.serving-sys.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9JGNPAT.txt [ Cookie:mark bachmann@invitemedia.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJRV2PEN.txt [ Cookie:mark bachmann@adbrite.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQBILING.txt [ Cookie:mark bachmann@atdmt.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNM3UCHJ.txt [ Cookie:mark bachmann@www.googleadservices.com/pagead/conversion/974711456/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S874O9TG.txt [ Cookie:mark bachmann@statse.webtrendslive.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4C6V2D8.txt [ Cookie:mark bachmann@casalemedia.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\42SZZ0PB.txt [ Cookie:mark bachmann@apmebf.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TD84NB74.txt [ Cookie:mark bachmann@www.windfinder.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HA5WKA5V.txt [ Cookie:mark bachmann@freesex.escortloungeportugal.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4NRII04.txt [ Cookie:mark bachmann@mm.chitika.net/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9A8Q7GF.txt [ Cookie:mark bachmann@www.googleadservices.com/pagead/conversion/993626095/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXGT77ZF.txt [ Cookie:mark bachmann@ad.yieldmanager.com/ ]
        C:\USERS\MARK BACHMANN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JOHIU0N5.txt [ Cookie:mark bachmann@collective-media.net/ ]
        C:\USERS\MARK BACHMANN\Cookies\O2PH2LPC.txt [ Cookie:mark bachmann@doubleclick.net/ ]
        C:\USERS\MARK BACHMANN\Cookies\AMENWUXF.txt [ Cookie:mark bachmann@serving-sys.com/ ]
        C:\USERS\MARK BACHMANN\Cookies\IZHWRXS5.txt [ Cookie:mark bachmann@mediaplex.com/ ]
        C:\USERS\MARK BACHMANN\Cookies\B7LRHD16.txt [ Cookie:mark bachmann@www.googleadservices.com/pagead/conversion/1010320659/ ]
        C:\USERS\MARK BACHMANN\Cookies\01PQ1DM4.txt [ Cookie:mark bachmann@adserver.adtechus.com/ ]
        C:\USERS\MARK BACHMANN\Cookies\RD7381X0.txt [ Cookie:mark bachmann@apmebf.com/ ]
        C:\USERS\MARK BACHMANN\Cookies\15LTGR52.txt [ Cookie:mark bachmann@eas.apm.emediate.eu/ ]
        C:\USERS\MARK BACHMANN\Cookies\LJN1BFWC.txt [ Cookie:mark bachmann@ad.yieldmanager.com/ ]

Rootkit.Agent/Gen-NuTrx
        C:\TDSSKILLER_QUARANTINE\30.05.2012_18.23.56\TDLFS0000\TSK0009.DTA

cosinus 31.05.2012 20:54
Sieht ok aus, da wurden nur Cookies gefunden. Und noch ein TDSS-Killer-Q-Objekt.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

spigi01 31.05.2012 21:24
Soll ich die threats die mir der SAWS anzeigt jetzt noch removen?
Was soll ich mit all den Programmen machen, die ich mir in der Zwischenzeit gedownloaded habe; deinstallieren?

Ansonsten vielen herzlichen Dank für die Unterstützung. Werde mir MVPS Host files mal anschauen.

:dankeschoen: Mark

cosinus 01.06.2012 11:43
Da du nun weißt was Cookies sind, kannst du nun selbst entscheiden ob du die haben willst oder nicht :pfeiff:

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19