Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil (https://www.trojaner-board.de/129531-virusverdacht-pc-insbes-firefox-flashplayer-sehr-langsam-z-t-instabil.html)

symph2 14.01.2013 14:31

Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil
 
Hallo erstmal, Trojanerforum,

mein Computer ist in seit einiger Zeit ziemlich langsam.
Ich hatte bisher keine Zeit, das Problem gründlich anzugehen.

Das betrifft vor allem Firefox und hier insbesondere den Flash Player.
Beide sind ziemlich langsam und reagieren manchmal
kurzfristig nicht.

Der Flash-player stürzt regelmäßig mitten beim abspielen
vom Filmen im Browser ab und es kommt auch vor, dass
nach Click auf Pause- oder Stop-Icon erstmal einige Sekunden (z.T mehr als 20)
geladen wird, bevor der Film tatsächlich pausiert oder stoppt.

Es folgen die Logs.

Code:

OTL logfile created on: 13.01.2013 23:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\ms\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
888,60 Mb Total Physical Memory | 326,72 Mb Available Physical Memory | 36,77% Memory free
1,87 Gb Paging File | 0,89 Gb Available in Paging File | 47,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,67 Gb Total Space | 79,91 Gb Free Space | 42,58% Space Free | Partition Type: NTFS
Drive D: | 30,27 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: MS-PC | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.13 23:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.12 14:10:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.21 16:10:48 | 005,092,152 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.07.31 17:45:56 | 004,114,336 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.07.19 16:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.06.25 10:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.11 17:37:33 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 23:19:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.07 13:12:44 | 000,042,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.24 01:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.24 01:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.09.27 21:33:00 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.08.14 13:57:46 | 000,020,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.08.14 13:57:44 | 000,118,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.08.14 04:48:38 | 000,489,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.30 11:42:06 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.09 23:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.06.20 05:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 17:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 09:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 17:37:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 09:52:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.06.28 12:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\Extensions
[2012.11.23 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\Firefox\Profiles\p87ceku4.default\extensions
[2012.11.23 21:49:36 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.08 22:23:06 | 000,002,321 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\dictcc.xml
[2012.09.27 00:45:01 | 000,012,703 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\imdb.xml
[2012.07.01 18:02:01 | 000,001,919 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\leo-deu-fra.xml
[2012.07.13 08:11:31 | 000,002,006 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\urban-dictionary.xml
[2012.08.04 16:12:00 | 000,001,330 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\wikipedia-en.xml
[2012.07.13 08:35:50 | 000,002,057 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\youtube-videosuche.xml
[2013.01.11 17:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.11 17:37:34 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.14 02:17:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 02:17:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.14 02:17:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 02:17:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.14 02:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 02:17:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {B2E4704E-A1CA-4473-8CB1-08027E35E7FD} hxxp://www.ssicentral.com/hlm/downloads/trial/InstallHLM7Trial.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.47.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29969233-2A4F-48C7-AF45-EE07E50E683D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF53C089-DD22-4058-A3C8-5BCCDB1A973F}: DhcpNameServer = 192.168.47.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 23:27:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2013.01.11 17:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.09 09:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.01 17:08:03 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Masterarbeit
[2012.12.30 16:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.30 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.28 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Diagnostics
[2012.12.18 15:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.18 15:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.18 15:28:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
[2012.12.18 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.18 15:28:15 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 23:35:21 | 000,365,568 | ---- | M] () -- C:\Users\ms\Desktop\gmer-2.0.18444.exe
[2013.01.13 23:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2013.01.13 23:27:15 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable
[2013.01.13 23:26:22 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe
[2013.01.13 23:18:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 20:33:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:33:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:26:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.13 20:26:03 | 698,818,560 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.09 19:22:14 | 000,442,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.01.09 13:38:52 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.01.09 13:38:52 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.01.09 13:38:52 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.01.09 13:38:52 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.01.13 23:34:55 | 000,365,568 | ---- | C] () -- C:\Users\ms\Desktop\gmer-2.0.18444.exe
[2013.01.13 23:27:15 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable
[2013.01.13 23:26:11 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe
[2012.12.28 22:57:48 | 000,675,926 | ---- | C] () -- C:\windows\System32\oem14.inf
[2012.12.18 15:28:58 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.14 19:38:13 | 000,000,218 | ---- | C] () -- C:\Users\ms\.recently-used.xbel
[2012.06.23 14:15:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth2.dll
[2012.06.23 14:15:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth1.dll
[2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\ssprs.dll
[2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth2.dll
[2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth1.dll
[2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\nsprs.dll
[2012.06.23 14:13:50 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2012.06.23 14:13:50 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.13 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\AIMP3
[2012.06.29 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\DAEMON Tools Lite
[2012.12.14 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\gretl
[2012.12.14 19:15:23 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\gtk-2.0
[2012.06.20 13:00:24 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\JabRef 2.8
[2012.06.20 12:38:42 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Leadertech
[2012.06.20 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Lenovo
[2012.06.30 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\LucasArts
[2013.01.11 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Mnemosyne
[2012.06.20 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\OpenOffice.org
[2012.07.04 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\temp
[2012.06.20 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 < End of report >

Code:

OTL Extras logfile created on: 13.01.2013 23:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\ms\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
888,60 Mb Total Physical Memory | 326,72 Mb Available Physical Memory | 36,77% Memory free
1,87 Gb Paging File | 0,89 Gb Available in Paging File | 47,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,67 Gb Total Space | 79,91 Gb Free Space | 42,58% Space Free | Partition Type: NTFS
Drive D: | 30,27 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: MS-PC | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{890F8CC9-45A2-4328-8CBC-254ABB2A7544}" = dir=in | app=c:\program files\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5006A0E8-B9B0-48DF-981A-41D005B3E937}" = Stata 12
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP3" = AIMP3
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"gretl_is1" = gretl version 1.9.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mnemosyne_is1" = Mnemosyne 2.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Rainlendar2" = Rainlendar2 (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.3
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 18.12.2012 15:22:14 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TEXCNTR.EXE, Version: 1.0.0.0, Zeitstempel:
 0x493c1915  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel:
 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00009f40  ID des fehlerhaften Prozesses:
 0x5b8  Startzeit der fehlerhaften Anwendung: 0x01cddd5103e36aaa  Pfad der fehlerhaften
 Anwendung: C:\Program Files\TeXnicCenter\TEXCNTR.EXE  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 39c29093-4948-11e2-b50a-00269e39d1a6
 
Error - 23.12.2012 15:16:31 | Computer Name = ms-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 30.12.2012 14:02:36 | Computer Name = ms-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 31.12.2012 11:14:34 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.59.126, Zeitstempel:
 0x509cf567  Name des fehlerhaften Moduls: Skype.exe, Version: 6.0.59.126, Zeitstempel:
 0x509cf567  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00f8107a  ID des fehlerhaften Prozesses:
 0x2e8  Startzeit der fehlerhaften Anwendung: 0x01cde75e93f67fff  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Skype\Phone\Skype.exe  Berichtskennung: c7ec2d68-535c-11e2-bcb0-00269e39d1a6
 
Error - 01.01.2013 07:09:23 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0xe78  Startzeit der fehlerhaften Anwendung: 0x01cde80ffb03bf63  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: b1ef77c2-5403-11e2-8b3f-00269e39d1a6
 
Error - 02.01.2013 08:40:46 | Computer Name = ms-PC | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
[ Spybot - Search and Destroy Events ]
Error - 18.12.2012 13:44:54 | Computer Name = ms-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 06.01.2013 13:51:24 | Computer Name = ms-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 03.11.2012 10:43:35 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom  SBRE
 
Error - 03.11.2012 11:35:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 03.11.2012 11:35:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom  SBRE
 
Error - 03.11.2012 12:53:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 03.11.2012 12:53:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom  SBRE
 
Error - 03.11.2012 13:31:40 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 04.11.2012 07:04:09 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 04.11.2012 07:04:09 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom  SBRE
 
Error - 04.11.2012 09:02:01 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 04.11.2012 09:02:01 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom  SBRE
 
 < End of report >

Code:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 08:23:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\ms\AppData\Local\Temp\pxldypoc.sys


---- System - GMER 2.0 ----

SSDT  9005B226                                                                                        ZwCreateSection
SSDT  9005B230                                                                                        ZwRequestWaitReplyPort
SSDT  9005B22B                                                                                        ZwSetContextThread
SSDT  9005B235                                                                                        ZwSetSecurityObject
SSDT  9005B23A                                                                                        ZwSystemDebugControl
SSDT  9005B1C7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                        82C82A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82CBC4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82CC362C 4 Bytes  [26, B2, 05, 90] {MOV DL, 0x5; NOP }
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82CC3988 4 Bytes  [30, B2, 05, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82CC39CC 4 Bytes  [2B, B2, 05, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82CC3A48 4 Bytes  [35, B2, 05, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82CC3A9C 4 Bytes  [3A, B2, 05, 90]
.text  ...                                                                                             

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d585f4                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d585f4 (not active ControlSet) 

---- EOF - GMER 2.0 ----


Vielen Dank für eure Hilfe!
:daumenhoc

markusg 14.01.2013 15:03

Hi
öffne Avira, Verwaltung, Quarantäne, poste alle Funde mit Pfadangabe.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

symph2 14.01.2013 15:57

Danke für die schnell Antwort.

Hier die Infos über die Avira-Quarantäne:
Code:

Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\C\60\5B26Ad01
Status:        Infiziert
Quarantäne-Objekt:        545a2e19.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.126
Virendefinitionsdatei:        7.11.38.200
Meldung:        HTML/IFrame.aho
Datum/Uhrzeit:        04.08.2012, 22:15


Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\F\67\35A47d01
Status:        Infiziert
Quarantäne-Objekt:        56c87bc7.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.120
Virendefinitionsdatei:        7.11.38.158
Meldung:        HTML/IFrame.aho
Datum/Uhrzeit:        02.08.2012, 21:07


Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\4\40\D7909d01
Status:        Infiziert
Quarantäne-Objekt:        5504709f.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.120
Virendefinitionsdatei:        7.11.38.158
Meldung:        HTML/IFrame.aho
Datum/Uhrzeit:        02.08.2012, 21:07


Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\C\60\5B26Ad01
Status:        Infiziert
Quarantäne-Objekt:        539e659d.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.120
Virendefinitionsdatei:        7.11.38.158
Meldung:        HTML/IFrame.aho
Datum/Uhrzeit:        02.08.2012, 21:06


Typ:        Datei
Quelle:        E:\Setup.exe
Status:        Infiziert
Quarantäne-Objekt:        55a28bd2.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.96
Virendefinitionsdatei:        7.11.34.18
Meldung:        TR/Dropper.Gen
Datum/Uhrzeit:        26.06.2012, 23:20


Typ:        Datei
Quelle:        E:\Setup.exe
Status:        Infiziert
Quarantäne-Objekt:        571584d2.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.96
Virendefinitionsdatei:        7.11.34.18
Meldung:        TR/Dropper.Gen
Datum/Uhrzeit:        26.06.2012, 23:20


Typ:        Datei
Quelle:        E:\Setup.exe
Status:        Infiziert
Quarantäne-Objekt:        56b18bc0.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.96
Virendefinitionsdatei:        7.11.34.18
Meldung:        TR/Dropper.Gen
Datum/Uhrzeit:        26.06.2012, 23:19


Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Temp\LGS-8.30.86\LGS-8.30.86.exe
Status:        Infiziert
Quarantäne-Objekt:        55e918d4.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.58
Virendefinitionsdatei:        7.11.28.204
Meldung:        TR/Dropper.Gen
Datum/Uhrzeit:        20.06.2012, 13:31


Typ:        Datei
Quelle:        C:\Users\ms\AppData\Local\Temp\LGS-8.30.86\LGS-8.30.86.exe
Status:        Infiziert
Quarantäne-Objekt:        551b1ed5.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.58
Virendefinitionsdatei:        7.11.28.204
Meldung:        TR/Dropper.Gen
Datum/Uhrzeit:        20.06.2012, 13:31


Und hier das TDSSKILLER log:
Code:

15:53:38.0607 1856  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:53:38.0888 1856  ============================================================
15:53:38.0888 1856  Current date / time: 2013/01/14 15:53:38.0888
15:53:38.0888 1856  SystemInfo:
15:53:38.0888 1856 
15:53:38.0888 1856  OS Version: 6.1.7601 ServicePack: 1.0
15:53:38.0888 1856  Product type: Workstation
15:53:38.0888 1856  ComputerName: MS-PC
15:53:38.0888 1856  UserName: ms
15:53:38.0888 1856  Windows directory: C:\windows
15:53:38.0888 1856  System windows directory: C:\windows
15:53:38.0888 1856  Processor architecture: Intel x86
15:53:38.0888 1856  Number of processors: 2
15:53:38.0888 1856  Page size: 0x1000
15:53:38.0888 1856  Boot type: Normal boot
15:53:38.0888 1856  ============================================================
15:53:40.0526 1856  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:40.0588 1856  ============================================================
15:53:40.0588 1856  \Device\Harddisk0\DR0:
15:53:40.0588 1856  MBR partitions:
15:53:40.0588 1856  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
15:53:40.0588 1856  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x17755000
15:53:40.0651 1856  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x177BA000, BlocksNum 0x3C89000
15:53:40.0651 1856  ============================================================
15:53:40.0775 1856  C: <-> \Device\Harddisk0\DR0\Partition2
15:53:40.0900 1856  D: <-> \Device\Harddisk0\DR0\Partition3
15:53:40.0931 1856  ============================================================
15:53:40.0931 1856  Initialize success
15:53:40.0931 1856  ============================================================
15:54:06.0406 1320  ============================================================
15:54:06.0406 1320  Scan started
15:54:06.0406 1320  Mode: Manual; SigCheck; TDLFS;
15:54:06.0406 1320  ============================================================
15:54:07.0748 1320  ================ Scan system memory ========================
15:54:07.0748 1320  System memory - ok
15:54:07.0748 1320  ================ Scan services =============================
15:54:07.0951 1320  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:54:08.0216 1320  1394ohci - ok
15:54:08.0263 1320  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:54:08.0294 1320  ACPI - ok
15:54:08.0356 1320  [ 79D6B28027C398B728CE7CD0570248B0 ] acpials        C:\windows\system32\DRIVERS\acpials.sys
15:54:08.0465 1320  acpials - ok
15:54:08.0512 1320  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
15:54:08.0621 1320  AcpiPmi - ok
15:54:08.0699 1320  [ 87114EFEDEB94AF49323CA61F344716D ] ACPIVPC        C:\windows\system32\DRIVERS\AcpiVpc.sys
15:54:08.0746 1320  ACPIVPC - ok
15:54:08.0824 1320  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:54:08.0887 1320  AdobeFlashPlayerUpdateSvc - ok
15:54:08.0965 1320  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
15:54:09.0074 1320  adp94xx - ok
15:54:09.0089 1320  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
15:54:09.0136 1320  adpahci - ok
15:54:09.0167 1320  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
15:54:09.0214 1320  adpu320 - ok
15:54:09.0245 1320  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
15:54:09.0323 1320  AeLookupSvc - ok
15:54:09.0386 1320  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\windows\system32\drivers\afd.sys
15:54:09.0448 1320  AFD - ok
15:54:09.0464 1320  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
15:54:09.0511 1320  agp440 - ok
15:54:09.0557 1320  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\windows\system32\DRIVERS\djsvs.sys
15:54:09.0620 1320  aic78xx - ok
15:54:09.0667 1320  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\windows\System32\alg.exe
15:54:09.0745 1320  ALG - ok
15:54:09.0791 1320  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
15:54:09.0838 1320  aliide - ok
15:54:09.0854 1320  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
15:54:09.0901 1320  amdagp - ok
15:54:09.0916 1320  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
15:54:09.0947 1320  amdide - ok
15:54:09.0994 1320  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
15:54:10.0088 1320  AmdK8 - ok
15:54:10.0088 1320  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
15:54:10.0150 1320  AmdPPM - ok
15:54:10.0197 1320  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\windows\system32\drivers\amdsata.sys
15:54:10.0259 1320  amdsata - ok
15:54:10.0291 1320  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
15:54:10.0353 1320  amdsbs - ok
15:54:10.0369 1320  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\windows\system32\drivers\amdxata.sys
15:54:10.0415 1320  amdxata - ok
15:54:10.0509 1320  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:10.0540 1320  AntiVirSchedulerService - ok
15:54:10.0603 1320  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:10.0618 1320  AntiVirService - ok
15:54:10.0665 1320  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\windows\system32\drivers\appid.sys
15:54:10.0837 1320  AppID - ok
15:54:10.0883 1320  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:54:10.0977 1320  AppIDSvc - ok
15:54:11.0039 1320  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\windows\System32\appinfo.dll
15:54:11.0117 1320  Appinfo - ok
15:54:11.0164 1320  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\windows\system32\DRIVERS\arc.sys
15:54:11.0211 1320  arc - ok
15:54:11.0227 1320  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
15:54:11.0258 1320  arcsas - ok
15:54:11.0289 1320  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:54:11.0429 1320  AsyncMac - ok
15:54:11.0476 1320  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\windows\system32\drivers\atapi.sys
15:54:11.0523 1320  atapi - ok
15:54:11.0585 1320  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:54:11.0710 1320  AudioEndpointBuilder - ok
15:54:11.0726 1320  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
15:54:11.0788 1320  Audiosrv - ok
15:54:11.0819 1320  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
15:54:11.0866 1320  avgntflt - ok
15:54:11.0897 1320  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
15:54:11.0929 1320  avipbb - ok
15:54:11.0960 1320  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
15:54:11.0991 1320  avkmgr - ok
15:54:12.0038 1320  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:54:12.0147 1320  AxInstSV - ok
15:54:12.0194 1320  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\windows\system32\DRIVERS\bxvbdx.sys
15:54:12.0303 1320  b06bdrv - ok
15:54:12.0334 1320  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
15:54:12.0397 1320  b57nd60x - ok
15:54:12.0521 1320  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX        C:\windows\system32\DRIVERS\bcmwl6.sys
15:54:12.0662 1320  BCM43XX - ok
15:54:12.0693 1320  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
15:54:12.0787 1320  BDESVC - ok
15:54:12.0833 1320  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
15:54:12.0896 1320  Beep - ok
15:54:12.0958 1320  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\windows\System32\bfe.dll
15:54:13.0099 1320  BFE - ok
15:54:13.0145 1320  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
15:54:13.0239 1320  BITS - ok
15:54:13.0270 1320  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:54:13.0317 1320  blbdrive - ok
15:54:13.0348 1320  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:54:13.0426 1320  bowser - ok
15:54:13.0457 1320  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
15:54:13.0567 1320  BrFiltLo - ok
15:54:13.0582 1320  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
15:54:13.0660 1320  BrFiltUp - ok
15:54:13.0707 1320  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\windows\System32\browser.dll
15:54:13.0785 1320  Browser - ok
15:54:13.0801 1320  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\windows\System32\Drivers\Brserid.sys
15:54:13.0894 1320  Brserid - ok
15:54:13.0910 1320  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:54:13.0988 1320  BrSerWdm - ok
15:54:14.0003 1320  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:54:14.0050 1320  BrUsbMdm - ok
15:54:14.0066 1320  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:54:14.0128 1320  BrUsbSer - ok
15:54:14.0175 1320  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
15:54:14.0362 1320  BthEnum - ok
15:54:14.0409 1320  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
15:54:14.0487 1320  BTHMODEM - ok
15:54:14.0518 1320  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
15:54:14.0596 1320  BthPan - ok
15:54:14.0643 1320  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
15:54:14.0783 1320  BTHPORT - ok
15:54:14.0815 1320  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\windows\system32\bthserv.dll
15:54:14.0893 1320  bthserv - ok
15:54:14.0908 1320  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
15:54:14.0986 1320  BTHUSB - ok
15:54:15.0033 1320  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
15:54:15.0064 1320  btwaudio - ok
15:54:15.0095 1320  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt        C:\windows\system32\drivers\btwavdt.sys
15:54:15.0142 1320  btwavdt - ok
15:54:15.0236 1320  [ F7434401AE320BB97903A3C1865242FB ] btwdins        C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
15:54:15.0298 1320  btwdins - ok
15:54:15.0314 1320  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
15:54:15.0345 1320  btwl2cap - ok
15:54:15.0361 1320  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
15:54:15.0407 1320  btwrchid - ok
15:54:15.0517 1320  [ 2306FF4221D45DFB59EE55425A10D157 ] Cam5607        C:\windows\system32\Drivers\BisonC07.sys
15:54:15.0657 1320  Cam5607 - ok
15:54:15.0688 1320  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:54:15.0766 1320  cdfs - ok
15:54:15.0813 1320  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
15:54:15.0907 1320  cdrom - ok
15:54:15.0953 1320  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\windows\System32\certprop.dll
15:54:16.0063 1320  CertPropSvc - ok
15:54:16.0078 1320  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
15:54:16.0141 1320  circlass - ok
15:54:16.0203 1320  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
15:54:16.0234 1320  CLFS - ok
15:54:16.0343 1320  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:16.0406 1320  clr_optimization_v2.0.50727_32 - ok
15:54:16.0499 1320  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:16.0577 1320  clr_optimization_v4.0.30319_32 - ok
15:54:16.0609 1320  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:54:16.0671 1320  CmBatt - ok
15:54:16.0733 1320  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:54:16.0811 1320  cmdide - ok
15:54:16.0889 1320  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\windows\system32\Drivers\cng.sys
15:54:16.0999 1320  CNG - ok
15:54:17.0077 1320  [ 4A13D000037A3B4ECF2E299CF2BD14AB ] CnxtHdAudService C:\windows\system32\drivers\CHDRT32.sys
15:54:17.0201 1320  CnxtHdAudService - ok
15:54:17.0248 1320  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:54:17.0326 1320  Compbatt - ok
15:54:17.0389 1320  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:54:17.0451 1320  CompositeBus - ok
15:54:17.0482 1320  COMSysApp - ok
15:54:17.0498 1320  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
15:54:17.0576 1320  crcdisk - ok
15:54:17.0638 1320  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:54:17.0716 1320  CryptSvc - ok
15:54:17.0810 1320  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
15:54:17.0888 1320  DcomLaunch - ok
15:54:17.0935 1320  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\windows\System32\defragsvc.dll
15:54:18.0044 1320  defragsvc - ok
15:54:18.0122 1320  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:54:18.0231 1320  DfsC - ok
15:54:18.0309 1320  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
15:54:18.0387 1320  Dhcp - ok
15:54:18.0403 1320  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
15:54:18.0465 1320  discache - ok
15:54:18.0512 1320  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:54:18.0559 1320  Disk - ok
15:54:18.0605 1320  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:54:18.0730 1320  Dnscache - ok
15:54:18.0808 1320  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\windows\System32\dot3svc.dll
15:54:18.0902 1320  dot3svc - ok
15:54:18.0949 1320  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\windows\system32\dps.dll
15:54:19.0011 1320  DPS - ok
15:54:19.0058 1320  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
15:54:19.0120 1320  drmkaud - ok
15:54:19.0167 1320  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
15:54:19.0261 1320  DXGKrnl - ok
15:54:19.0292 1320  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\windows\System32\eapsvc.dll
15:54:19.0401 1320  EapHost - ok
15:54:19.0510 1320  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\windows\system32\DRIVERS\evbdx.sys
15:54:19.0760 1320  ebdrv - ok
15:54:19.0807 1320  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\windows\System32\lsass.exe
15:54:19.0885 1320  EFS - ok
15:54:19.0978 1320  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
15:54:20.0119 1320  ehRecvr - ok
15:54:20.0150 1320  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\windows\ehome\ehsched.exe
15:54:20.0212 1320  ehSched - ok
15:54:20.0275 1320  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
15:54:20.0353 1320  elxstor - ok
15:54:20.0384 1320  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:54:20.0431 1320  ErrDev - ok
15:54:20.0493 1320  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\windows\system32\es.dll
15:54:20.0571 1320  EventSystem - ok
15:54:20.0587 1320  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\windows\system32\drivers\exfat.sys
15:54:20.0665 1320  exfat - ok
15:54:20.0727 1320  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\windows\system32\drivers\fastfat.sys
15:54:20.0836 1320  fastfat - ok
15:54:20.0914 1320  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\windows\system32\fxssvc.exe
15:54:20.0992 1320  Fax - ok
15:54:21.0008 1320  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\windows\system32\DRIVERS\fdc.sys
15:54:21.0055 1320  fdc - ok
15:54:21.0086 1320  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\windows\system32\fdPHost.dll
15:54:21.0164 1320  fdPHost - ok
15:54:21.0179 1320  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
15:54:21.0273 1320  FDResPub - ok
15:54:21.0320 1320  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:54:21.0367 1320  FileInfo - ok
15:54:21.0382 1320  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
15:54:21.0476 1320  Filetrace - ok
15:54:21.0491 1320  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:54:21.0538 1320  flpydisk - ok
15:54:21.0569 1320  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:54:21.0601 1320  FltMgr - ok
15:54:21.0663 1320  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\windows\system32\FntCache.dll
15:54:21.0741 1320  FontCache - ok
15:54:21.0819 1320  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:21.0881 1320  FontCache3.0.0.0 - ok
15:54:21.0913 1320  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
15:54:21.0959 1320  FsDepends - ok
15:54:22.0006 1320  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:54:22.0053 1320  Fs_Rec - ok
15:54:22.0115 1320  [ F626F291E3F56E8969E35945552FECA3 ] funfrm          C:\windows\system32\drivers\funfrm.sys
15:54:22.0162 1320  funfrm - ok
15:54:22.0225 1320  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:54:22.0271 1320  fvevol - ok
15:54:22.0318 1320  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
15:54:22.0365 1320  gagp30kx - ok
15:54:22.0427 1320  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\windows\System32\gpsvc.dll
15:54:22.0521 1320  gpsvc - ok
15:54:22.0537 1320  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:54:22.0615 1320  hcw85cir - ok
15:54:22.0677 1320  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:54:22.0786 1320  HdAudAddService - ok
15:54:22.0802 1320  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
15:54:22.0849 1320  HDAudBus - ok
15:54:22.0880 1320  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
15:54:22.0927 1320  HidBatt - ok
15:54:22.0942 1320  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
15:54:23.0005 1320  HidBth - ok
15:54:23.0036 1320  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
15:54:23.0083 1320  HidIr - ok
15:54:23.0114 1320  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\windows\system32\hidserv.dll
15:54:23.0208 1320  hidserv - ok
15:54:23.0254 1320  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:54:23.0301 1320  HidUsb - ok
15:54:23.0348 1320  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:54:23.0426 1320  hkmsvc - ok
15:54:23.0473 1320  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:54:23.0566 1320  HomeGroupListener - ok
15:54:23.0613 1320  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:54:23.0660 1320  HomeGroupProvider - ok
15:54:23.0707 1320  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:54:23.0754 1320  HpSAMD - ok
15:54:23.0816 1320  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:54:23.0878 1320  HTTP - ok
15:54:23.0925 1320  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:54:23.0956 1320  hwpolicy - ok
15:54:23.0988 1320  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
15:54:24.0050 1320  i8042prt - ok
15:54:24.0144 1320  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:54:24.0190 1320  IAANTMON - ok
15:54:24.0222 1320  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:54:24.0253 1320  iaStor - ok
15:54:24.0300 1320  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
15:54:24.0362 1320  iaStorV - ok
15:54:24.0456 1320  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:54:24.0502 1320  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:54:24.0502 1320  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:54:24.0596 1320  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:24.0752 1320  idsvc - ok
15:54:24.0939 1320  [ C7FEE838FD0216EE0AD3D765AB4F40F4 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
15:54:25.0173 1320  igfx - ok
15:54:25.0204 1320  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
15:54:25.0267 1320  iirsp - ok
15:54:25.0345 1320  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
15:54:25.0485 1320  IKEEXT - ok
15:54:25.0532 1320  [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
15:54:25.0610 1320  IntcHdmiAddService - ok
15:54:25.0626 1320  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
15:54:25.0672 1320  intelide - ok
15:54:25.0704 1320  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:54:25.0735 1320  intelppm - ok
15:54:25.0782 1320  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\windows\system32\ipbusenum.dll
15:54:25.0860 1320  IPBusEnum - ok
15:54:25.0891 1320  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:54:25.0984 1320  IpFilterDriver - ok
15:54:26.0062 1320  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:54:26.0203 1320  iphlpsvc - ok
15:54:26.0265 1320  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
15:54:26.0343 1320  IPMIDRV - ok
15:54:26.0406 1320  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\windows\system32\drivers\ipnat.sys
15:54:26.0515 1320  IPNAT - ok
15:54:26.0562 1320  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:54:26.0624 1320  IRENUM - ok
15:54:26.0655 1320  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:54:26.0702 1320  isapnp - ok
15:54:26.0749 1320  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:54:26.0827 1320  iScsiPrt - ok
15:54:26.0889 1320  [ 62632763D9B2B7F92D2968D40406E7AA ] k57nd60x        C:\windows\system32\DRIVERS\k57nd60x.sys
15:54:26.0952 1320  k57nd60x - ok
15:54:26.0967 1320  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
15:54:27.0014 1320  kbdclass - ok
15:54:27.0061 1320  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
15:54:27.0108 1320  kbdhid - ok
15:54:27.0139 1320  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
15:54:27.0154 1320  KeyIso - ok
15:54:27.0201 1320  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:54:27.0248 1320  KSecDD - ok
15:54:27.0279 1320  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
15:54:27.0326 1320  KSecPkg - ok
15:54:27.0357 1320  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\windows\system32\msdtckrm.dll
15:54:27.0466 1320  KtmRm - ok
15:54:27.0513 1320  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
15:54:27.0591 1320  LanmanServer - ok
15:54:27.0654 1320  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:54:27.0732 1320  LanmanWorkstation - ok
15:54:27.0778 1320  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum      C:\windows\system32\drivers\LGBusEnum.sys
15:54:27.0825 1320  LGBusEnum - ok
15:54:27.0856 1320  [ 8DC67B636F393DF1B93E5445485427C5 ] LGSHidFilt      C:\windows\system32\DRIVERS\LGSHidFilt.Sys
15:54:27.0888 1320  LGSHidFilt - ok
15:54:27.0934 1320  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\windows\system32\drivers\LGVirHid.sys
15:54:27.0950 1320  LGVirHid - ok
15:54:27.0997 1320  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:54:28.0090 1320  lltdio - ok
15:54:28.0122 1320  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\windows\System32\lltdsvc.dll
15:54:28.0200 1320  lltdsvc - ok
15:54:28.0231 1320  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\windows\System32\lmhsvc.dll
15:54:28.0293 1320  lmhosts - ok
15:54:28.0324 1320  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
15:54:28.0371 1320  LSI_FC - ok
15:54:28.0387 1320  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
15:54:28.0434 1320  LSI_SAS - ok
15:54:28.0434 1320  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
15:54:28.0480 1320  LSI_SAS2 - ok
15:54:28.0496 1320  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
15:54:28.0543 1320  LSI_SCSI - ok
15:54:28.0574 1320  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\windows\system32\drivers\luafv.sys
15:54:28.0636 1320  luafv - ok
15:54:28.0683 1320  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
15:54:28.0746 1320  Mcx2Svc - ok
15:54:28.0746 1320  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
15:54:28.0792 1320  megasas - ok
15:54:28.0824 1320  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
15:54:28.0886 1320  MegaSR - ok
15:54:28.0917 1320  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\windows\system32\mmcss.dll
15:54:29.0011 1320  MMCSS - ok
15:54:29.0026 1320  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\windows\system32\drivers\modem.sys
15:54:29.0089 1320  Modem - ok
15:54:29.0104 1320  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
15:54:29.0151 1320  monitor - ok
15:54:29.0198 1320  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:54:29.0245 1320  mouclass - ok
15:54:29.0292 1320  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:54:29.0338 1320  mouhid - ok
15:54:29.0385 1320  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:54:29.0416 1320  mountmgr - ok
15:54:29.0479 1320  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:29.0541 1320  MozillaMaintenance - ok
15:54:29.0572 1320  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
15:54:29.0619 1320  mpio - ok
15:54:29.0635 1320  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:54:29.0728 1320  mpsdrv - ok
15:54:29.0775 1320  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:54:29.0900 1320  MpsSvc - ok
15:54:29.0947 1320  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:54:29.0994 1320  MRxDAV - ok
15:54:30.0072 1320  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:54:30.0150 1320  mrxsmb - ok
15:54:30.0165 1320  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:54:30.0228 1320  mrxsmb10 - ok
15:54:30.0259 1320  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:54:30.0321 1320  mrxsmb20 - ok
15:54:30.0352 1320  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
15:54:30.0415 1320  msahci - ok
15:54:30.0446 1320  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\windows\system32\drivers\msdsm.sys
15:54:30.0508 1320  msdsm - ok
15:54:30.0524 1320  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\windows\System32\msdtc.exe
15:54:30.0618 1320  MSDTC - ok
15:54:30.0649 1320  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:54:30.0727 1320  Msfs - ok
15:54:30.0758 1320  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
15:54:30.0898 1320  mshidkmdf - ok
15:54:30.0945 1320  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:54:30.0992 1320  msisadrv - ok
15:54:31.0023 1320  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
15:54:31.0101 1320  MSiSCSI - ok
15:54:31.0117 1320  msiserver - ok
15:54:31.0148 1320  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
15:54:31.0210 1320  MSKSSRV - ok
15:54:31.0257 1320  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:54:31.0335 1320  MSPCLOCK - ok
15:54:31.0351 1320  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
15:54:31.0413 1320  MSPQM - ok
15:54:31.0429 1320  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
15:54:31.0476 1320  MsRPC - ok
15:54:31.0522 1320  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:54:31.0538 1320  mssmbios - ok
15:54:31.0569 1320  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
15:54:31.0647 1320  MSTEE - ok
15:54:31.0663 1320  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
15:54:31.0694 1320  MTConfig - ok
15:54:31.0710 1320  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\windows\system32\Drivers\mup.sys
15:54:31.0756 1320  Mup - ok
15:54:31.0803 1320  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
15:54:31.0881 1320  napagent - ok
15:54:31.0944 1320  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
15:54:32.0006 1320  NativeWifiP - ok
15:54:32.0068 1320  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:54:32.0131 1320  NDIS - ok
15:54:32.0146 1320  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
15:54:32.0209 1320  NdisCap - ok
15:54:32.0240 1320  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:54:32.0318 1320  NdisTapi - ok
15:54:32.0380 1320  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
15:54:32.0443 1320  Ndisuio - ok
15:54:32.0490 1320  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
15:54:32.0583 1320  NdisWan - ok
15:54:32.0599 1320  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
15:54:32.0677 1320  NDProxy - ok
15:54:32.0708 1320  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
15:54:32.0770 1320  NetBIOS - ok
15:54:32.0833 1320  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
15:54:32.0895 1320  NetBT - ok
15:54:32.0911 1320  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
15:54:32.0926 1320  Netlogon - ok
15:54:32.0973 1320  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
15:54:33.0036 1320  Netman - ok
15:54:33.0067 1320  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
15:54:33.0160 1320  netprofm - ok
15:54:33.0192 1320  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:33.0238 1320  NetTcpPortSharing - ok
15:54:33.0410 1320  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\windows\system32\DRIVERS\netw5v32.sys
15:54:33.0691 1320  netw5v32 - ok
15:54:33.0722 1320  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
15:54:33.0769 1320  nfrd960 - ok
15:54:33.0816 1320  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
15:54:33.0894 1320  NlaSvc - ok
15:54:33.0925 1320  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:54:34.0003 1320  Npfs - ok
15:54:34.0174 1320  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\windows\system32\nsisvc.dll
15:54:34.0284 1320  nsi - ok
15:54:34.0299 1320  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:54:34.0377 1320  nsiproxy - ok
15:54:34.0455 1320  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:54:34.0611 1320  Ntfs - ok
15:54:34.0658 1320  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
15:54:34.0783 1320  Null - ok
15:54:34.0830 1320  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:54:34.0892 1320  nvraid - ok
15:54:34.0923 1320  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:54:34.0970 1320  nvstor - ok
15:54:35.0017 1320  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:54:35.0064 1320  nv_agp - ok
15:54:35.0095 1320  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:54:35.0157 1320  ohci1394 - ok
15:54:35.0188 1320  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:54:35.0282 1320  p2pimsvc - ok
15:54:35.0329 1320  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
15:54:35.0438 1320  p2psvc - ok
15:54:35.0485 1320  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\windows\system32\DRIVERS\parport.sys
15:54:35.0532 1320  Parport - ok
15:54:35.0563 1320  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\windows\system32\drivers\partmgr.sys
15:54:35.0610 1320  partmgr - ok
15:54:35.0625 1320  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
15:54:35.0672 1320  Parvdm - ok
15:54:35.0703 1320  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:54:35.0734 1320  PcaSvc - ok
15:54:35.0781 1320  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\windows\system32\drivers\pci.sys
15:54:35.0844 1320  pci - ok
15:54:35.0875 1320  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
15:54:35.0937 1320  pciide - ok
15:54:35.0968 1320  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
15:54:36.0062 1320  pcmcia - ok
15:54:36.0093 1320  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\windows\system32\drivers\pcw.sys
15:54:36.0140 1320  pcw - ok
15:54:36.0171 1320  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:54:36.0327 1320  PEAUTH - ok
15:54:36.0421 1320  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\windows\system32\pla.dll
15:54:36.0608 1320  pla - ok
15:54:36.0655 1320  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:54:36.0717 1320  PlugPlay - ok
15:54:36.0733 1320  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
15:54:36.0780 1320  PNRPAutoReg - ok
15:54:36.0811 1320  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
15:54:36.0842 1320  PNRPsvc - ok
15:54:36.0904 1320  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
15:54:36.0998 1320  PolicyAgent - ok
15:54:37.0060 1320  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\windows\system32\umpo.dll
15:54:37.0123 1320  Power - ok
15:54:37.0185 1320  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:54:37.0279 1320  PptpMiniport - ok
15:54:37.0294 1320  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\windows\system32\DRIVERS\processr.sys
15:54:37.0357 1320  Processor - ok
15:54:37.0419 1320  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\windows\system32\profsvc.dll
15:54:37.0466 1320  ProfSvc - ok
15:54:37.0482 1320  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
15:54:37.0513 1320  ProtectedStorage - ok
15:54:37.0544 1320  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:54:37.0606 1320  Psched - ok
15:54:37.0653 1320  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
15:54:37.0762 1320  ql2300 - ok
15:54:37.0778 1320  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
15:54:37.0840 1320  ql40xx - ok
15:54:37.0872 1320  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\windows\system32\qwave.dll
15:54:37.0934 1320  QWAVE - ok
15:54:37.0950 1320  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:54:37.0981 1320  QWAVEdrv - ok
15:54:37.0996 1320  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:54:38.0074 1320  RasAcd - ok
15:54:38.0137 1320  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
15:54:38.0184 1320  RasAgileVpn - ok
15:54:38.0215 1320  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\windows\System32\rasauto.dll
15:54:38.0308 1320  RasAuto - ok
15:54:38.0355 1320  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
15:54:38.0433 1320  Rasl2tp - ok
15:54:38.0496 1320  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
15:54:38.0589 1320  RasMan - ok
15:54:38.0620 1320  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:54:38.0714 1320  RasPppoe - ok
15:54:38.0745 1320  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
15:54:38.0823 1320  RasSstp - ok
15:54:38.0870 1320  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
15:54:38.0979 1320  rdbss - ok
15:54:38.0995 1320  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
15:54:39.0057 1320  rdpbus - ok
15:54:39.0088 1320  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:54:39.0151 1320  RDPCDD - ok
15:54:39.0182 1320  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:54:39.0229 1320  RDPENCDD - ok
15:54:39.0260 1320  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:54:39.0307 1320  RDPREFMP - ok
15:54:39.0338 1320  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
15:54:39.0432 1320  RDPWD - ok
15:54:39.0494 1320  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:54:39.0541 1320  rdyboost - ok
15:54:39.0588 1320  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
15:54:39.0666 1320  RemoteAccess - ok
15:54:39.0697 1320  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:54:39.0790 1320  RemoteRegistry - ok
15:54:39.0837 1320  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
15:54:39.0868 1320  RFCOMM - ok
15:54:39.0884 1320  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:54:39.0962 1320  RpcEptMapper - ok
15:54:40.0009 1320  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
15:54:40.0071 1320  RpcLocator - ok
15:54:40.0102 1320  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\windows\system32\rpcss.dll
15:54:40.0149 1320  RpcSs - ok
15:54:40.0196 1320  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:54:40.0274 1320  rspndr - ok
15:54:40.0305 1320  RSUSBSTOR - ok
15:54:40.0321 1320  RtsUIR - ok
15:54:40.0336 1320  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\windows\system32\lsass.exe
15:54:40.0368 1320  SamSs - ok
15:54:40.0399 1320  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:54:40.0461 1320  sbp2port - ok
15:54:40.0477 1320  SBRE - ok
15:54:40.0524 1320  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:54:40.0602 1320  SCardSvr - ok
15:54:40.0633 1320  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:54:40.0695 1320  scfilter - ok
15:54:40.0758 1320  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
15:54:40.0898 1320  Schedule - ok
15:54:40.0914 1320  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\windows\System32\certprop.dll
15:54:40.0960 1320  SCPolicySvc - ok
15:54:41.0007 1320  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:54:41.0054 1320  SDRSVC - ok
15:54:41.0179 1320  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:54:41.0257 1320  SDScannerService - ok
15:54:41.0335 1320  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:54:41.0413 1320  SDUpdateService - ok
15:54:41.0444 1320  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:54:41.0460 1320  SDWSCService - ok
15:54:41.0506 1320  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:54:41.0584 1320  secdrv - ok
15:54:41.0616 1320  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
15:54:41.0725 1320  seclogon - ok
15:54:41.0772 1320  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
15:54:41.0834 1320  SENS - ok
15:54:41.0865 1320  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:54:41.0912 1320  SensrSvc - ok
15:54:41.0928 1320  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
15:54:41.0974 1320  Serenum - ok
15:54:42.0006 1320  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:54:42.0084 1320  Serial - ok
15:54:42.0099 1320  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:54:42.0193 1320  sermouse - ok
15:54:42.0240 1320  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
15:54:42.0318 1320  SessionEnv - ok
15:54:42.0364 1320  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
15:54:42.0458 1320  sffdisk - ok
15:54:42.0474 1320  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:54:42.0536 1320  sffp_mmc - ok
15:54:42.0552 1320  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
15:54:42.0630 1320  sffp_sd - ok
15:54:42.0645 1320  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
15:54:42.0692 1320  sfloppy - ok
15:54:42.0739 1320  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:54:42.0832 1320  SharedAccess - ok
15:54:42.0895 1320  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:54:42.0973 1320  ShellHWDetection - ok
15:54:43.0020 1320  [ CE2A092F209640211CD8934C7FC60063 ] Shockprf        C:\windows\system32\DRIVERS\Apsx86.sys
15:54:43.0066 1320  Shockprf - ok
15:54:43.0098 1320  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
15:54:43.0144 1320  sisagp - ok
15:54:43.0191 1320  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
15:54:43.0222 1320  SiSRaid2 - ok
15:54:43.0238 1320  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
15:54:43.0285 1320  SiSRaid4 - ok
15:54:43.0394 1320  [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
15:54:43.0550 1320  SkypeUpdate - ok
15:54:43.0581 1320  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\windows\system32\DRIVERS\smb.sys
15:54:43.0644 1320  Smb - ok
15:54:43.0722 1320  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:54:43.0753 1320  SNMPTRAP - ok
15:54:43.0800 1320  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\windows\system32\drivers\spldr.sys
15:54:43.0846 1320  spldr - ok
15:54:43.0893 1320  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\windows\System32\spoolsv.exe
15:54:43.0971 1320  Spooler - ok
15:54:44.0143 1320  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
15:54:44.0361 1320  sppsvc - ok
15:54:44.0408 1320  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\windows\system32\sppuinotify.dll
15:54:44.0517 1320  sppuinotify - ok
15:54:44.0595 1320  [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:54:44.0673 1320  SQLWriter - ok
15:54:44.0704 1320  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\windows\system32\DRIVERS\srv.sys
15:54:44.0814 1320  srv - ok
15:54:44.0845 1320  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:54:44.0938 1320  srv2 - ok
15:54:44.0954 1320  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:54:45.0001 1320  srvnet - ok
15:54:45.0032 1320  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
15:54:45.0110 1320  SSDPSRV - ok
15:54:45.0157 1320  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
15:54:45.0188 1320  ssmdrv - ok
15:54:45.0219 1320  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\windows\system32\sstpsvc.dll
15:54:45.0266 1320  SstpSvc - ok
15:54:45.0297 1320  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
15:54:45.0328 1320  stexstor - ok
15:54:45.0391 1320  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
15:54:45.0500 1320  StiSvc - ok
15:54:45.0516 1320  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
15:54:45.0547 1320  swenum - ok
15:54:45.0578 1320  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\windows\System32\swprv.dll
15:54:45.0687 1320  swprv - ok
15:54:45.0765 1320  [ C93AA00FB1386CC00D0A66BA41847421 ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
15:54:45.0812 1320  SynTP - ok
15:54:45.0890 1320  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\windows\system32\sysmain.dll
15:54:45.0999 1320  SysMain - ok
15:54:46.0046 1320  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
15:54:46.0108 1320  TabletInputService - ok
15:54:46.0186 1320  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\windows\System32\tapisrv.dll
15:54:46.0296 1320  TapiSrv - ok
15:54:46.0342 1320  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\windows\System32\tbssvc.dll
15:54:46.0420 1320  TBS - ok
15:54:46.0498 1320  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
15:54:46.0686 1320  Tcpip - ok
15:54:46.0732 1320  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:54:46.0795 1320  TCPIP6 - ok
15:54:46.0857 1320  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:54:46.0935 1320  tcpipreg - ok
15:54:46.0982 1320  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:54:47.0044 1320  TDPIPE - ok
15:54:47.0060 1320  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
15:54:47.0107 1320  TDTCP - ok
15:54:47.0154 1320  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
15:54:47.0232 1320  tdx - ok
15:54:47.0325 1320  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
15:54:47.0372 1320  TermDD - ok
15:54:47.0450 1320  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\windows\System32\termsrv.dll
15:54:47.0575 1320  TermService - ok
15:54:47.0606 1320  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
15:54:47.0668 1320  Themes - ok
15:54:47.0668 1320  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\windows\system32\mmcss.dll
15:54:47.0731 1320  THREADORDER - ok
15:54:47.0746 1320  [ 5ABC361EE13977D13948602AB17B8C0C ] TPDIGIMN        C:\windows\system32\DRIVERS\ApsHM86.sys
15:54:47.0793 1320  TPDIGIMN - ok
15:54:47.0824 1320  [ C4D817A26D5BCCDA3AC0D18E44A8FF56 ] TPHDEXLGSVC    C:\windows\system32\TPHDEXLG.exe
15:54:47.0856 1320  TPHDEXLGSVC - ok
15:54:47.0871 1320  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
15:54:47.0980 1320  TrkWks - ok
15:54:48.0043 1320  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:54:48.0090 1320  TrustedInstaller - ok
15:54:48.0136 1320  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:54:48.0230 1320  tssecsrv - ok
15:54:48.0308 1320  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:54:48.0370 1320  TsUsbFlt - ok
15:54:48.0433 1320  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:54:48.0495 1320  tunnel - ok
15:54:48.0511 1320  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
15:54:48.0558 1320  uagp35 - ok
15:54:48.0604 1320  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:54:48.0714 1320  udfs - ok
15:54:48.0760 1320  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\windows\system32\UI0Detect.exe
15:54:48.0807 1320  UI0Detect - ok
15:54:48.0870 1320  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:54:48.0932 1320  uliagpkx - ok
15:54:48.0963 1320  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\windows\system32\drivers\umbus.sys
15:54:49.0041 1320  umbus - ok
15:54:49.0072 1320  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
15:54:49.0150 1320  UmPass - ok
15:54:49.0260 1320  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
15:54:49.0369 1320  upnphost - ok
15:54:49.0400 1320  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
15:54:49.0494 1320  usbccgp - ok
15:54:49.0509 1320  USBCCID - ok
15:54:49.0540 1320  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:54:49.0587 1320  usbcir - ok
15:54:49.0603 1320  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\windows\system32\DRIVERS\usbehci.sys
15:54:49.0650 1320  usbehci - ok
15:54:49.0681 1320  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:54:49.0743 1320  usbhub - ok
15:54:49.0759 1320  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\windows\system32\drivers\usbohci.sys
15:54:49.0821 1320  usbohci - ok
15:54:49.0852 1320  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:54:49.0899 1320  usbprint - ok
15:54:49.0946 1320  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
15:54:49.0993 1320  USBSTOR - ok
15:54:50.0008 1320  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\windows\system32\DRIVERS\usbuhci.sys
15:54:50.0071 1320  usbuhci - ok
15:54:50.0118 1320  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
15:54:50.0164 1320  usbvideo - ok
15:54:50.0196 1320  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\windows\System32\uxsms.dll
15:54:50.0289 1320  UxSms - ok
15:54:50.0320 1320  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
15:54:50.0383 1320  VaultSvc - ok
15:54:50.0461 1320  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\windows\system32\DRIVERS\VClone.sys
15:54:50.0586 1320  VClone - ok
15:54:50.0648 1320  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:54:50.0695 1320  vdrvroot - ok
15:54:50.0804 1320  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\windows\System32\vds.exe
15:54:50.0944 1320  vds - ok
15:54:50.0991 1320  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
15:54:51.0054 1320  vga - ok
15:54:51.0100 1320  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\windows\System32\drivers\vga.sys
15:54:51.0225 1320  VgaSave - ok
15:54:51.0272 1320  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
15:54:51.0334 1320  vhdmp - ok
15:54:51.0381 1320  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
15:54:51.0412 1320  viaagp - ok
15:54:51.0444 1320  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\windows\system32\DRIVERS\viac7.sys
15:54:51.0506 1320  ViaC7 - ok
15:54:51.0537 1320  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
15:54:51.0584 1320  viaide - ok
15:54:51.0615 1320  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:54:51.0678 1320  volmgr - ok
15:54:51.0709 1320  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
15:54:51.0740 1320  volmgrx - ok
15:54:51.0771 1320  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\windows\system32\drivers\volsnap.sys
15:54:51.0834 1320  volsnap - ok
15:54:51.0880 1320  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
15:54:51.0943 1320  vsmraid - ok
15:54:52.0021 1320  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\windows\system32\vssvc.exe
15:54:52.0161 1320  VSS - ok
15:54:52.0192 1320  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:54:52.0255 1320  vwifibus - ok
15:54:52.0333 1320  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:54:52.0380 1320  vwififlt - ok
15:54:52.0411 1320  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
15:54:52.0473 1320  vwifimp - ok
15:54:52.0504 1320  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\windows\system32\w32time.dll
15:54:52.0598 1320  W32Time - ok
15:54:52.0629 1320  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
15:54:52.0707 1320  WacomPen - ok
15:54:52.0770 1320  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:54:52.0863 1320  WANARP - ok
15:54:52.0863 1320  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:54:52.0910 1320  Wanarpv6 - ok
15:54:52.0972 1320  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
15:54:53.0160 1320  wbengine - ok
15:54:53.0222 1320  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:54:53.0284 1320  WbioSrvc - ok
15:54:53.0331 1320  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\windows\System32\wcncsvc.dll
15:54:53.0409 1320  wcncsvc - ok
15:54:53.0456 1320  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:54:53.0534 1320  WcsPlugInService - ok
15:54:53.0581 1320  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
15:54:53.0612 1320  Wd - ok
15:54:53.0706 1320  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:54:53.0830 1320  Wdf01000 - ok
15:54:53.0877 1320  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:54:54.0002 1320  WdiServiceHost - ok
15:54:54.0002 1320  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\windows\system32\wdi.dll
15:54:54.0033 1320  WdiSystemHost - ok
15:54:54.0064 1320  [ EA4E9DD00E69B35F9BD3D39ACB113E3F ] wdmirror        C:\windows\system32\DRIVERS\WDMirror.sys
15:54:54.0111 1320  wdmirror - ok
15:54:54.0174 1320  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\windows\System32\webclnt.dll
15:54:54.0283 1320  WebClient - ok
15:54:54.0361 1320  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:54:54.0439 1320  Wecsvc - ok
15:54:54.0470 1320  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\windows\System32\wercplsupport.dll
15:54:54.0548 1320  wercplsupport - ok
15:54:54.0579 1320  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
15:54:54.0688 1320  WerSvc - ok
15:54:54.0735 1320  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:54:54.0798 1320  WfpLwf - ok
15:54:54.0829 1320  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr        C:\windows\system32\DRIVERS\wimfltr.sys
15:54:54.0891 1320  WimFltr - ok
15:54:54.0907 1320  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:54:54.0938 1320  WIMMount - ok
15:54:55.0016 1320  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:54:55.0094 1320  WinDefend - ok
15:54:55.0110 1320  WinHttpAutoProxySvc - ok
15:54:55.0172 1320  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
15:54:55.0281 1320  Winmgmt - ok
15:54:55.0359 1320  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\windows\system32\WsmSvc.dll
15:54:55.0531 1320  WinRM - ok
15:54:55.0593 1320  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:54:55.0656 1320  WinUsb - ok
15:54:55.0718 1320  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\windows\System32\wlansvc.dll
15:54:55.0874 1320  Wlansvc - ok
15:54:55.0905 1320  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
15:54:55.0936 1320  WmiAcpi - ok
15:54:55.0983 1320  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:54:56.0155 1320  wmiApSrv - ok
15:54:56.0248 1320  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:56.0436 1320  WMPNetworkSvc - ok
15:54:56.0482 1320  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:54:56.0560 1320  WPCSvc - ok
15:54:56.0607 1320  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:54:56.0716 1320  WPDBusEnum - ok
15:54:56.0748 1320  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
15:54:56.0841 1320  ws2ifsl - ok
15:54:56.0872 1320  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
15:54:56.0919 1320  wscsvc - ok
15:54:56.0935 1320  WSearch - ok
15:54:56.0966 1320  [ BAEDC491374DEFD5E76336901D6D397D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
15:54:57.0028 1320  wsvd - ok
15:54:57.0091 1320  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
15:54:57.0231 1320  wuauserv - ok
15:54:57.0262 1320  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:54:57.0340 1320  WudfPf - ok
15:54:57.0372 1320  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:54:57.0434 1320  WUDFRd - ok
15:54:57.0481 1320  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
15:54:57.0543 1320  wudfsvc - ok
15:54:57.0574 1320  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\windows\System32\wwansvc.dll
15:54:57.0652 1320  WwanSvc - ok
15:54:57.0699 1320  ================ Scan global ===============================
15:54:57.0746 1320  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
15:54:57.0808 1320  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
15:54:57.0855 1320  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
15:54:57.0902 1320  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
15:54:57.0933 1320  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
15:54:57.0949 1320  [Global] - ok
15:54:57.0949 1320  ================ Scan MBR ==================================
15:54:57.0964 1320  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:54:58.0261 1320  \Device\Harddisk0\DR0 - ok
15:54:58.0261 1320  ================ Scan VBR ==================================
15:54:58.0261 1320  [ 8484E095B924572A5BA20920CC9D5D29 ] \Device\Harddisk0\DR0\Partition1
15:54:58.0261 1320  \Device\Harddisk0\DR0\Partition1 - ok
15:54:58.0292 1320  [ 37BA1BEBF6F543F80C1AE9C1B20BE07C ] \Device\Harddisk0\DR0\Partition2
15:54:58.0292 1320  \Device\Harddisk0\DR0\Partition2 - ok
15:54:58.0323 1320  [ 482FC679FCB67FBA2E5FE9715D663FB3 ] \Device\Harddisk0\DR0\Partition3
15:54:58.0323 1320  \Device\Harddisk0\DR0\Partition3 - ok
15:54:58.0323 1320  ============================================================
15:54:58.0323 1320  Scan finished
15:54:58.0323 1320  ============================================================
15:54:58.0339 2588  Detected object count: 1
15:54:58.0339 2588  Actual detected object count: 1
15:55:05.0374 2588  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:05.0374 2588  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ist es schlimm?

markusg 14.01.2013 17:08

hi
nö bisher nicht.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

symph2 14.01.2013 18:06

Alles klar, hier das log:

[CODE]
Combofix Logfile:
Code:

ComboFix 13-01-14.01 - ms 14.01.2013  17:50:59.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.889.150 [GMT 1:00]
ausgeführt von:: c:\users\ms\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\auto.dta
c:\data\example.tex
C:\install.exe
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\s.bat
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-14 16:59 . 2013-01-14 16:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-13 22:26 . 2013-01-13 22:26        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{17BB6541-8462-4032-A04A-486E795A012D}\offreg.dll
2013-01-11 15:45 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{17BB6541-8462-4032-A04A-486E795A012D}\mpengine.dll
2013-01-09 12:40 . 2012-11-22 04:45        626688        ----a-w-        c:\windows\system32\usp10.dll
2013-01-09 12:40 . 2012-11-23 02:56        2345984        ----a-w-        c:\windows\system32\win32k.sys
2013-01-09 12:40 . 2012-11-09 04:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2013-01-09 12:37 . 2012-12-07 10:46        43520        ----a-w-        c:\windows\system32\csrr.rs
2013-01-09 12:36 . 2012-11-20 04:51        220160        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-09 12:36 . 2012-11-23 02:48        49152        ----a-w-        c:\windows\system32\taskhost.exe
2013-01-09 08:52 . 2013-01-09 09:09        --------        d-----w-        c:\program files\Mozilla Thunderbird
2012-12-30 15:56 . 2012-12-30 15:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-12-28 19:35 . 2012-12-28 21:52        --------        d-----w-        c:\users\ms\AppData\Local\Diagnostics
2012-12-21 21:40 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-21 21:40 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-18 14:29 . 2013-01-06 22:02        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-12-18 14:28 . 2013-01-14 16:42        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2
2012-12-18 14:28 . 2012-12-18 14:28        --------        d-----w-        c:\users\ms\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 22:19 . 2012-06-20 11:00        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 22:19 . 2012-06-20 11:00        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09 . 2012-12-13 07:53        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:53        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:53        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:53        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:53        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:53        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:15        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:15        376832        ----a-w-        c:\windows\system32\dpnet.dll
2013-01-11 16:37 . 2013-01-11 16:37        262704        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-19 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-07-27 182088]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 funfrm;funfrm; [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
TCP: DhcpNameServer = 192.168.47.254
DPF: {B2E4704E-A1CA-4473-8CB1-08027E35E7FD} - hxxp://www.ssicentral.com/hlm/downloads/trial/InstallHLM7Trial.cab
FF - ProfilePath - c:\users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14  18:02:44
ComboFix-quarantined-files.txt  2013-01-14 17:02
.
Vor Suchlauf: 8 Verzeichnis(se), 85.982.584.832 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 85.673.205.760 Bytes frei
.
- - End Of File - - 631E3EA74E53B293E33771AF01F340D0

--- --- ---

markusg 14.01.2013 20:00

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

symph2 14.01.2013 22:26

Nichts gefunden:

Code:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421

14.01.2013 21:35:46
mbam-log-2013-01-14 (21-35-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 313017
Laufzeit: 47 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hat sich ComboFix etwa getäuscht?

markusg 15.01.2013 21:08

sieht alles ok aus, schon ne Verbesserung?.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

symph2 16.01.2013 21:55

Nein, ist leider noch nicht besser geworden.

Code:

7-Zip 9.20                20.06.2012                notwendig
Active Protection System        Lenovo        26.09.2009                1.70.06  notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.01.2013        6,00MB        11.5.502.146 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.01.2013        6,00MB        11.5.502.146 notwendig
Adobe Reader 9.5.3 - Deutsch        Adobe Systems Incorporated        14.01.2013        118,3MB        9.5.3 notwendig
AIMP3        AIMP DevTeam        19.06.2012                v3.00.985 notwendig
Avira Free Antivirus        Avira        14.11.2012        124,8MB        12.1.9.1236 notwendig
Broadcom 802.11 Wireless Driver                26.09.2009                1.0.0.0 notwendig
Broadcom Gigabit NetLink Controller        Broadcom Corporation        26.09.2009        0,44MB        12.26.02 notwendig
CCleaner        Piriform        22.05.2012                3.19 notwendig
Conexant HD Audio        Conexant        26.09.2009                4.98.11.60 notwendig
Energy Management        Lenovo        26.09.2009                4.3.1.2 notwendig
gretl version 1.9.9        The gretl team        08.10.2012        37,5MB        1.9.9 notwendig
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        26.09.2009        54,3MB        8.15.10.1872 notwendig
Intel(R) TV Wizard        Intel Corporation        26.09.2009        notwendig       
Intel® Matrix Storage Manager        Intel Corporation        26.09.2009 notwendig               
Java 7 Update 9        Oracle        09.09.2012        128,4MB        7.0.90 notwendig
JavaFX 2.1.1        Oracle Corporation        19.06.2012        20,9MB        2.1.1 unbekannt
Lenovo Bluetooth with Enhanced Data Rate Software        Broadcom Corporation        26.09.2009        88,4MB        6.2.0.9600 unnötig
Lenovo EasyCamera        Lenovo EasyCamera        26.09.2009                6.32.2018.08 unnötig
Lenovo OneKey Recovery        CyberLink Corp.        26.09.2009        329MB        7.0.0723 notwendig
Logitech Gaming Software 8.30        Logitech Inc.        19.06.2012        74,2MB        8.30.86 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        13.01.2013        18,4MB        1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        20.06.2012        38,8MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        20.06.2012        2,94MB        4.0.30319 unbekannt
Microsoft Silverlight        Microsoft Corporation        02.07.2012        22,7MB        5.1.10411.0 unbekannt
Microsoft SQL Server Native Client        Microsoft Corporation        26.09.2009        2,59MB        9.00.4035.00 unbekannt
Microsoft SQL Server Setup Support Files (English)        Microsoft Corporation        26.09.2009        20,1MB        9.00.4035.00 unbekannt
Microsoft SQL Server VSS Writer        Microsoft Corporation        26.09.2009        0,66MB        9.00.4035.00 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        03.07.2012        0,29MB        8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        19.06.2012        1,46MB        9.0.30411 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        19.06.2012        0,58MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        03.07.2012        0,59MB        9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        03.07.2012        12,3MB        10.0.40219 unbekannt
MiKTeX 2.9        MiKTeX.org        26.10.2012                2.9 notwendig
Mnemosyne 2.0                19.06.2012        144,1MB        notwendig
Mozilla Firefox 18.0 (x86 de)        Mozilla        10.01.2013        43,2MB        18.0 notwendig
Mozilla Maintenance Service        Mozilla        10.01.2013        0,32MB        18.0 unbekannt
Mozilla Thunderbird 17.0.2 (x86 de)        Mozilla        08.01.2013        41,9MB        17.0.2 notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.06.2012        37,00KB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        20.06.2012        1,33MB        4.20.9876.0 unbekannt
OpenOffice.org 3.4        OpenOffice.org        19.06.2012        328MB        3.4.9590        notwendig
Rainlendar2 (remove only)                19.06.2012                notwendig
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        26.09.2009                6.1.7100.30093 notwendig
Skype™ 6.0        Skype Technologies S.A.        29.12.2012        20,3MB        6.0.126 notwendig
Sophos confic-a Cleanup Tool        Sophos Plc        24.09.2012        5,27MB        1.0 notwendig
Synaptics Pointing Device Driver        Synaptics Incorporated        26.09.2009                14.0.0.3 notwendig
TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        26.10.2012                Version 1.0 Stable RC1 notwendig
VLC media player 2.0.3        VideoLAN        07.10.2012                2.0.3 notwendig


markusg 16.01.2013 22:05

deinstaliere:
Adobe Flash Player alle
Adobe - Install Adobe Flash Player
neueste version laden, instalieren.
adobe reader:
http://filepony.de/download-adobe_reader/
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Java : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Lenovo : alle mit unnötig gekennzeichneten.
Malwarebytes : bitte den Hintergrundwächter, falls aktiv, deaktivieren.

Sophos kann weg

Öffne CCleaner, analysieren, starten, pc neustarten.
öffne CCleaner, extras, autostartliste, Inhalt posten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

symph2 16.01.2013 22:57

Code:

# AdwCleaner v2.105 - Datei am 16/01/2013 um 22:53:57 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ms\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [757 octets] - [16/01/2013 22:53:57]

########## EOF - C:\AdwCleaner[R1].txt - [816 octets] ##########


markusg 17.01.2013 15:34

die autostart liste fehlt noch.

symph2 17.01.2013 15:42

oh sorry, hier ist sie:

Code:

Ja        HKCU:Run        Rainlendar2        C:\Program Files\Rainlendar2\Rainlendar2.exe
Ja        HKLM:Run        Adobe ARM        "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        avgnt        "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Ja        HKLM:Run        cAudioFilterAgent        C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
Ja        HKLM:Run        Energy Management        C:\Program Files\Lenovo\Energy Management\Energy Management.exe
Ja        HKLM:Run        EnergyUtility        C:\Program Files\Lenovo\Energy Management\utility.exe
Ja        HKLM:Run        HotKeysCmds        C:\windows\system32\hkcmd.exe
Ja        HKLM:Run        IAAnotif        C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Ja        HKLM:Run        IgfxTray        C:\windows\system32\igfxtray.exe
Ja        HKLM:Run        Launch LCore        C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
Ja        HKLM:Run        Persistence        C:\windows\system32\igfxpers.exe
Ja        HKLM:Run        SunJavaUpdateSched        "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja        HKLM:Run        SynTPEnh        %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja        HKLM:Run        TpShocks        C:\Windows\system32\TpShocks.exe
Ja        Startup Common        Bluetooth.lnk        C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe


markusg 17.01.2013 17:09

Hi
macht ja nichts.
deaktiviere alle außer:
avgnt
HotKeysCmds
SynTPEnh

auch unter Startup deaktivieren.
Falls dir was wichtiges im Autostart fehlt, kann man es reaktivieren.



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

starte neu, teste wie das System nun läuft.
Frage: ist das ein Laptop?

symph2 17.01.2013 17:24

Code:

# AdwCleaner v2.105 - Datei am 17/01/2013 um 17:14:50 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ms\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [884 octets] - [16/01/2013 22:53:57]
AdwCleaner[R2].txt - [943 octets] - [17/01/2013 15:28:16]
AdwCleaner[S2].txt - [937 octets] - [17/01/2013 17:14:50]

########## EOF - C:\AdwCleaner[S2].txt - [996 octets] ##########

Ja es ist ein Laptop.
Das Hochfahren ging schonmal schneller.
Auch Firefox und der Flashplayer scheinen auf den ersten
Versuch etwas schneller zu reagieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58