Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   CPU Auslastung 95-100% (https://www.trojaner-board.de/135150-cpu-auslastung-95-100-a.html)

kamit 18.05.2013 09:55
CPU Auslastung 95-100%
 
Hallo zusammen,

ich habe das Problem von NicNameless 12.03.2013, 16:30: mein CPU ist auf 100% ausgelastet obwohl nichts besonderes auf dem PC läuft. Sollte ich den gleichen Lösungsweg von NicNameless gehen?

Bitte um Hilfe

Danke in voraus

kamit

cosinus 19.05.2013 02:42
Hallo und :hallo:

Warum machst du keine Angaben zum Rechner? :glaskugel:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

kamit 19.05.2013 09:51
Hallo cosinus, danke für deine schnelle Antwort. Der infizierte notebook hat kein internetverbindung mehr, deshalb muss ich alle daten auf diesen pc übertragen. Ich hoffe, dass alles funktioniert wie du dir es wünscht: hier der otl.txt

(edit) OTL-Anleitung entfernt (/edit)

Ich versuche mit dem kopiere:OTL Logfile:
Code:
OTL logfile created on: 5/19/2013 10:25:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\gosia\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764.56 Mb Total Physical Memory | 212.72 Mb Available Physical Memory | 27.82% Memory free
1.75 Gb Paging File | 1.19 Gb Available in Paging File | 68.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 151.86 Gb Free Space | 70.44% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
 
Computer Name: GOSIA-HP | User Name: gosia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gosia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (Apache Software Foundation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (CpqDfw) -- system32\drivers\CpqDfw.sys File not found
DRV - (btwrchid) -- system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = SearchCompletion Search
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Qvo6.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = SearchCompletion Search
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=1f42840d-df23-418d-b13d-53335b2500fc&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Qvo6.com
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com?fr=fp-comodo"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p="
FF - user.js - File not found
 
 
 
[2013/05/07 17:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gosia\AppData\Roaming\mozilla\Extensions
[2012/10/26 17:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gosia\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/10/26 17:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gosia\AppData\Roaming\mozilla\Sunbird\Profiles\qhwdp6qc.default\extensions
 
O1 HOSTS File: ([2011/08/30 15:50:28 | 000,000,949 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost127.0.0.1      localhost127.0.0.1      localhost127.0.0.1      localhost127.0.0.1      localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\gosia\AppData\Roaming\Complitly\Complitly.dll File not found
O2 - BHO: (Reg Error: Value error.) - {2B3B078B-6D29-48B6-A437-4C9C3615FBF5} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Reg Error: Value error.) - {88985437-C8E7-4E5D-9A11-4004B33B39A6} - C:\Program Files\pcwelt\Internet Explorer\pcwelt.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\Toolbar\WebBrowser: (no name) - {DB9D7A78-A76C-4BF2-97C6-258925EE1542} - No CLSID value found.
O3 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1522757586-4258725587-572043408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB692C-A235-44D3-B147-7F82298F2BD9}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1DA1AF1-7003-42A2-B7C1-41AC2FA88546}: NameServer = 192.168.1.1,194.25.2.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ccfa052-89e5-11e0-b86b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ccfa052-89e5-11e0-b86b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3442fbf7-9a6e-11e0-b9fd-1cc1de9e5b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{3442fbf7-9a6e-11e0-b9fd-1cc1de9e5b8e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{55ba63ec-df49-11e0-bf33-1cc1de9e5b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{55ba63ec-df49-11e0-bf33-1cc1de9e5b8e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a7bc90f4-049f-11e2-afaf-70f3957f6ce9}\Shell - "" = AutoRun
O33 - MountPoints2\{a7bc90f4-049f-11e2-afaf-70f3957f6ce9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b020b07b-50f4-11e1-806e-1cc1de9e5b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{b020b07b-50f4-11e1-806e-1cc1de9e5b8e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b558c072-dd32-11df-b771-002682a8fb8a}\Shell - "" = AutoRun
O33 - MountPoints2\{b558c072-dd32-11df-b771-002682a8fb8a}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c92e03fd-dced-11df-85ad-70f3957f6ce9}\Shell - "" = AutoRun
O33 - MountPoints2\{c92e03fd-dced-11df-85ad-70f3957f6ce9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c92e040d-dced-11df-85ad-70f3957f6ce9}\Shell - "" = AutoRun
O33 - MountPoints2\{c92e040d-dced-11df-85ad-70f3957f6ce9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c92e0426-dced-11df-85ad-70f3957f6ce9}\Shell - "" = AutoRun
O33 - MountPoints2\{c92e0426-dced-11df-85ad-70f3957f6ce9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{cca50e75-89e5-11e0-ba82-1cc1de9e5b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{cca50e75-89e5-11e0-ba82-1cc1de9e5b8e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{cca50e84-89e5-11e0-ba82-1cc1de9e5b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{cca50e84-89e5-11e0-ba82-1cc1de9e5b8e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/19 10:23:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gosia\Desktop\OTL.exe
[2013/05/17 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Local\Diagnostics
[2013/05/17 07:36:26 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Local\ATI
[2013/05/17 07:35:45 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Local\PDFC
[2013/05/17 07:35:01 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Local\VirtualStore
[2013/05/16 21:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/16 21:57:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/05/16 18:39:48 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Roaming\Malwarebytes
[2013/05/16 18:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/16 18:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/16 17:29:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\gosia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/05/16 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/05/16 17:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/05/08 19:40:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/08 19:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013/05/08 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/05/08 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013/05/08 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Local\ElevatedDiagnostics
[2013/05/07 21:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/07 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\337
[2013/05/07 17:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/05/07 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\gosia\Desktop\Download
[2013/05/07 17:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013/05/06 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\gosia\Documents\DreamVideoSoft
[2013/04/30 09:28:20 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/30 09:28:20 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/30 09:28:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/30 09:28:20 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/04/30 09:28:20 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/04/30 09:28:20 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/04/30 09:28:20 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/04/30 09:28:20 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/30 09:28:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/30 09:28:20 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/04/30 09:28:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/04/30 09:28:20 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/04/30 09:28:20 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/30 09:28:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/04/30 09:28:20 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/04/30 09:28:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/04/30 09:28:20 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/04/30 09:28:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/04/30 09:28:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/04/30 09:28:20 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/30 09:28:20 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/04/30 09:28:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/04/30 09:28:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/04/30 09:28:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/04/30 09:28:20 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/04/30 09:28:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/04/30 09:28:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/04/30 09:28:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/04/30 09:28:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/04/30 09:28:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/04/30 09:28:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/04/30 09:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/30 09:28:20 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/04/30 09:28:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/04/30 09:28:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/04/30 09:28:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/04/25 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Roaming\MS-Buchhalter
[2013/04/25 00:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MS-Buchhalter
[2013/04/25 00:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS-Buchhalter Start
[2013/04/25 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\MS-Buchhalter
[2013/04/23 09:29:28 | 000,000,000 | ---D | C] -- C:\Users\gosia\Desktop\Entpacken
[2013/04/23 09:20:07 | 000,000,000 | ---D | C] -- C:\Users\gosia\Desktop\EmailAnhang
[2013/04/22 21:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/22 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/20 14:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/20 14:18:41 | 000,000,000 | ---D | C] -- C:\Users\gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2012/04/07 08:52:22 | 016,032,571 | ---- | C] (Romain Bourdon (Roms)                                      ) -- C:\Users\gosia\WampServer2.0i.exe
[2012/04/07 08:48:23 | 000,301,640 | ---- | C] (Softonic) -- C:\Users\gosia\SoftonicDownloader_fuer_wampserver.exe
[2006/09/20 19:46:22 | 004,985,856 | ---- | C] (thaler) -- C:\Program Files\tswebeditor.exe
[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/19 10:26:56 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 10:26:56 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 10:25:41 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/05/19 10:25:41 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/19 10:25:41 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/05/19 10:25:41 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/19 10:18:25 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2013/05/19 10:18:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/19 10:18:07 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/18 12:24:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gosia\Desktop\OTL.exe
[2013/05/16 21:58:01 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/16 17:26:46 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\gosia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/05/08 19:43:12 | 000,002,000 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2013/05/08 19:26:16 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013/05/07 21:03:01 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/07 17:49:53 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr100.dll
[2013/05/07 17:49:52 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp100.dll
[2013/05/07 17:49:47 | 000,001,573 | ---- | M] () -- C:\Users\gosia\Desktop\Internet Explorer.lnk
[2013/05/07 17:35:51 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/05/07 17:35:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/05/07 12:57:30 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[2013/05/03 09:24:43 | 000,010,354 | ---- | M] () -- C:\Users\gosia\Desktop\praktikum_september.odt
[2013/05/02 18:14:39 | 000,013,155 | ---- | M] () -- C:\Users\gosia\Desktop\ratenzahlung_muster.odt
[2013/04/30 09:28:20 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/30 09:28:20 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/30 09:28:20 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/30 09:28:20 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/04/30 09:28:20 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/04/30 09:28:20 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/04/30 09:28:20 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/04/30 09:28:20 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/30 09:28:20 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/30 09:28:20 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/04/30 09:28:20 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/04/30 09:28:20 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/04/30 09:28:20 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/30 09:28:20 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/04/30 09:28:20 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/04/30 09:28:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/04/30 09:28:20 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/04/30 09:28:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/04/30 09:28:20 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/04/30 09:28:20 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/30 09:28:20 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/04/30 09:28:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/04/30 09:28:20 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/04/30 09:28:20 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/04/30 09:28:20 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/04/30 09:28:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/04/30 09:28:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/04/30 09:28:20 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/04/30 09:28:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/04/30 09:28:20 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/04/30 09:28:20 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/04/30 09:28:20 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/30 09:28:20 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/04/30 09:28:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/04/30 09:28:20 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/04/30 09:28:20 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/04/30 09:28:20 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/04/27 14:59:34 | 000,171,877 | ---- | M] () -- C:\Users\gosia\EÜR_Musikschule.tzb
[2013/04/25 00:14:05 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MS-Buchhalter 3.0 Start.lnk
[2013/04/22 21:40:03 | 000,341,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/22 21:23:42 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/16 21:58:01 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/08 19:26:16 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013/05/08 19:26:07 | 000,002,000 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2013/05/07 21:03:00 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/07 21:03:00 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/07 12:57:28 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2013/05/03 09:24:42 | 000,010,354 | ---- | C] () -- C:\Users\gosia\Desktop\praktikum_september.odt
[2013/05/02 18:14:38 | 000,013,155 | ---- | C] () -- C:\Users\gosia\Desktop\ratenzahlung_muster.odt
[2013/04/30 09:28:20 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/04/27 14:59:34 | 000,171,877 | ---- | C] () -- C:\Users\gosia\EÜR_Musikschule.tzb
[2013/04/25 00:14:05 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MS-Buchhalter 3.0 Start.lnk
[2013/04/22 21:39:50 | 000,341,208 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/22 21:23:42 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/24 12:50:13 | 000,028,672 | ---- | C] () -- C:\windows\System32\hccps.dll
[2013/02/24 12:50:07 | 000,024,576 | ---- | C] () -- C:\windows\System32\hndlib.dll
[2013/02/24 12:50:00 | 000,311,296 | ---- | C] () -- C:\windows\System32\XICrCore.DLL
[2013/02/23 13:08:42 | 000,000,016 | ---- | C] () -- C:\Users\gosia\AppData\Roaming\msregsvv.dll
[2013/02/23 13:08:42 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2013/01/21 21:44:37 | 000,034,815 | ---- | C] () -- C:\Program Files\Common Files\plugin.crx
[2012/12/26 17:59:45 | 000,002,150 | ---- | C] () -- C:\Users\gosia\.recently-used.xbel
[2012/11/28 11:07:46 | 000,000,082 | ---- | C] () -- C:\windows\odbc_merge.INI
[2012/11/14 00:04:04 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/08 06:54:54 | 000,000,101 | ---- | C] () -- C:\windows\SAWReg.ini
[2012/06/26 09:44:30 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2011/12/16 21:10:07 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/09/08 19:18:37 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011/06/16 09:36:43 | 000,338,944 | ---- | C] () -- C:\windows\System32\drivers\afd.sys
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/05/31 13:38:31 | 000,088,576 | ---- | C] () -- C:\windows\AmCap.exe
[2011/01/18 16:41:56 | 088,694,089 | ---- | C] () -- C:\Users\gosia\Al Anderson & Junior Marvin.mp4
[2011/01/16 15:53:25 | 012,633,116 | ---- | C] () -- C:\Users\gosia\Impress eine Präsentation erstellen- erste Schritte.mp4
[2010/12/18 22:13:08 | 007,159,363 | ---- | C] () -- C:\Users\gosia\Dua from Quraan Saad Al-Ghamdee+mp3 Link.mp4
[2010/11/06 00:14:41 | 000,000,088 | RHS- | C] () -- C:\ProgramData\188E6822A8.sys
[2010/11/06 00:14:34 | 000,002,672 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/28 21:58:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2006/09/20 19:46:28 | 000,464,200 | ---- | C] () -- C:\Program Files\tswebeditor.jdbg
[2006/09/17 14:09:06 | 000,034,233 | ---- | C] () -- C:\Program Files\tswebeditor.jpg
[2006/05/28 19:26:06 | 000,014,832 | ---- | C] () -- C:\Program Files\german.lng
[2006/05/28 19:25:32 | 000,029,522 | ---- | C] () -- C:\Program Files\english.lng
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB1218$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
--- --- ---
kamit

kamit 19.05.2013 10:07
Noch ein versuch. ich hoffe, dass es diesesmal klappt!

kamit

cosinus 19.05.2013 20:09
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

kamit 19.05.2013 23:12
Hi cosinus, die Angaben zu meinem Rechner:
HP 625 - AMD V 120 Prozessor 2,20 GHz - Windows7 32 Bit - Arbeitsspeicher 1 GB.
Vor 4 Tagen habe ich den Recher mit einem Malwarebytes Programm gescant: hier ist die Logdatei:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
gosia :: GOSIA-HP [Administrator]

16.05.2013 18:40:13
mbam-log-2013-05-16 (18-40-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 479467
Laufzeit: 1 Stunde(n), 32 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\gosia\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 16
C:\Users\gosia\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\Documents\download_scripte\SoftonicDownloader_fuer_jitsi.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\gosia\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\libtidy.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ansonsten habe keine weitere Logfiles.

Kamit

cosinus 19.05.2013 23:48
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

kamit 20.05.2013 18:40
Hi cosinus, ich habe Combofix vom dem link den du mir gezeigt hast runtergeladen aber bei der ausführung erhalte ich folgendes:
"NSIS Error
Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to obtain a new copy."
Die Installation von Combofix hat nicht funktioniert.

Was soll ich machen!

Danke

kamit

cosinus 21.05.2013 10:09
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

kamit 21.05.2013 11:37
Hallo, Combofix hat funktioniert;hier die Logdatei:
Code:
ComboFix 13-05-20.01 - gosia 21.05.2013  12:03:24.2.1 - x86
ausgeführt von:: c:\users\gosia\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\188E6822A8.sys
c:\users\gosia\AppData\Roaming\msregsvv.dll
c:\users\gosia\videos\vlc-1.1.7-win32.exe
c:\windows\IsUn0407.exe
c:\windows\system32\SET58B.tmp
c:\windows\system32\SETFF13.tmp
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-21 07:37 . 2013-05-21 07:38        --------        d-----w-        C:\JRT
2013-05-20 19:56 . 2013-05-20 19:56        --------        d-----w-        c:\programdata\HitmanPro
2013-05-17 19:02 . 2013-05-17 19:02        --------        d-----w-        c:\users\gosia\AppData\Local\Diagnostics
2013-05-17 05:36 . 2013-05-17 05:36        --------        d-----w-        c:\users\gosia\AppData\Local\ATI
2013-05-17 05:35 . 2013-05-17 05:35        --------        d-----w-        c:\users\gosia\AppData\Local\PDFC
2013-05-17 05:35 . 2013-05-17 05:35        --------        d-----w-        c:\users\gosia\AppData\Local\VirtualStore
2013-05-16 19:57 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-05-16 16:39 . 2013-05-16 16:39        --------        d-----w-        c:\users\gosia\AppData\Roaming\Malwarebytes
2013-05-16 16:39 . 2013-05-16 16:39        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-16 16:39 . 2013-05-16 19:58        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-05-16 15:11 . 2013-05-16 15:12        --------        d-----w-        c:\programdata\Avira
2013-05-16 15:11 . 2013-05-16 15:11        --------        d-----w-        c:\program files\Avira
2013-05-08 17:26 . 2013-05-08 17:43        2000        ----a-w-        c:\windows\system32\drivers\sfi.dat
2013-05-08 17:25 . 2013-05-08 17:26        --------        d-----w-        c:\programdata\COMODO
2013-05-08 17:24 . 2013-05-08 17:24        --------        d-----w-        c:\programdata\Comodo Downloader
2013-05-07 22:14 . 2013-05-07 22:14        --------        d-----w-        c:\users\gosia\AppData\Local\ElevatedDiagnostics
2013-05-07 19:02 . 2013-05-07 19:03        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2013-04-24 22:14 . 2013-04-24 22:23        --------        d-----w-        c:\users\gosia\AppData\Roaming\MS-Buchhalter
2013-04-24 22:14 . 2013-04-24 22:14        --------        d-----w-        c:\programdata\MS-Buchhalter
2013-04-24 22:14 . 2013-04-24 22:14        --------        d-----w-        c:\program files\MS-Buchhalter
2013-04-24 07:48 . 2013-04-12 13:45        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-22 19:23 . 2013-04-22 19:23        --------        d-----w-        c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 15:49 . 2011-06-11 00:58        773712        ----a-w-        c:\windows\system32\msvcr100.dll
2013-05-07 15:49 . 2011-06-11 00:58        420944        ----a-w-        c:\windows\system32\msvcp100.dll
2013-05-07 15:35 . 2012-06-24 08:21        691592        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-07 15:35 . 2011-06-06 06:51        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-18 11:50 . 2013-04-18 11:50        0        ----a-w-        c:\windows\system32\shoA1CF.tmp
2013-04-16 13:42 . 2013-04-16 13:42        0        ----a-w-        c:\windows\system32\sho2F8D.tmp
2013-04-09 18:54 . 2013-04-09 18:54        0        ----a-w-        c:\windows\system32\sho1A4E.tmp
2013-03-29 10:01 . 2013-03-29 10:01        0        ----a-w-        c:\windows\system32\sho1AE0.tmp
2013-03-25 23:48 . 2013-03-25 23:48        0        ----a-w-        c:\windows\system32\shoFA4C.tmp
2013-03-24 09:48 . 2013-03-24 09:48        0        ----a-w-        c:\windows\system32\shoB53B.tmp
2013-03-19 05:04 . 2013-04-11 10:43        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 10:43        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-11 10:43        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-11 10:43        69632        ----a-w-        c:\windows\system32\smss.exe
2013-03-12 20:21 . 2013-03-12 20:21        0        ----a-w-        c:\windows\system32\sho9491.tmp
2013-03-06 23:32 . 2013-03-29 10:09        228600        ----a-w-        c:\windows\system32\aswBoot.exe
2013-03-01 03:09 . 2013-04-11 10:44        2347008        ----a-w-        c:\windows\system32\win32k.sys
2006-09-20 17:46 . 2006-09-20 17:46        4985856        ----a-w-        c:\program files\tswebeditor.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{88985437-C8E7-4E5D-9A11-4004B33B39A6}]
2012-02-03 12:27        128072        ----a-w-        c:\program files\pcwelt\Internet Explorer\pcwelt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^gosia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^gosia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WampServer.lnk]
path=c:\users\gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WampServer.lnk
backup=c:\windows\pss\WampServer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 03:53        2567272        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 12:41        1637496        ----a-w-        c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\estar]
2006-11-28 22:26        77824        ----a-w-        c:\system.sav\util\HideDOS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-04-05 18:11        8192        ----a-w-        c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-09-27 10:44        439440        ----a-w-        c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-02-22 18:40        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2010-03-06 21:39        563736        ----a-w-        c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
2010-03-01 17:26        256056        ----a-w-        c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03        446648        ----a-w-        c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-08 17:58        102400        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 00:17        1791272        ----a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2013-01-07 15:58        495708        ----a-w-        c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com?fr=fp-comodo
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2B3B078B-6D29-48B6-A437-4C9C3615FBF5} - c:\program files\billigerde\Internet Explorer\billigerde.dll
WebBrowser-{DB9D7A78-A76C-4BF2-97C6-258925EE1542} - (no file)
MSConfigStartUp-CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} - c:\users\gosia\AppData\Local\Temp\cis46A0.exe
MSConfigStartUp-CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} - c:\users\gosia\AppData\Local\Temp\cis46A0.exe
MSConfigStartUp-Google Update - c:\users\gosia\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Mozilla Firefox 18.0 (x86 de) - c:\program files\Mozilla Firefox\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-21  12:26:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-21 10:26
.
Vor Suchlauf: 31 Verzeichnis(se), 162.272.190.464 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 161.948.205.056 Bytes frei
.
- - End Of File - - D788E6AF7B97C05AE35C78D1F1CBF862
kamit

cosinus 21.05.2013 13:25
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

kamit 21.05.2013 14:18
Hallo, mit der Aktualisierung der DB von MBAR habe ich ein Problem, denn die internetverbindung auf dem Laptop funktioniert nicht mehr; ich muss die Programme auf einen anreden Rechner downloaden und mit einem USB-Sticker auf den notebook übertragen.
Ich hoffe, dass es gut geht!
Kamit

mbar hat das system gescant aber nichts gefunden! ich konnte die datenbank wegen fehlende internetverbindung nicht aktualisieren! hier ist die logdatei:
Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 801697792, free: 459395072

------------ Kernel report ------------
    05/21/2013 16:17:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Users\gosia\AppData\Local\Temp\ugtiqpod.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8cd6f178
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xffffffff8d09dca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff853e1030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8539c030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Initializing...
Could not initialize database
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff853e1030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853e1d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff853e1030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8539cbc0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8539c030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa5caf0b8, 0xffffffff853e1030, 0xffffffff8d131048
Lower DeviceData: 0xffffffffbedd8ac0, 0xffffffff8539c030, 0xffffffff8d131b60
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57E5C010

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 614400
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 616448  Numsec = 452124672

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 452741120  Numsec = 31457280

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 484198400  Numsec = 4184064

Cannot scan MBR because MBAM is not initialized!
Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8cd6f178, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8d06d5a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8cd6f178, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8d09dca8, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb58724d8, 0xffffffff8cd6f178, 0xffffffff8d11dac8
Lower DeviceData: 0xffffffff8bbdb298, 0xffffffff8d09dca8, 0xffffffff8d129f08
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1F0BFF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64  Numsec = 32767936
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Cannot scan MBR because MBAM is not initialized!
Disk Size: 16777216000 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 801697792, free: 450842624

------------ Kernel report ------------
    05/21/2013 16:20:15
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Users\gosia\AppData\Local\Temp\ugtiqpod.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8cd6f178
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xffffffff8d09dca8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff8d129f08
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff853e1030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8539c030
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff8d131b60
Initializing...
Could not initialize database
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff853e1030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853e1d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff853e1030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8539cbc0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8539c030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffff8ba9c330, 0xffffffff853e1030, 0xffffffff8d131048
Lower DeviceData: 0xffffffffbf2c15f0, 0xffffffff8539c030, 0xffffffff8d131b60
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57E5C010

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 614400
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 616448  Numsec = 452124672

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 452741120  Numsec = 31457280

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 484198400  Numsec = 4184064

Cannot scan MBR because MBAM is not initialized!
Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8cd6f178, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8d06d5a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8cd6f178, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8d09dca8, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffbd8b6e70, 0xffffffff8cd6f178, 0xffffffff8d11dac8
Lower DeviceData: 0xffffffffbeabe890, 0xffffffff8d09dca8, 0xffffffff8d129f08
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1F0BFF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64  Numsec = 32767936
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Cannot scan MBR because MBAM is not initialized!
Disk Size: 16777216000 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Gruß

kamit

cosinus 21.05.2013 19:46
Bitte die Anleitung richtig lesen. Du hast das falsche Log gespotet.
Warum hast du auf diesem Rechner auf einmal keine Internetverbindung mehr, was hast du da gemacht?

kamit 23.05.2013 17:45
Der Laptop, den ich gewöhnlich benutze(hp 625), ist genau derjenige, der vom Virus befallen worden ist; seitdem ist die Internetverbindung durcheinander; es funktioniert nicht mehr.
Um ans Netz zu können, benutze ich einen alten pc (Scaleo) mit XP als Betriebssystem.
Damit lade ich die Programme, die du mir empfohlen hast runter und mit einem USB Stick übertrage ich die Programme auf den Laptop.

Ich kann nicht alle diese Programme installieren, weil manche unter ihnen die Internetverbindung brauchen, um installiert zu werden.

Jetzt schicke ich dir den Logfile von Emsisoft Anti-Malware:
Code:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\, Q:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        5/22/2013 9:52:33 PM

C:\windows\System32\Drivers\afd.sys        gefunden: Gen:Variant.Symmi.20259 (B)
C:\TDSSKiller_Quarantine\21.05.2013_22.29.42\susp0000\svc0000\tsk0000.dta        gefunden: Gen:Variant.Symmi.20259 (B)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys        gefunden: Gen:Variant.Symmi.20259 (B)

Gescannt        547979
Gefunden        3

Scan Ende:        5/22/2013 11:30:08 PM
Scan Zeit:        1:37:35


Quarantäne        0
Ich weiss nicht ob das helfen könnte, aber wenn ich am Router den WLAN ausschalte, wird die CPU Auslastung im Taskmanager plötlich ganz normal!!!

Gruß

Kamit

cosinus 23.05.2013 21:41
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

kamit 23.05.2013 23:13
Hi, aswMBR.exe und TDSSKiller.exe ausgeführt hier die logfiles:

aswMBR:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-23 23:49:12
-----------------------------
23:49:12.032    OS Version: Windows 6.1.7601 Service Pack 1
23:49:12.032    Number of processors: 1 586 0x603
23:49:12.032    ComputerName: GOSIA-HP  UserName: gosia
23:49:13.093    Initialize success
23:49:30.066    AVAST engine download error: 0
23:49:47.444    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:49:47.460    Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11
23:49:47.475    Disk 0 MBR read successfully
23:49:47.491    Disk 0 MBR scan
23:49:47.491    Disk 0 Windows VISTA default MBR code
23:49:47.522    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
23:49:47.522    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      220764 MB offset 616448
23:49:47.553    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        15360 MB offset 452741120
23:49:47.569    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0    2043 MB offset 484198400
23:49:47.585    Disk 0 scanning sectors +488382464
23:49:47.647    Disk 0 scanning C:\windows\system32\drivers
23:49:55.353    Service scanning
23:50:16.819    Modules scanning
23:50:22.451    Disk 0 trace - called modules:
23:50:22.482    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x843931e8]<<
23:50:22.482    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851e25f8]
23:50:22.498    3 CLASSPNP.SYS[8764a59e] -> nt!IofCallDriver -> [0x851af918]
23:50:22.513    5 ACPI.sys[86f4f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851ad908]
23:50:22.513    \Driver\atapi[0x84d02540] -> IRP_MJ_CREATE -> 0x843931e8
23:50:22.529    Scan finished successfully
23:50:45.211    Disk 0 MBR has been saved successfully to "D:\MBR.dat"
23:50:45.227    The log file has been saved successfully to "D:\aswMBR.txt"


TDSS:

Code:
00:05:31.0686 3380  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:05:31.0686 3380  ============================================================
00:05:31.0686 3380  Current date / time: 2013/05/24 00:05:31.0686
00:05:31.0686 3380  SystemInfo:
00:05:31.0686 3380 
00:05:31.0686 3380  OS Version: 6.1.7601 ServicePack: 1.0
00:05:31.0686 3380  Product type: Workstation
00:05:31.0686 3380  ComputerName: GOSIA-HP
00:05:31.0686 3380  UserName: gosia
00:05:31.0686 3380  Windows directory: C:\windows
00:05:31.0686 3380  System windows directory: C:\windows
00:05:31.0686 3380  Processor architecture: Intel x86
00:05:31.0686 3380  Number of processors: 1
00:05:31.0686 3380  Page size: 0x1000
00:05:31.0686 3380  Boot type: Normal boot
00:05:31.0686 3380  ============================================================
00:05:32.0763 3380  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:05:32.0763 3380  ============================================================
00:05:32.0763 3380  \Device\Harddisk0\DR0:
00:05:32.0763 3380  MBR partitions:
00:05:32.0763 3380  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
00:05:32.0763 3380  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x1AF2E000
00:05:32.0763 3380  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1AFC4800, BlocksNum 0x1E00000
00:05:32.0763 3380  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1CDC4800, BlocksNum 0x3FD800
00:05:32.0763 3380  ============================================================
00:05:32.0778 3380  C: <-> \Device\Harddisk0\DR0\Partition2
00:05:32.0809 3380  F: <-> \Device\Harddisk0\DR0\Partition4
00:05:32.0809 3380  ============================================================
00:05:32.0809 3380  Initialize success
00:05:32.0809 3380  ============================================================
00:05:55.0599 2144  ============================================================
00:05:55.0599 2144  Scan started
00:05:55.0599 2144  Mode: Manual; SigCheck; TDLFS;
00:05:55.0599 2144  ============================================================
00:05:56.0722 2144  ================ Scan system memory ========================
00:05:56.0722 2144  System memory - ok
00:05:56.0722 2144  ================ Scan services =============================
00:05:56.0956 2144  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
00:05:57.0268 2144  1394ohci - ok
00:05:57.0315 2144  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
00:05:57.0331 2144  ACPI - ok
00:05:57.0378 2144  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
00:05:57.0565 2144  AcpiPmi - ok
00:05:58.0002 2144  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:05:58.0064 2144  AdobeARMservice - ok
00:05:58.0376 2144  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:05:58.0376 2144  AdobeFlashPlayerUpdateSvc - ok
00:05:58.0454 2144  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
00:05:58.0485 2144  adp94xx - ok
00:05:58.0579 2144  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
00:05:58.0594 2144  adpahci - ok
00:05:58.0641 2144  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
00:05:58.0657 2144  adpu320 - ok
00:05:58.0688 2144  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
00:05:58.0953 2144  AeLookupSvc - ok
00:05:59.0094 2144  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters    C:\Program Files\IDT\WDM\aestsrv.exe
00:05:59.0343 2144  AESTFilters - ok
00:05:59.0406 2144  [ 68F3A175C8DE693F74ACD3E4BC797A0B ] AFD            C:\windows\system32\drivers\afd.sys
00:05:59.0484 2144  AFD ( UnsignedFile.Multi.Generic ) - warning
00:05:59.0484 2144  AFD - detected UnsignedFile.Multi.Generic (1)
00:05:59.0515 2144  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
00:05:59.0515 2144  agp440 - ok
00:05:59.0546 2144  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\windows\system32\DRIVERS\djsvs.sys
00:05:59.0562 2144  aic78xx - ok
00:05:59.0624 2144  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\windows\System32\alg.exe
00:05:59.0811 2144  ALG - ok
00:05:59.0842 2144  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
00:05:59.0858 2144  aliide - ok
00:05:59.0905 2144  [ D7A045B4B2916D2EBE6D795D412B0713 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
00:06:00.0076 2144  AMD External Events Utility - ok
00:06:00.0092 2144  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
00:06:00.0108 2144  amdagp - ok
00:06:00.0123 2144  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
00:06:00.0139 2144  amdide - ok
00:06:00.0186 2144  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
00:06:00.0264 2144  AmdK8 - ok
00:06:00.0420 2144  [ 8D728258DF80AD8B5FD5225450940845 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
00:06:00.0638 2144  amdkmdag - ok
00:06:00.0685 2144  [ 9DC19641D960D301E6CA75E328169D2B ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
00:06:00.0825 2144  amdkmdap - ok
00:06:00.0856 2144  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
00:06:00.0950 2144  AmdPPM - ok
00:06:00.0981 2144  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\windows\system32\drivers\amdsata.sys
00:06:00.0997 2144  amdsata - ok
00:06:01.0028 2144  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
00:06:01.0044 2144  amdsbs - ok
00:06:01.0122 2144  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\windows\system32\drivers\amdxata.sys
00:06:01.0122 2144  amdxata - ok
00:06:01.0184 2144  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\windows\system32\drivers\appid.sys
00:06:01.0356 2144  AppID - ok
00:06:01.0387 2144  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
00:06:01.0480 2144  AppIDSvc - ok
00:06:01.0527 2144  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\windows\System32\appinfo.dll
00:06:01.0636 2144  Appinfo - ok
00:06:01.0699 2144  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\windows\system32\DRIVERS\arc.sys
00:06:01.0714 2144  arc - ok
00:06:01.0730 2144  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
00:06:01.0746 2144  arcsas - ok
00:06:01.0792 2144  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
00:06:01.0948 2144  AsyncMac - ok
00:06:01.0980 2144  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\windows\system32\drivers\atapi.sys
00:06:01.0995 2144  atapi - ok
00:06:02.0058 2144  [ C822C615B2F693EF4E5B355432976A81 ] AtiHdmiService  C:\windows\system32\drivers\AtiHdmi.sys
00:06:02.0073 2144  AtiHdmiService - ok
00:06:02.0120 2144  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie        C:\windows\system32\DRIVERS\AtiPcie.sys
00:06:02.0182 2144  AtiPcie - ok
00:06:02.0229 2144  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:06:02.0276 2144  AudioEndpointBuilder - ok
00:06:02.0292 2144  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
00:06:02.0323 2144  Audiosrv - ok
00:06:02.0370 2144  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
00:06:02.0510 2144  AxInstSV - ok
00:06:02.0557 2144  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\windows\system32\DRIVERS\bxvbdx.sys
00:06:02.0713 2144  b06bdrv - ok
00:06:02.0744 2144  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
00:06:02.0791 2144  b57nd60x - ok
00:06:02.0822 2144  BCM42RLY - ok
00:06:02.0900 2144  [ 36A47E6AB1F0967C97722183E21ADB1A ] BCM43XX        C:\windows\system32\DRIVERS\bcmwl6.sys
00:06:03.0009 2144  BCM43XX - ok
00:06:03.0072 2144  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
00:06:03.0181 2144  BDESVC - ok
00:06:03.0181 2144  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
00:06:03.0274 2144  Beep - ok
00:06:03.0337 2144  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\windows\System32\bfe.dll
00:06:03.0430 2144  BFE - ok
00:06:03.0462 2144  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\system32\qmgr.dll
00:06:03.0571 2144  BITS - ok
00:06:03.0602 2144  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
00:06:03.0664 2144  blbdrive - ok
00:06:03.0696 2144  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
00:06:03.0742 2144  bowser - ok
00:06:03.0774 2144  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
00:06:03.0883 2144  BrFiltLo - ok
00:06:03.0898 2144  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
00:06:04.0008 2144  BrFiltUp - ok
00:06:04.0070 2144  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
00:06:04.0179 2144  BridgeMP - ok
00:06:04.0210 2144  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\windows\System32\browser.dll
00:06:04.0242 2144  Browser - ok
00:06:04.0257 2144  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\windows\System32\Drivers\Brserid.sys
00:06:04.0382 2144  Brserid - ok
00:06:04.0398 2144  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
00:06:04.0444 2144  BrSerWdm - ok
00:06:04.0476 2144  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
00:06:04.0600 2144  BrUsbMdm - ok
00:06:04.0616 2144  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
00:06:04.0663 2144  BrUsbSer - ok
00:06:04.0725 2144  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
00:06:05.0053 2144  BthEnum - ok
00:06:05.0068 2144  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
00:06:05.0115 2144  BTHMODEM - ok
00:06:05.0146 2144  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
00:06:05.0240 2144  BthPan - ok
00:06:05.0271 2144  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
00:06:05.0365 2144  BTHPORT - ok
00:06:05.0412 2144  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\windows\system32\bthserv.dll
00:06:05.0474 2144  bthserv - ok
00:06:05.0505 2144  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
00:06:05.0568 2144  BTHUSB - ok
00:06:05.0583 2144  btwaudio - ok
00:06:05.0599 2144  btwavdt - ok
00:06:05.0614 2144  btwl2cap - ok
00:06:05.0630 2144  btwrchid - ok
00:06:05.0739 2144  catchme - ok
00:06:05.0786 2144  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
00:06:05.0911 2144  cdfs - ok
00:06:05.0973 2144  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
00:06:06.0082 2144  cdrom - ok
00:06:06.0129 2144  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\windows\System32\certprop.dll
00:06:06.0192 2144  CertPropSvc - ok
00:06:06.0207 2144  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
00:06:06.0363 2144  circlass - ok
00:06:06.0394 2144  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
00:06:06.0410 2144  CLFS - ok
00:06:06.0472 2144  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:06.0488 2144  clr_optimization_v2.0.50727_32 - ok
00:06:06.0566 2144  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:06.0597 2144  clr_optimization_v4.0.30319_32 - ok
00:06:06.0613 2144  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
00:06:06.0644 2144  CmBatt - ok
00:06:06.0660 2144  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
00:06:06.0675 2144  cmdide - ok
00:06:06.0722 2144  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\windows\system32\Drivers\cng.sys
00:06:06.0738 2144  CNG - ok
00:06:06.0784 2144  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
00:06:06.0784 2144  Compbatt - ok
00:06:06.0816 2144  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
00:06:06.0956 2144  CompositeBus - ok
00:06:06.0972 2144  COMSysApp - ok
00:06:07.0018 2144  CpqDfw - ok
00:06:07.0050 2144  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
00:06:07.0050 2144  crcdisk - ok
00:06:07.0128 2144  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
00:06:07.0190 2144  CryptSvc - ok
00:06:07.0299 2144  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:06:07.0315 2144  cvhsvc - ok
00:06:07.0362 2144  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
00:06:07.0440 2144  DcomLaunch - ok
00:06:07.0486 2144  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\windows\System32\defragsvc.dll
00:06:07.0596 2144  defragsvc - ok
00:06:07.0658 2144  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
00:06:07.0752 2144  DfsC - ok
00:06:07.0798 2144  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
00:06:07.0939 2144  Dhcp - ok
00:06:07.0970 2144  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
00:06:08.0048 2144  discache - ok
00:06:08.0110 2144  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
00:06:08.0126 2144  Disk - ok
00:06:08.0157 2144  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
00:06:08.0266 2144  Dnscache - ok
00:06:08.0313 2144  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\windows\System32\dot3svc.dll
00:06:08.0438 2144  dot3svc - ok
00:06:08.0469 2144  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\windows\system32\dps.dll
00:06:08.0578 2144  DPS - ok
00:06:08.0625 2144  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
00:06:08.0672 2144  drmkaud - ok
00:06:08.0703 2144  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
00:06:08.0750 2144  DXGKrnl - ok
00:06:08.0797 2144  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\windows\System32\eapsvc.dll
00:06:08.0922 2144  EapHost - ok
00:06:09.0000 2144  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\windows\system32\DRIVERS\evbdx.sys
00:06:09.0140 2144  ebdrv - ok
00:06:09.0187 2144  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\windows\System32\lsass.exe
00:06:09.0265 2144  EFS - ok
00:06:09.0327 2144  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
00:06:09.0405 2144  ehRecvr - ok
00:06:09.0436 2144  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\windows\ehome\ehsched.exe
00:06:09.0514 2144  ehSched - ok
00:06:09.0546 2144  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
00:06:09.0577 2144  elxstor - ok
00:06:09.0592 2144  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
00:06:09.0686 2144  ErrDev - ok
00:06:09.0748 2144  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\windows\system32\es.dll
00:06:09.0889 2144  EventSystem - ok
00:06:09.0920 2144  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\windows\system32\drivers\exfat.sys
00:06:10.0014 2144  exfat - ok
00:06:10.0045 2144  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\windows\system32\drivers\fastfat.sys
00:06:10.0154 2144  fastfat - ok
00:06:10.0201 2144  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\windows\system32\fxssvc.exe
00:06:10.0326 2144  Fax - ok
00:06:10.0357 2144  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\windows\system32\DRIVERS\fdc.sys
00:06:10.0388 2144  fdc - ok
00:06:10.0404 2144  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\windows\system32\fdPHost.dll
00:06:10.0528 2144  fdPHost - ok
00:06:10.0544 2144  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
00:06:10.0684 2144  FDResPub - ok
00:06:10.0700 2144  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
00:06:10.0716 2144  FileInfo - ok
00:06:10.0731 2144  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
00:06:10.0840 2144  Filetrace - ok
00:06:10.0872 2144  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
00:06:10.0981 2144  flpydisk - ok
00:06:11.0012 2144  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
00:06:11.0028 2144  FltMgr - ok
00:06:11.0090 2144  [ E12C4928B32ACE04610259647F072635 ] FontCache      C:\windows\system32\FntCache.dll
00:06:11.0215 2144  FontCache - ok
00:06:11.0262 2144  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:06:11.0277 2144  FontCache3.0.0.0 - ok
00:06:11.0293 2144  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
00:06:11.0308 2144  FsDepends - ok
00:06:11.0402 2144  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
00:06:11.0418 2144  Fs_Rec - ok
00:06:11.0480 2144  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
00:06:11.0496 2144  fvevol - ok
00:06:11.0542 2144  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
00:06:11.0558 2144  gagp30kx - ok
00:06:11.0605 2144  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\windows\System32\gpsvc.dll
00:06:11.0714 2144  gpsvc - ok
00:06:11.0730 2144  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
00:06:11.0823 2144  hcw85cir - ok
00:06:11.0901 2144  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:06:11.0979 2144  HdAudAddService - ok
00:06:12.0010 2144  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
00:06:12.0120 2144  HDAudBus - ok
00:06:12.0151 2144  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
00:06:12.0260 2144  HidBatt - ok
00:06:12.0291 2144  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
00:06:12.0385 2144  HidBth - ok
00:06:12.0432 2144  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
00:06:12.0447 2144  HidIr - ok
00:06:12.0478 2144  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\windows\System32\hidserv.dll
00:06:12.0650 2144  hidserv - ok
00:06:12.0697 2144  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
00:06:12.0790 2144  HidUsb - ok
00:06:12.0837 2144  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
00:06:12.0962 2144  hkmsvc - ok
00:06:13.0009 2144  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:06:13.0118 2144  HomeGroupListener - ok
00:06:13.0149 2144  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:06:13.0274 2144  HomeGroupProvider - ok
00:06:13.0399 2144  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:06:13.0414 2144  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
00:06:13.0414 2144  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
00:06:13.0492 2144  [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:06:13.0508 2144  HP Wireless Assistant Service - ok
00:06:13.0602 2144  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:06:13.0664 2144  HPDrvMntSvc.exe - ok
00:06:13.0711 2144  [ 4D94F4D7782657E79EB1352570B563DB ] hpHotkeyMonitor C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
00:06:13.0726 2144  hpHotkeyMonitor - ok
00:06:13.0789 2144  [ EE9F88368739554DCCA142AE0214BCB1 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
00:06:13.0789 2144  HpqKbFiltr - ok
00:06:13.0820 2144  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
00:06:13.0867 2144  hpqwmiex - ok
00:06:13.0929 2144  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
00:06:13.0929 2144  HpSAMD - ok
00:06:13.0976 2144  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
00:06:14.0038 2144  HTTP - ok
00:06:14.0070 2144  hwdatacard - ok
00:06:14.0101 2144  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
00:06:14.0116 2144  hwpolicy - ok
00:06:14.0132 2144  hwusbdev - ok
00:06:14.0194 2144  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
00:06:14.0257 2144  i8042prt - ok
00:06:14.0288 2144  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
00:06:14.0304 2144  iaStorV - ok
00:06:14.0366 2144  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:06:14.0413 2144  idsvc - ok
00:06:14.0522 2144  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
00:06:14.0740 2144  igfx - ok
00:06:14.0787 2144  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
00:06:14.0803 2144  iirsp - ok
00:06:14.0881 2144  [ 54E0F4CCD6CE99A807459AF928DD64AC ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
00:06:14.0896 2144  IJPLMSVC - ok
00:06:14.0959 2144  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
00:06:15.0037 2144  IKEEXT - ok
00:06:15.0068 2144  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
00:06:15.0084 2144  intelide - ok
00:06:15.0130 2144  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
00:06:15.0162 2144  intelppm - ok
00:06:15.0208 2144  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\windows\system32\ipbusenum.dll
00:06:15.0286 2144  IPBusEnum - ok
00:06:15.0318 2144  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
00:06:15.0396 2144  IpFilterDriver - ok
00:06:15.0489 2144  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
00:06:15.0598 2144  iphlpsvc - ok
00:06:15.0614 2144  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
00:06:15.0708 2144  IPMIDRV - ok
00:06:15.0739 2144  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\windows\system32\drivers\ipnat.sys
00:06:15.0817 2144  IPNAT - ok
00:06:15.0848 2144  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
00:06:16.0004 2144  IRENUM - ok
00:06:16.0020 2144  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
00:06:16.0035 2144  isapnp - ok
00:06:16.0051 2144  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
00:06:16.0082 2144  iScsiPrt - ok
00:06:16.0129 2144  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
00:06:16.0129 2144  kbdclass - ok
00:06:16.0160 2144  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
00:06:16.0269 2144  kbdhid - ok
00:06:16.0285 2144  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
00:06:16.0300 2144  KeyIso - ok
00:06:16.0347 2144  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
00:06:16.0363 2144  KSecDD - ok
00:06:16.0394 2144  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
00:06:16.0410 2144  KSecPkg - ok
00:06:16.0441 2144  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\windows\system32\msdtckrm.dll
00:06:16.0597 2144  KtmRm - ok
00:06:16.0644 2144  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
00:06:16.0800 2144  LanmanServer - ok
00:06:16.0815 2144  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:06:16.0878 2144  LanmanWorkstation - ok
00:06:16.0909 2144  [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:06:16.0987 2144  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:06:16.0987 2144  LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:06:17.0034 2144  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
00:06:17.0080 2144  lltdio - ok
00:06:17.0112 2144  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\windows\System32\lltdsvc.dll
00:06:17.0252 2144  lltdsvc - ok
00:06:17.0283 2144  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\windows\System32\lmhsvc.dll
00:06:17.0330 2144  lmhosts - ok
00:06:17.0392 2144  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
00:06:17.0408 2144  LSI_FC - ok
00:06:17.0424 2144  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
00:06:17.0439 2144  LSI_SAS - ok
00:06:17.0455 2144  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
00:06:17.0470 2144  LSI_SAS2 - ok
00:06:17.0502 2144  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
00:06:17.0502 2144  LSI_SCSI - ok
00:06:17.0517 2144  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\windows\system32\drivers\luafv.sys
00:06:17.0611 2144  luafv - ok
00:06:17.0658 2144  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
00:06:17.0704 2144  Mcx2Svc - ok
00:06:17.0720 2144  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
00:06:17.0736 2144  megasas - ok
00:06:17.0767 2144  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
00:06:17.0782 2144  MegaSR - ok
00:06:17.0814 2144  MFE_RR - ok
00:06:17.0860 2144  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\windows\system32\mmcss.dll
00:06:17.0907 2144  MMCSS - ok
00:06:17.0938 2144  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\windows\system32\drivers\modem.sys
00:06:18.0063 2144  Modem - ok
00:06:18.0079 2144  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
00:06:18.0126 2144  monitor - ok
00:06:18.0172 2144  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
00:06:18.0172 2144  mouclass - ok
00:06:18.0204 2144  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
00:06:18.0313 2144  mouhid - ok
00:06:18.0344 2144  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
00:06:18.0360 2144  mountmgr - ok
00:06:18.0438 2144  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:06:18.0453 2144  MozillaMaintenance - ok
00:06:18.0469 2144  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
00:06:18.0484 2144  mpio - ok
00:06:18.0516 2144  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
00:06:18.0562 2144  mpsdrv - ok
00:06:18.0640 2144  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
00:06:18.0750 2144  MpsSvc - ok
00:06:18.0781 2144  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
00:06:18.0874 2144  MRxDAV - ok
00:06:18.0906 2144  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
00:06:19.0046 2144  mrxsmb - ok
00:06:19.0093 2144  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
00:06:19.0155 2144  mrxsmb10 - ok
00:06:19.0171 2144  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
00:06:19.0218 2144  mrxsmb20 - ok
00:06:19.0249 2144  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
00:06:19.0264 2144  msahci - ok
00:06:19.0280 2144  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\windows\system32\drivers\msdsm.sys
00:06:19.0296 2144  msdsm - ok
00:06:19.0311 2144  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\windows\System32\msdtc.exe
00:06:19.0389 2144  MSDTC - ok
00:06:19.0436 2144  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
00:06:19.0530 2144  Msfs - ok
00:06:19.0545 2144  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
00:06:19.0654 2144  mshidkmdf - ok
00:06:19.0686 2144  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
00:06:19.0701 2144  msisadrv - ok
00:06:19.0764 2144  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
00:06:19.0810 2144  MSiSCSI - ok
00:06:19.0810 2144  msiserver - ok
00:06:19.0842 2144  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
00:06:19.0888 2144  MSKSSRV - ok
00:06:19.0904 2144  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
00:06:20.0060 2144  MSPCLOCK - ok
00:06:20.0076 2144  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
00:06:20.0232 2144  MSPQM - ok
00:06:20.0263 2144  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
00:06:20.0278 2144  MsRPC - ok
00:06:20.0294 2144  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
00:06:20.0294 2144  mssmbios - ok
00:06:20.0325 2144  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
00:06:20.0388 2144  MSTEE - ok
00:06:20.0403 2144  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
00:06:20.0434 2144  MTConfig - ok
00:06:20.0466 2144  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\windows\system32\Drivers\mup.sys
00:06:20.0466 2144  Mup - ok
00:06:20.0512 2144  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
00:06:20.0544 2144  napagent - ok
00:06:20.0606 2144  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
00:06:20.0668 2144  NativeWifiP - ok
00:06:20.0715 2144  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
00:06:20.0746 2144  NDIS - ok
00:06:20.0762 2144  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
00:06:20.0871 2144  NdisCap - ok
00:06:20.0918 2144  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
00:06:21.0012 2144  NdisTapi - ok
00:06:21.0043 2144  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
00:06:21.0152 2144  Ndisuio - ok
00:06:21.0183 2144  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
00:06:21.0324 2144  NdisWan - ok
00:06:21.0355 2144  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
00:06:21.0448 2144  NDProxy - ok
00:06:21.0480 2144  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
00:06:21.0604 2144  NetBIOS - ok
00:06:21.0636 2144  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
00:06:21.0745 2144  NetBT - ok
00:06:21.0823 2144  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
00:06:21.0838 2144  Netlogon - ok
00:06:21.0901 2144  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
00:06:21.0979 2144  Netman - ok
00:06:22.0010 2144  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
00:06:22.0088 2144  netprofm - ok
00:06:22.0119 2144  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:06:22.0135 2144  NetTcpPortSharing - ok
00:06:22.0150 2144  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
00:06:22.0166 2144  nfrd960 - ok
00:06:22.0213 2144  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
00:06:22.0244 2144  NlaSvc - ok
00:06:22.0260 2144  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
00:06:22.0369 2144  Npfs - ok
00:06:22.0384 2144  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\windows\system32\nsisvc.dll
00:06:22.0478 2144  nsi - ok
00:06:22.0494 2144  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
00:06:22.0556 2144  nsiproxy - ok
00:06:22.0618 2144  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
00:06:22.0665 2144  Ntfs - ok
00:06:22.0681 2144  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
00:06:22.0743 2144  Null - ok
00:06:22.0790 2144  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
00:06:22.0806 2144  nvraid - ok
00:06:22.0821 2144  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
00:06:22.0837 2144  nvstor - ok
00:06:22.0852 2144  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
00:06:22.0868 2144  nv_agp - ok
00:06:22.0884 2144  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
00:06:22.0962 2144  ohci1394 - ok
00:06:23.0024 2144  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:06:23.0024 2144  ose - ok
00:06:23.0133 2144  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:06:23.0274 2144  osppsvc - ok
00:06:23.0305 2144  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
00:06:23.0398 2144  p2pimsvc - ok
00:06:23.0430 2144  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
00:06:23.0476 2144  p2psvc - ok
00:06:23.0523 2144  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\windows\system32\DRIVERS\parport.sys
00:06:23.0773 2144  Parport - ok
00:06:23.0820 2144  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\windows\system32\drivers\partmgr.sys
00:06:23.0835 2144  partmgr - ok
00:06:23.0851 2144  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
00:06:23.0960 2144  Parvdm - ok
00:06:23.0991 2144  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
00:06:24.0054 2144  PcaSvc - ok
00:06:24.0085 2144  pccsmcfd - ok
00:06:24.0132 2144  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\windows\system32\drivers\pci.sys
00:06:24.0147 2144  pci - ok
00:06:24.0163 2144  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
00:06:24.0178 2144  pciide - ok
00:06:24.0194 2144  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
00:06:24.0272 2144  pcmcia - ok
00:06:24.0288 2144  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\windows\system32\drivers\pcw.sys
00:06:24.0303 2144  pcw - ok
00:06:24.0350 2144  pdfcDispatcher - ok
00:06:24.0381 2144  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
00:06:24.0428 2144  PEAUTH - ok
00:06:24.0506 2144  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\windows\system32\pla.dll
00:06:24.0631 2144  pla - ok
00:06:24.0678 2144  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
00:06:24.0771 2144  PlugPlay - ok
00:06:24.0787 2144  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
00:06:24.0880 2144  PNRPAutoReg - ok
00:06:24.0912 2144  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
00:06:24.0990 2144  PNRPsvc - ok
00:06:25.0005 2144  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
00:06:25.0052 2144  PolicyAgent - ok
00:06:25.0083 2144  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\windows\system32\umpo.dll
00:06:25.0161 2144  Power - ok
00:06:25.0224 2144  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
00:06:25.0270 2144  PptpMiniport - ok
00:06:25.0302 2144  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\windows\system32\DRIVERS\processr.sys
00:06:25.0395 2144  Processor - ok
00:06:25.0442 2144  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\windows\system32\profsvc.dll
00:06:25.0520 2144  ProfSvc - ok
00:06:25.0536 2144  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
00:06:25.0567 2144  ProtectedStorage - ok
00:06:25.0598 2144  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
00:06:25.0692 2144  Psched - ok
00:06:25.0754 2144  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
00:06:25.0785 2144  PxHelp20 - ok
00:06:25.0848 2144  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
00:06:25.0894 2144  ql2300 - ok
00:06:25.0941 2144  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
00:06:25.0957 2144  ql40xx - ok
00:06:25.0988 2144  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\windows\system32\qwave.dll
00:06:26.0050 2144  QWAVE - ok
00:06:26.0082 2144  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
00:06:26.0144 2144  QWAVEdrv - ok
00:06:26.0160 2144  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
00:06:26.0222 2144  RasAcd - ok
00:06:26.0269 2144  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
00:06:26.0378 2144  RasAgileVpn - ok
00:06:26.0409 2144  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\windows\System32\rasauto.dll
00:06:26.0487 2144  RasAuto - ok
00:06:26.0503 2144  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
00:06:26.0596 2144  Rasl2tp - ok
00:06:26.0659 2144  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
00:06:26.0721 2144  RasMan - ok
00:06:26.0737 2144  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
00:06:26.0846 2144  RasPppoe - ok
00:06:26.0877 2144  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
00:06:27.0018 2144  RasSstp - ok
00:06:27.0064 2144  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
00:06:27.0127 2144  rdbss - ok
00:06:27.0158 2144  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
00:06:27.0189 2144  rdpbus - ok
00:06:27.0220 2144  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
00:06:27.0361 2144  RDPCDD - ok
00:06:27.0423 2144  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
00:06:27.0470 2144  RDPENCDD - ok
00:06:27.0486 2144  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
00:06:27.0579 2144  RDPREFMP - ok
00:06:27.0626 2144  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
00:06:27.0704 2144  RDPWD - ok
00:06:27.0751 2144  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
00:06:27.0766 2144  rdyboost - ok
00:06:27.0798 2144  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
00:06:27.0876 2144  RemoteAccess - ok
00:06:27.0891 2144  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
00:06:28.0047 2144  RemoteRegistry - ok
00:06:28.0094 2144  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
00:06:28.0141 2144  RFCOMM - ok
00:06:28.0266 2144  [ C48AE8B3067261A48FCC31979A3A1EB9 ] RoxMediaDB10    c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
00:06:28.0375 2144  RoxMediaDB10 - ok
00:06:28.0422 2144  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
00:06:28.0484 2144  RpcEptMapper - ok
00:06:28.0500 2144  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
00:06:28.0562 2144  RpcLocator - ok
00:06:28.0593 2144  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\windows\system32\rpcss.dll
00:06:28.0687 2144  RpcSs - ok
00:06:28.0749 2144  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
00:06:28.0843 2144  rspndr - ok
00:06:28.0890 2144  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167        C:\windows\system32\DRIVERS\Rt86win7.sys
00:06:28.0936 2144  RTL8167 - ok
00:06:28.0999 2144  [ A33E97AB22C481AFC2BDA6731C0E1B8B ] rtsuvc          C:\windows\system32\DRIVERS\rtsuvc.sys
00:06:29.0077 2144  rtsuvc - ok
00:06:29.0092 2144  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\windows\system32\lsass.exe
00:06:29.0124 2144  SamSs - ok
00:06:29.0170 2144  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
00:06:29.0186 2144  sbp2port - ok
00:06:29.0217 2144  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
00:06:29.0311 2144  SCardSvr - ok
00:06:29.0358 2144  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
00:06:29.0482 2144  scfilter - ok
00:06:29.0514 2144  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
00:06:29.0607 2144  Schedule - ok
00:06:29.0638 2144  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\windows\System32\certprop.dll
00:06:29.0670 2144  SCPolicySvc - ok
00:06:29.0685 2144  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
00:06:29.0810 2144  SDRSVC - ok
00:06:29.0857 2144  [ 16A252022535B680046F6E34E136D378 ] SeaPort        C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:06:29.0872 2144  SeaPort - ok
00:06:29.0919 2144  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
00:06:30.0028 2144  secdrv - ok
00:06:30.0060 2144  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
00:06:30.0169 2144  seclogon - ok
00:06:30.0216 2144  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
00:06:30.0278 2144  SENS - ok
00:06:30.0309 2144  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
00:06:30.0418 2144  SensrSvc - ok
00:06:30.0465 2144  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
00:06:30.0543 2144  Serenum - ok
00:06:30.0574 2144  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
00:06:30.0621 2144  Serial - ok
00:06:30.0637 2144  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
00:06:30.0668 2144  sermouse - ok
00:06:30.0715 2144  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
00:06:30.0793 2144  SessionEnv - ok
00:06:30.0808 2144  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
00:06:30.0964 2144  sffdisk - ok
00:06:30.0980 2144  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
00:06:31.0058 2144  sffp_mmc - ok
00:06:31.0074 2144  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
00:06:31.0152 2144  sffp_sd - ok
00:06:31.0167 2144  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
00:06:31.0198 2144  sfloppy - ok
00:06:31.0261 2144  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs          C:\windows\system32\DRIVERS\Sftfslh.sys
00:06:31.0276 2144  Sftfs - ok
00:06:31.0339 2144  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist        C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
00:06:31.0370 2144  sftlist - ok
00:06:31.0386 2144  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay        C:\windows\system32\DRIVERS\Sftplaylh.sys
00:06:31.0401 2144  Sftplay - ok
00:06:31.0417 2144  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
00:06:31.0432 2144  Sftredir - ok
00:06:31.0448 2144  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
00:06:31.0464 2144  Sftvol - ok
00:06:31.0479 2144  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
00:06:31.0495 2144  sftvsa - ok
00:06:31.0573 2144  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
00:06:31.0620 2144  SharedAccess - ok
00:06:31.0635 2144  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:06:31.0729 2144  ShellHWDetection - ok
00:06:31.0760 2144  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
00:06:31.0760 2144  sisagp - ok
00:06:31.0807 2144  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
00:06:31.0822 2144  SiSRaid2 - ok
00:06:31.0838 2144  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
00:06:31.0854 2144  SiSRaid4 - ok
00:06:31.0963 2144  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
00:06:31.0978 2144  SkypeUpdate - ok
00:06:32.0010 2144  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\windows\system32\DRIVERS\smb.sys
00:06:32.0041 2144  Smb - ok
00:06:32.0103 2144  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
00:06:32.0150 2144  SNMPTRAP - ok
00:06:32.0181 2144  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\windows\system32\drivers\spldr.sys
00:06:32.0181 2144  spldr - ok
00:06:32.0228 2144  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\windows\System32\spoolsv.exe
00:06:32.0290 2144  Spooler - ok
00:06:32.0353 2144  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
00:06:32.0524 2144  sppsvc - ok
00:06:32.0571 2144  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\windows\system32\sppuinotify.dll
00:06:32.0665 2144  sppuinotify - ok
00:06:32.0743 2144  [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd            C:\windows\System32\Drivers\sptd.sys
00:06:32.0836 2144  sptd - ok
00:06:32.0930 2144  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\windows\system32\DRIVERS\srv.sys
00:06:33.0070 2144  srv - ok
00:06:33.0102 2144  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
00:06:33.0164 2144  srv2 - ok
00:06:33.0195 2144  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
00:06:33.0289 2144  srvnet - ok
00:06:33.0304 2144  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
00:06:33.0351 2144  SSDPSRV - ok
00:06:33.0382 2144  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\windows\system32\sstpsvc.dll
00:06:33.0429 2144  SstpSvc - ok
00:06:33.0538 2144  [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
00:06:33.0570 2144  STacSV - ok
00:06:33.0601 2144  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
00:06:33.0616 2144  stexstor - ok
00:06:33.0663 2144  [ 8A8246F40792956E957F3E8D0C188963 ] STHDA          C:\windows\system32\DRIVERS\stwrt.sys
00:06:33.0726 2144  STHDA - ok
00:06:33.0772 2144  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
00:06:33.0882 2144  StiSvc - ok
00:06:33.0944 2144  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:06:33.0944 2144  stllssvr - ok
00:06:33.0991 2144  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
00:06:34.0006 2144  swenum - ok
00:06:34.0038 2144  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\windows\System32\swprv.dll
00:06:34.0162 2144  swprv - ok
00:06:34.0225 2144  [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
00:06:34.0303 2144  SynTP - ok
00:06:34.0350 2144  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\windows\system32\sysmain.dll
00:06:34.0428 2144  SysMain - ok
00:06:34.0459 2144  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
00:06:34.0584 2144  TabletInputService - ok
00:06:34.0615 2144  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\windows\System32\tapisrv.dll
00:06:34.0740 2144  TapiSrv - ok
00:06:34.0755 2144  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\windows\System32\tbssvc.dll
00:06:34.0849 2144  TBS - ok
00:06:34.0911 2144  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
00:06:34.0958 2144  Tcpip - ok
00:06:35.0020 2144  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
00:06:35.0052 2144  TCPIP6 - ok
00:06:35.0098 2144  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
00:06:35.0161 2144  tcpipreg - ok
00:06:35.0208 2144  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
00:06:35.0270 2144  TDPIPE - ok
00:06:35.0286 2144  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
00:06:35.0332 2144  TDTCP - ok
00:06:35.0379 2144  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
00:06:35.0473 2144  tdx - ok
00:06:35.0488 2144  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
00:06:35.0504 2144  TermDD - ok
00:06:35.0551 2144  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\windows\System32\termsrv.dll
00:06:35.0644 2144  TermService - ok
00:06:35.0676 2144  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
00:06:35.0754 2144  Themes - ok
00:06:35.0769 2144  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\windows\system32\mmcss.dll
00:06:35.0832 2144  THREADORDER - ok
00:06:35.0878 2144  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM            C:\windows\system32\drivers\tpm.sys
00:06:35.0956 2144  TPM - ok
00:06:35.0988 2144  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
00:06:36.0066 2144  TrkWks - ok
00:06:36.0097 2144  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:06:36.0144 2144  TrustedInstaller - ok
00:06:36.0159 2144  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
00:06:36.0284 2144  tssecsrv - ok
00:06:36.0331 2144  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
00:06:36.0362 2144  TsUsbFlt - ok
00:06:36.0409 2144  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
00:06:36.0456 2144  tunnel - ok
00:06:36.0471 2144  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
00:06:36.0549 2144  uagp35 - ok
00:06:36.0565 2144  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
00:06:36.0643 2144  udfs - ok
00:06:36.0690 2144  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\windows\system32\UI0Detect.exe
00:06:36.0783 2144  UI0Detect - ok
00:06:36.0830 2144  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
00:06:36.0846 2144  uliagpkx - ok
00:06:36.0877 2144  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\windows\system32\drivers\umbus.sys
00:06:36.0939 2144  umbus - ok
00:06:36.0955 2144  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
00:06:37.0017 2144  UmPass - ok
00:06:37.0048 2144  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
00:06:37.0173 2144  upnphost - ok
00:06:37.0204 2144  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
00:06:37.0236 2144  usbccgp - ok
00:06:37.0251 2144  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
00:06:37.0360 2144  usbcir - ok
00:06:37.0392 2144  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\windows\system32\DRIVERS\usbehci.sys
00:06:37.0485 2144  usbehci - ok
00:06:37.0516 2144  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
00:06:37.0532 2144  usbhub - ok
00:06:37.0548 2144  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\windows\system32\DRIVERS\usbohci.sys
00:06:37.0626 2144  usbohci - ok
00:06:37.0672 2144  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
00:06:37.0782 2144  usbprint - ok
00:06:37.0828 2144  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\windows\system32\DRIVERS\usbscan.sys
00:06:37.0906 2144  usbscan - ok
00:06:37.0969 2144  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
00:06:38.0125 2144  USBSTOR - ok
00:06:38.0140 2144  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
00:06:38.0187 2144  usbuhci - ok
00:06:38.0218 2144  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
00:06:38.0250 2144  usbvideo - ok
00:06:38.0281 2144  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\windows\System32\uxsms.dll
00:06:38.0390 2144  UxSms - ok
00:06:38.0421 2144  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
00:06:38.0437 2144  VaultSvc - ok
00:06:38.0484 2144  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
00:06:38.0484 2144  vdrvroot - ok
00:06:38.0530 2144  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\windows\System32\vds.exe
00:06:38.0577 2144  vds - ok
00:06:38.0624 2144  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
00:06:38.0671 2144  vga - ok
00:06:38.0702 2144  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\windows\System32\drivers\vga.sys
00:06:38.0842 2144  VgaSave - ok
00:06:38.0874 2144  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
00:06:38.0889 2144  vhdmp - ok
00:06:38.0936 2144  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
00:06:38.0952 2144  viaagp - ok
00:06:38.0967 2144  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\windows\system32\DRIVERS\viac7.sys
00:06:39.0014 2144  ViaC7 - ok
00:06:39.0045 2144  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
00:06:39.0061 2144  viaide - ok
00:06:39.0061 2144  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
00:06:39.0076 2144  volmgr - ok
00:06:39.0108 2144  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
00:06:39.0123 2144  volmgrx - ok
00:06:39.0170 2144  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\windows\system32\drivers\volsnap.sys
00:06:39.0186 2144  volsnap - ok
00:06:39.0217 2144  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
00:06:39.0232 2144  vsmraid - ok
00:06:39.0264 2144  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\windows\system32\vssvc.exe
00:06:39.0326 2144  VSS - ok
00:06:39.0342 2144  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
00:06:39.0388 2144  vwifibus - ok
00:06:39.0420 2144  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
00:06:39.0529 2144  vwififlt - ok
00:06:39.0560 2144  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
00:06:39.0622 2144  vwifimp - ok
00:06:39.0654 2144  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\windows\system32\w32time.dll
00:06:39.0700 2144  W32Time - ok
00:06:39.0732 2144  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
00:06:39.0825 2144  WacomPen - ok
00:06:39.0966 2144  [ F41E453A90EF19217CEE1675F5256EE7 ] wampapache      c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
00:06:40.0075 2144  wampapache ( UnsignedFile.Multi.Generic ) - warning
00:06:40.0075 2144  wampapache - detected UnsignedFile.Multi.Generic (1)
00:06:40.0122 2144  wampmysqld - ok
00:06:40.0153 2144  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
00:06:40.0231 2144  WANARP - ok
00:06:40.0231 2144  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
00:06:40.0324 2144  Wanarpv6 - ok
00:06:40.0371 2144  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
00:06:40.0527 2144  wbengine - ok
00:06:40.0558 2144  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
00:06:40.0652 2144  WbioSrvc - ok
00:06:40.0683 2144  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\windows\System32\wcncsvc.dll
00:06:40.0761 2144  wcncsvc - ok
00:06:40.0792 2144  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:06:40.0948 2144  WcsPlugInService - ok
00:06:40.0964 2144  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
00:06:40.0980 2144  Wd - ok
00:06:41.0042 2144  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
00:06:41.0073 2144  Wdf01000 - ok
00:06:41.0089 2144  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
00:06:41.0167 2144  WdiServiceHost - ok
00:06:41.0167 2144  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\windows\system32\wdi.dll
00:06:41.0214 2144  WdiSystemHost - ok
00:06:41.0245 2144  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\windows\System32\webclnt.dll
00:06:41.0276 2144  WebClient - ok
00:06:41.0292 2144  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
00:06:41.0354 2144  Wecsvc - ok
00:06:41.0370 2144  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\windows\System32\wercplsupport.dll
00:06:41.0448 2144  wercplsupport - ok
00:06:41.0494 2144  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
00:06:41.0557 2144  WerSvc - ok
00:06:41.0604 2144  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
00:06:41.0666 2144  WfpLwf - ok
00:06:41.0697 2144  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
00:06:41.0713 2144  WIMMount - ok
00:06:41.0791 2144  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
00:06:41.0853 2144  WinDefend - ok
00:06:41.0869 2144  WinHttpAutoProxySvc - ok
00:06:41.0931 2144  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
00:06:41.0994 2144  Winmgmt - ok
00:06:42.0040 2144  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\windows\system32\WsmSvc.dll
00:06:42.0118 2144  WinRM - ok
00:06:42.0181 2144  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
00:06:42.0212 2144  WinUsb - ok
00:06:42.0274 2144  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\windows\System32\wlansvc.dll
00:06:42.0399 2144  Wlansvc - ok
00:06:42.0430 2144  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
00:06:42.0555 2144  WmiAcpi - ok
00:06:42.0586 2144  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
00:06:42.0649 2144  wmiApSrv - ok
00:06:42.0696 2144  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
00:06:42.0836 2144  WMPNetworkSvc - ok
00:06:42.0852 2144  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
00:06:42.0930 2144  WPCSvc - ok
00:06:42.0961 2144  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
00:06:43.0070 2144  WPDBusEnum - ok
00:06:43.0101 2144  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
00:06:43.0304 2144  ws2ifsl - ok
00:06:43.0351 2144  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
00:06:43.0429 2144  wscsvc - ok
00:06:43.0444 2144  WSearch - ok
00:06:43.0569 2144  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
00:06:43.0647 2144  wuauserv - ok
00:06:43.0710 2144  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
00:06:43.0772 2144  WudfPf - ok
00:06:43.0788 2144  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
00:06:43.0803 2144  WUDFRd - ok
00:06:43.0834 2144  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
00:06:43.0850 2144  wudfsvc - ok
00:06:43.0881 2144  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\windows\System32\wwansvc.dll
00:06:43.0897 2144  WwanSvc - ok
00:06:43.0975 2144  ================ Scan global ===============================
00:06:44.0006 2144  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
00:06:44.0037 2144  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
00:06:44.0068 2144  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
00:06:44.0100 2144  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
00:06:44.0115 2144  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
00:06:44.0131 2144  [Global] - ok
00:06:44.0131 2144  ================ Scan MBR ==================================
00:06:44.0146 2144  [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0
00:06:44.0474 2144  \Device\Harddisk0\DR0 - ok
00:06:44.0474 2144  ================ Scan VBR ==================================
00:06:44.0474 2144  [ 824A36C3A08714CCC87744E931867668 ] \Device\Harddisk0\DR0\Partition1
00:06:44.0490 2144  \Device\Harddisk0\DR0\Partition1 - ok
00:06:44.0490 2144  [ 9E173DAB83DF37E1EF618077E664ECF1 ] \Device\Harddisk0\DR0\Partition2
00:06:44.0505 2144  \Device\Harddisk0\DR0\Partition2 - ok
00:06:44.0536 2144  [ 49C0A4AE0ADB91AC6F3642CB5C405B78 ] \Device\Harddisk0\DR0\Partition3
00:06:44.0536 2144  \Device\Harddisk0\DR0\Partition3 - ok
00:06:44.0583 2144  [ E4FE0789A1710379F1F129937A4C1319 ] \Device\Harddisk0\DR0\Partition4
00:06:44.0583 2144  \Device\Harddisk0\DR0\Partition4 - ok
00:06:44.0599 2144  ============================================================
00:06:44.0599 2144  Scan finished
00:06:44.0599 2144  ============================================================
00:06:44.0599 2884  Detected object count: 4
00:06:44.0599 2884  Actual detected object count: 4
00:07:49.0183 2884  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
00:07:49.0183 2884  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:07:49.0183 2884  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:07:49.0183 2884  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:07:49.0183 2884  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:07:49.0183 2884  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:07:49.0183 2884  wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
00:07:49.0183 2884  wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 24.05.2013 10:01
Funktioniert die Internetverbindung immer noch nicht?

Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • SecurityCenter / ActionCenter
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

kamit 24.05.2013 18:40
Hi, die Internetverbindung funktioniert leider immer nocht nicht.
hier die FSS.txt
Code:
Farbar Service Scanner Version: 14-04-2013
Ran by gosia (administrator) on 24-05-2013 at 19:34:00
Running from "C:\Users\gosia\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys
[2011-06-16 09:36] - [2011-04-25 04:18] - 0338944 ____A () 68F3A175C8DE693F74ACD3E4BC797A0B

ATTENTION!=====> C:\windows\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Als ich den notebook hochgefahren habe, habe ich eine Datei in Prozessmanager zum ersten mal gesehen:userinit.exe!!!!!

Kamit

cosinus 24.05.2013 18:52
Zitat:
Hi, die Internetverbindung funktioniert leider immer nocht nicht.
Ja, das seh ich schon im Log :D

(Lösche combofix.exe vom Desktop und lade es neu runter, übertrag es auf den infizierten PC)

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

kamit 27.05.2013 18:22
Hi cosinus, ich schaffe es nicht mehr mein notebook zu desinfizieren. Der Schaden ist zu groß und das Virus hat sich an mehreren Stellen des Notebooks eingenisst.
Gestern wollte ich XP neu einpielen, aber der CD-Laufwerk wird auch nicht mehr vom Rechner erkannt.
Gibt es die Möglichkeit via USB mit einem Programm mein Laufwerk zu formatieren?

Danke in voraus

kamit

cosinus 27.05.2013 20:49
Zitat:
aber der CD-Laufwerk wird auch nicht mehr vom Rechner erkannt.
Was heißt das, om BIOS schon nicht mehr?
Dir ist klar, dass du von der Windows-DVD booten musst?
Und wieso bitte XP, auf diesem Rechner läuft Windows7....

kamit 28.05.2013 08:41
Ich habe vor drei Jahren den Rechner bei einem Subunternehmer von O2 billig gekauft. Nachteil: es war kein Windows-DVD dabei aber Windows7 war bereits installiert...

cosinus 28.05.2013 09:18
Das beantwortet nicht meine Frage zur Erkennung des optischen Laufwerks
Und eine Win7-DVD kannst du dir selber machen => http://www.trojaner-board.de/100776-...tml#post676887


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131