| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus löscht Verknüpfungen, Ordner leer/nicht vorhandenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2012, 15:42
| #1 |
| /// Malwareteam   |  Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Hallo, ich hab folgendes Problem: Gestern habe ich mir einen Virus gefangen, der meine Verknüpfungen gelöscht (es kommen Fehlermeldungen, dass meine Festplatte zerstört ist). Meine Ordner und mein Laufwerk ist auch leer. Ich habe hier erstmal ein bisschen gelesen und mit Malwarebytes 4 Scans (2 gestern, 2 heute) gemacht. Ich poste hier gleich die drei Logs nach der Reihe. Die Fehlermeldungen sind weg und meine Dateien habe ich mit Unhide wieder sichtbar gemacht. Trotzdem traue ich dem Computer nicht, auch wenn der letzt Scan keine Viren mehr angezeigt hat. Ich hoffe mal ihr könnt mir noch ein paar Tips gegen und noch mal mein System überprüfen. Hier die Logs von Malwarebytes: Gestern 1. Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.01.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jonas Hanke :: JONASH [Administrator] 26.03.2012 17:34:55 mbam-log-2012-03-25 (17-34-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 693635 Laufzeit: 1 Stunde(n), 34 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.01.13.04 Windows 7 Service Pack 1 x64 FAT32 Internet Explorer 8.0.7601.17514 Jonas Hanke :: JONASH [Administrator] 26.03.2012 21:36:55 mbam-log-2012-03-26 (15-36-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 684161 Laufzeit: 1 Stunde(n), 28 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\System Volume Information\SystemRestore\FRStaging\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.26.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jonas Hanke :: JONASH [Administrator] 27.03.2012 10:55:51 mbam-log-2012-03-26 (18-55-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 726766 Laufzeit: 1 Stunde(n), 28 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$WINDOWS.~Q\DATA\ProgramData\XCMsXSJotCWrp.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Jonas |
|
28.03.2012, 14:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
28.03.2012, 18:37
| #3 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Hey, danke schomal für die schnelle Antwort. Ich habe beim ersten mal den Scaner gestartet und bei 9 % kam eine Meldung von Avira AntiVir, dass ich einen weiteren Virus habe (hab diesen sofort gelöscht). Der Name ist TR/Kazy.62856.1. Danach habe ich ESET erstmal abgebrochen, dann aber nach kurzer Zeit neugestartet (damit ESET, falls es eine neuinfizierung gäbe, nochmal alle Dateien überprüft). Im zweiten Versuch lief alles gut und nach 3:40 Stunden scanen kam diese Logdatei herraus:
__________________Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 01:47:02
# local_time=2012-03-28 03:47:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 78627 69473126 76112 0
# compatibility_mode=5893 16776573 100 94 61484 84571113 0 0
# compatibility_mode=8192 67108863 100 0 187 187 0 0
# scanned=15586
# found=0
# cleaned=0
# scan_time=1159
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 05:30:18
# local_time=2012-03-28 07:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 79942 69474441 77427 0
# compatibility_mode=5893 16776573 100 94 62799 84572428 0 0
# compatibility_mode=8192 67108863 100 0 1502 1502 0 0
# scanned=406375
# found=0
# cleaned=0
# scan_time=13240
|
|
28.03.2012, 20:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2012, 14:38
| #5 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Hier der Inhalt aus der OTL.txt Datei: Code:
ATTFilter OTL logfile created on: 29.03.2012 15:21:02 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jonas Hanke\Desktop 64bit-Windows XP Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,62% Memory free 15,82 Gb Paging File | 13,75 Gb Available in Paging File | 86,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,72 Gb Total Space | 360,28 Gb Free Space | 52,16% Space Free | Partition Type: NTFS Drive D: | 7,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JONASH | User Name: Jonas Hanke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe PRC - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.01.30 02:11:17 | 000,327,680 | ---- | M] (Zemi Interactive Inc.) -- C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe PRC - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.01 13:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.07.14 01:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe PRC - [2008.08.08 17:30:40 | 000,532,808 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.03.27 13:57:43 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll MOD - [2012.03.27 13:55:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll MOD - [2012.03.27 13:55:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll MOD - [2012.03.26 21:54:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.03.26 21:54:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll MOD - [2012.03.26 21:54:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.03.26 21:54:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.03.26 21:54:23 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll MOD - [2012.03.26 21:54:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.03.26 21:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.03.26 21:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.03.26 21:54:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.03.26 21:54:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.08.03 13:50:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.01 17:34:22 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll MOD - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.15 20:33:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.25 17:12:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.18 17:42:58 | 000,763,904 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service) SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.01.19 18:17:32 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2012.01.19 17:58:11 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.10.02 13:54:37 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.06.28 17:47:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 17:47:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 17:43:22 | 002,702,952 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64) DRV:64bit: - [2011.02.18 17:43:20 | 000,068,712 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2011.02.18 17:43:16 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64) DRV:64bit: - [2011.01.27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.14 13:25:04 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits) DRV:64bit: - [2010.12.06 15:56:26 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.03 14:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2010.02.11 19:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.28 02:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.07.01 21:08:23 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {593DD466-8269-45F1-8534-5E1E2405540A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{593DD466-8269-45F1-8534-5E1E2405540A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {3401B925-3912-4D57-9048-E78033D8156B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{3401B925-3912-4D57-9048-E78033D8156B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonas Hanke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012.03.25 21:53:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDEC6066-9D9D-4130-AE95-87B8EDC0F449}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.iac2 - File not found Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.iv31 - File not found Drivers32:64bit: vidc.iv32 - File not found Drivers32:64bit: vidc.iv41 - File not found Drivers32:64bit: vidc.iv50 - File not found Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.28 15:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.27 17:33:47 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.27 17:33:47 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.26 18:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.03.26 18:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.03.26 18:32:29 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe [2012.03.26 17:40:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe [2012.03.26 15:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.26 15:36:38 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.03.25 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.03.25 22:17:08 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q [2012.03.25 21:57:24 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR [2012.03.25 21:37:42 | 000,000,000 | --SD | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Videos [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Saved Games [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Pictures [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Music [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Links [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Favorites [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Downloads [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Documents [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Desktop [2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Vorlagen [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Verlauf [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Temporary Internet Files [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Startmenü [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\SendTo [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Recent [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Netzwerkumgebung [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Lokale Einstellungen [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Videos [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Musik [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Eigene Dateien [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Bilder [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Druckumgebung [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Cookies [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Anwendungsdaten [2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Anwendungsdaten [2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Temp [2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Microsoft [2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs [2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData [2012.03.25 21:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite [2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.03.25 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.03.25 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.03.25 21:33:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.03.25 17:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes [2012.03.25 17:33:57 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.25 17:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.25 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.25 17:33:32 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.18 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\GeneChro [2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Documents\Arduino [2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino [2012.03.17 19:12:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\arduino-1.0 [2012.03.17 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\FTDI [2012.03.15 21:49:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\Spiel [2012.03.11 17:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eligium [2012.03.11 17:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eligium [2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader [2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eligium_0_90_1_en [2012.03.07 19:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixLin [2012.03.06 16:36:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon [2012.03.03 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\PAYDAY [2012.03.03 00:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.02.29 16:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce [2012.02.29 16:28:58 | 000,000,000 | ---D | C] -- C:\BrickForce [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.29 15:22:17 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.29 15:22:17 | 000,698,046 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.29 15:22:17 | 000,652,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.29 15:22:17 | 000,148,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.29 15:22:17 | 000,121,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe [2012.03.29 15:15:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.29 15:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.29 15:14:13 | 2074,394,623 | -HS- | M] () -- C:\hiberfil.sys [2012.03.29 06:55:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.26 21:47:57 | 000,342,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.26 21:34:33 | 001,593,026 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.26 20:07:17 | 000,001,090 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk [2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.26 18:32:31 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe [2012.03.26 17:08:57 | 000,022,213 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.03.26 15:36:39 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.26 06:51:07 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat [2012.03.25 23:00:57 | 000,626,149 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.03.25 22:35:08 | 000,022,960 | -H-- | M] () -- C:\Windows\SysNative\emptyregdb.dat [2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf [2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2012.03.25 21:35:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.03.25 20:26:45 | 000,004,562 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm [2012.03.25 17:30:32 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.22 23:41:36 | 000,499,284 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png [2012.03.20 23:59:29 | 000,001,475 | ---- | M] () -- C:\Users\Jonas Hanke\.recently-used.xbel [2012.03.20 19:06:42 | 003,892,467 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv [2012.03.20 16:53:50 | 001,022,644 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv [2012.03.18 22:44:11 | 679,171,242 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.17 19:18:31 | 001,256,512 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip [2012.03.17 18:05:16 | 001,365,803 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip [2012.03.17 17:49:17 | 090,223,398 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip [2012.03.17 14:31:42 | 000,000,786 | ---- | M] () -- C:\Windows\ST5UNST.005 [2012.03.16 20:54:22 | 000,005,324 | ---- | M] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png [2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.02.29 22:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.02.28 17:40:59 | 000,014,554 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Snake_Jonas.jar [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.27 18:26:13 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe [2012.03.26 20:07:17 | 000,001,090 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk [2012.03.26 15:36:39 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.26 06:51:07 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat [2012.03.25 22:56:35 | 001,593,026 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.25 22:54:51 | 000,001,419 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.03.25 22:54:43 | 000,001,453 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.03.25 22:44:43 | 2074,394,623 | -HS- | C] () -- C:\hiberfil.sys [2012.03.25 22:35:08 | 000,022,960 | -H-- | C] () -- C:\Windows\SysNative\emptyregdb.dat [2012.03.25 21:37:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.03.25 21:37:23 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf [2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2012.03.25 21:35:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.03.25 20:26:46 | 000,004,562 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm [2012.03.22 23:53:53 | 000,499,284 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png [2012.03.22 22:59:24 | 003,892,467 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv [2012.03.22 22:59:24 | 001,022,644 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv [2012.03.20 23:59:29 | 000,001,475 | ---- | C] () -- C:\Users\Jonas Hanke\.recently-used.xbel [2012.03.17 19:18:31 | 001,256,512 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip [2012.03.17 18:05:16 | 001,365,803 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip [2012.03.17 17:46:24 | 090,223,398 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip [2012.03.17 14:31:37 | 000,000,786 | ---- | C] () -- C:\Windows\ST5UNST.005 [2012.03.16 20:54:21 | 000,005,324 | ---- | C] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png [2012.03.07 19:23:29 | 000,001,037 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PixLin.LNK [2011.12.28 21:31:08 | 000,000,338 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.10.22 14:34:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.10.09 17:48:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.26 19:03:14 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.26 19:03:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.14 17:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2011.08.14 17:38:50 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011.08.14 17:38:50 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011.08.14 17:38:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011.08.14 17:38:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2011.08.14 17:38:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2011.08.02 20:57:03 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.08.02 20:53:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.07.02 15:24:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.07.01 21:08:23 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys [2011.06.28 19:34:15 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.25 17:13:03 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.06.25 17:13:01 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.06.25 17:13:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.06.25 17:08:19 | 000,000,101 | ---- | C] () -- C:\Windows\OEM.ini [2011.06.25 17:08:19 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini [2011.06.25 16:57:15 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.25 16:57:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.25 16:57:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.03.25 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\Detlev Hanke\AppData\Roaming\Protector Suite [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino [2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla [2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0 [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++ [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite [2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly [2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft [2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity [2012.03.25 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\.minecraft [2011.12.03 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Clonk Rage [2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Cornelsen [2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DAEMON Tools Lite [2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Dev-Cpp [2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoft [2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Notepad++ [2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\ProtectDisc [2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Protector Suite [2012.03.25 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Ubisoft [2009.07.14 07:08:49 | 000,006,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Adobe [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino [2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Avira [2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Corel [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla [2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0 [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Identities [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\InstallShield [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Intel Corporation [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Macromedia [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes [2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs [2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2012.03.25 22:34:19 | 000,000,000 | --SD | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft [2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Nero [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++ [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NVIDIA [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc [2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite [2012.03.29 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Skype [2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly [2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft [2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity < %APPDATA%\*.exe /s > [2012.03.06 16:36:36 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\System Volume Information\SystemRestore\FRStaging\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2009.06.05 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.12.16 09:52:04 | 010,992,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk < End of report > |
|
29.03.2012, 15:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
@Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk
:Files
C:\Program Files (x86)\Mein Gutscheincode Finder
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden |
|
29.03.2012, 15:26
| #7 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Fix ausgeführt, lief alles ohne Probleme ab. Der Inhalt der Logdatei: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XCMsXSJotCWrp.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableClock deleted successfully.
ADS C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Mein Gutscheincode Finder not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Detlev Hanke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 707 bytes
User: Jonas Hanke
->Temp folder emptied: 7078751 bytes
->Temporary Internet Files folder emptied: 235389872 bytes
->Java cache emptied: 24760036 bytes
->Flash cache emptied: 1296 bytes
User: Jonas Schule
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 3836645 bytes
->Flash cache emptied: 10631 bytes
User: Public
User: TEMP
User: TEMP.JonasH
User: TEMP.JonasH.000
User: TEMP.JonasH.001
User: TEMP.JonasH.002
User: TEMP.JonasH.003
User: TEMP.JonasH.004
User: TEMP.JonasH.005
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43497731 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 593920 bytes
Total Files Cleaned = 301,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Detlev Hanke
->Flash cache emptied: 0 bytes
User: Jonas Hanke
->Flash cache emptied: 0 bytes
User: Jonas Schule
->Flash cache emptied: 0 bytes
User: Public
User: TEMP
User: TEMP.JonasH
User: TEMP.JonasH.000
User: TEMP.JonasH.001
User: TEMP.JonasH.002
User: TEMP.JonasH.003
User: TEMP.JonasH.004
User: TEMP.JonasH.005
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161954
Files\Folders moved on Reboot...
C:\Users\Jonas Hanke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
29.03.2012, 15:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 16:22
| #9 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Danke nochmal für die schnelle Antworten. Das Scan von dem TDSSKillder ist ohne probleme abgelaufen. Hier der Log: Code:
ATTFilter 17:15:32.0827 1680 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:15:32.0921 1680 ============================================================
17:15:32.0921 1680 Current date / time: 2012/03/29 17:15:32.0921
17:15:32.0921 1680 SystemInfo:
17:15:32.0921 1680
17:15:32.0921 1680 OS Version: 6.1.7601 ServicePack: 1.0
17:15:32.0921 1680 Product type: Workstation
17:15:32.0921 1680 ComputerName: JONASH
17:15:32.0921 1680 UserName: Jonas Hanke
17:15:32.0921 1680 Windows directory: C:\Windows
17:15:32.0921 1680 System windows directory: C:\Windows
17:15:32.0921 1680 Running under WOW64
17:15:32.0921 1680 Processor architecture: Intel x64
17:15:32.0921 1680 Number of processors: 4
17:15:32.0921 1680 Page size: 0x1000
17:15:32.0921 1680 Boot type: Normal boot
17:15:32.0921 1680 ============================================================
17:15:33.0498 1680 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:33.0592 1680 \Device\Harddisk0\DR0:
17:15:33.0592 1680 MBR used
17:15:33.0592 1680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFA0800, BlocksNum 0x32000
17:15:33.0592 1680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD2800, BlocksNum 0x56573000
17:15:33.0654 1680 Initialize success
17:15:33.0654 1680 ============================================================
17:16:32.0593 5416 ============================================================
17:16:32.0593 5416 Scan started
17:16:32.0593 5416 Mode: Manual; SigCheck; TDLFS;
17:16:32.0593 5416 ============================================================
17:16:33.0638 5416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:16:33.0716 5416 1394ohci - ok
17:16:34.0106 5416 acedrv07 (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
17:16:34.0138 5416 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
17:16:34.0138 5416 acedrv07 - detected UnsignedFile.Multi.Generic (1)
17:16:34.0481 5416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:16:34.0512 5416 ACPI - ok
17:16:34.0855 5416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:16:34.0902 5416 AcpiPmi - ok
17:16:35.0105 5416 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:16:35.0120 5416 AdobeARMservice - ok
17:16:35.0510 5416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:16:35.0542 5416 adp94xx - ok
17:16:35.0916 5416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:16:35.0947 5416 adpahci - ok
17:16:36.0337 5416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:16:36.0368 5416 adpu320 - ok
17:16:36.0665 5416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:16:36.0712 5416 AeLookupSvc - ok
17:16:37.0148 5416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:16:37.0195 5416 AFD - ok
17:16:37.0538 5416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:16:37.0554 5416 agp440 - ok
17:16:37.0975 5416 Ak27x64 (99bcfb8c4009e749fda3a8d23d2e5c93) C:\Windows\system32\DRIVERS\Ak27x64.sys
17:16:38.0022 5416 Ak27x64 - ok
17:16:38.0303 5416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:38.0350 5416 ALG - ok
17:16:38.0740 5416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:16:38.0755 5416 aliide - ok
17:16:39.0098 5416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:16:39.0130 5416 amdide - ok
17:16:39.0473 5416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:16:39.0520 5416 AmdK8 - ok
17:16:39.0910 5416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:16:39.0941 5416 AmdPPM - ok
17:16:40.0331 5416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:16:40.0362 5416 amdsata - ok
17:16:40.0736 5416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:16:40.0768 5416 amdsbs - ok
17:16:41.0095 5416 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:16:41.0126 5416 amdxata - ok
17:16:41.0345 5416 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:16:41.0376 5416 AntiVirSchedulerService - ok
17:16:41.0392 5416 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:16:41.0407 5416 AntiVirService - ok
17:16:41.0797 5416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:16:41.0875 5416 AppID - ok
17:16:42.0296 5416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:42.0359 5416 AppIDSvc - ok
17:16:42.0686 5416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:16:42.0764 5416 Appinfo - ok
17:16:43.0108 5416 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:16:43.0170 5416 AppMgmt - ok
17:16:43.0560 5416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:16:43.0576 5416 arc - ok
17:16:43.0934 5416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:16:43.0950 5416 arcsas - ok
17:16:44.0293 5416 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:16:44.0309 5416 aspnet_state - ok
17:16:44.0699 5416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:44.0792 5416 AsyncMac - ok
17:16:45.0214 5416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:16:45.0229 5416 atapi - ok
17:16:45.0557 5416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0635 5416 AudioEndpointBuilder - ok
17:16:45.0650 5416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0682 5416 AudioSrv - ok
17:16:46.0040 5416 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:16:46.0072 5416 avgntflt - ok
17:16:46.0399 5416 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:16:46.0430 5416 avipbb - ok
17:16:46.0711 5416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:16:46.0758 5416 AxInstSV - ok
17:16:47.0195 5416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:16:47.0226 5416 b06bdrv - ok
17:16:47.0616 5416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:47.0663 5416 b57nd60a - ok
17:16:47.0944 5416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:47.0990 5416 BDESVC - ok
17:16:48.0365 5416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:48.0412 5416 Beep - ok
17:16:48.0755 5416 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:16:48.0833 5416 BFE - ok
17:16:49.0223 5416 BfLwf (6b6ee63887bab99a745d7e3358bc8b20) C:\Windows\system32\DRIVERS\bflwfx64.sys
17:16:49.0238 5416 BfLwf - ok
17:16:49.0582 5416 BFN7x64 (851bfc266ac6424f44f7dfb05de4d803) C:\Windows\system32\drivers\Xeno7x64.sys
17:16:49.0597 5416 BFN7x64 - ok
17:16:49.0706 5416 Bigfoot Networks Killer Service (c08c3a1a45846891b5a97301d179db40) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
17:16:49.0738 5416 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - warning
17:16:49.0738 5416 Bigfoot Networks Killer Service - detected UnsignedFile.Multi.Generic (1)
17:16:50.0050 5416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:16:50.0128 5416 BITS - ok
17:16:50.0502 5416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:50.0533 5416 blbdrive - ok
17:16:50.0908 5416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:16:50.0939 5416 bowser - ok
17:16:51.0298 5416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:16:51.0344 5416 BrFiltLo - ok
17:16:51.0703 5416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:16:51.0734 5416 BrFiltUp - ok
17:16:52.0015 5416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:16:52.0109 5416 Browser - ok
17:16:52.0514 5416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:52.0546 5416 Brserid - ok
17:16:52.0920 5416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:52.0967 5416 BrSerWdm - ok
17:16:53.0341 5416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:53.0372 5416 BrUsbMdm - ok
17:16:53.0747 5416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:53.0778 5416 BrUsbSer - ok
17:16:54.0152 5416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:16:54.0184 5416 BTHMODEM - ok
17:16:54.0464 5416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:54.0527 5416 bthserv - ok
17:16:54.0886 5416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:54.0948 5416 cdfs - ok
17:16:55.0322 5416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:55.0354 5416 cdrom - ok
17:16:55.0650 5416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:55.0712 5416 CertPropSvc - ok
17:16:56.0102 5416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:16:56.0134 5416 circlass - ok
17:16:56.0461 5416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:56.0492 5416 CLFS - ok
17:16:56.0758 5416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:56.0789 5416 clr_optimization_v2.0.50727_32 - ok
17:16:56.0898 5416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:56.0929 5416 clr_optimization_v2.0.50727_64 - ok
17:16:57.0163 5416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:57.0179 5416 clr_optimization_v4.0.30319_32 - ok
17:16:57.0522 5416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:57.0538 5416 clr_optimization_v4.0.30319_64 - ok
17:16:57.0896 5416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:57.0928 5416 CmBatt - ok
17:16:58.0271 5416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:16:58.0302 5416 cmdide - ok
17:16:58.0645 5416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:16:58.0692 5416 CNG - ok
17:16:59.0020 5416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:59.0051 5416 Compbatt - ok
17:16:59.0394 5416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:16:59.0441 5416 CompositeBus - ok
17:16:59.0690 5416 COMSysApp - ok
17:17:00.0065 5416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:17:00.0080 5416 crcdisk - ok
17:17:00.0361 5416 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:17:00.0455 5416 CryptSvc - ok
17:17:00.0845 5416 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:17:00.0923 5416 CSC - ok
17:17:01.0219 5416 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:17:01.0282 5416 CscService - ok
17:17:01.0594 5416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:01.0656 5416 DcomLaunch - ok
17:17:01.0952 5416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:17:02.0030 5416 defragsvc - ok
17:17:02.0405 5416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:17:02.0452 5416 DfsC - ok
17:17:02.0748 5416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:17:02.0842 5416 Dhcp - ok
17:17:03.0185 5416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:17:03.0232 5416 discache - ok
17:17:03.0622 5416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:17:03.0637 5416 Disk - ok
17:17:03.0996 5416 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:17:04.0043 5416 dmvsc - ok
17:17:04.0308 5416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:17:04.0370 5416 Dnscache - ok
17:17:04.0651 5416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:17:04.0745 5416 dot3svc - ok
17:17:05.0026 5416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:17:05.0104 5416 DPS - ok
17:17:05.0478 5416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:17:05.0525 5416 drmkaud - ok
17:17:05.0899 5416 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:05.0930 5416 dtsoftbus01 - ok
17:17:06.0289 5416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:06.0320 5416 DXGKrnl - ok
17:17:06.0601 5416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:17:06.0679 5416 EapHost - ok
17:17:07.0132 5416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:17:07.0288 5416 ebdrv - ok
17:17:07.0568 5416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:17:07.0615 5416 EFS - ok
17:17:07.0787 5416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:17:07.0849 5416 ehRecvr - ok
17:17:07.0865 5416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:17:07.0880 5416 ehSched - ok
17:17:08.0208 5416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:17:08.0239 5416 elxstor - ok
17:17:08.0614 5416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:17:08.0645 5416 ErrDev - ok
17:17:08.0941 5416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:17:09.0004 5416 EventSystem - ok
17:17:09.0409 5416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:17:09.0472 5416 exfat - ok
17:17:09.0830 5416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:17:09.0893 5416 fastfat - ok
17:17:10.0205 5416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:17:10.0252 5416 Fax - ok
17:17:10.0610 5416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:17:10.0657 5416 fdc - ok
17:17:10.0907 5416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:17:10.0985 5416 fdPHost - ok
17:17:11.0281 5416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:17:11.0344 5416 FDResPub - ok
17:17:11.0702 5416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:17:11.0718 5416 FileInfo - ok
17:17:12.0061 5416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:17:12.0124 5416 Filetrace - ok
17:17:12.0342 5416 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:12.0389 5416 FLEXnet Licensing Service - ok
17:17:12.0732 5416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:17:12.0763 5416 flpydisk - ok
17:17:13.0106 5416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:17:13.0138 5416 FltMgr - ok
17:17:13.0418 5416 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:17:13.0528 5416 FontCache - ok
17:17:13.0715 5416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:13.0715 5416 FontCache3.0.0.0 - ok
17:17:13.0980 5416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:17:13.0996 5416 FsDepends - ok
17:17:14.0354 5416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:14.0370 5416 Fs_Rec - ok
17:17:14.0744 5416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:17:14.0776 5416 fvevol - ok
17:17:15.0134 5416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:17:15.0150 5416 gagp30kx - ok
17:17:15.0446 5416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:17:15.0493 5416 gpsvc - ok
17:17:15.0665 5416 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0696 5416 gupdate - ok
17:17:15.0696 5416 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0712 5416 gupdatem - ok
17:17:16.0039 5416 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:17:16.0055 5416 hamachi - ok
17:17:16.0258 5416 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:17:16.0367 5416 Hamachi2Svc - ok
17:17:16.0726 5416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:17:16.0757 5416 hcw85cir - ok
17:17:17.0131 5416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:17.0178 5416 HDAudBus - ok
17:17:17.0537 5416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:17:17.0568 5416 HidBatt - ok
17:17:17.0927 5416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:17:17.0958 5416 HidBth - ok
17:17:18.0317 5416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:17:18.0348 5416 HidIr - ok
17:17:18.0613 5416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:17:18.0691 5416 hidserv - ok
17:17:19.0066 5416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:19.0081 5416 HidUsb - ok
17:17:19.0362 5416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:17:19.0440 5416 hkmsvc - ok
17:17:19.0736 5416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:17:19.0783 5416 HomeGroupListener - ok
17:17:20.0080 5416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:17:20.0111 5416 HomeGroupProvider - ok
17:17:20.0485 5416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:17:20.0501 5416 HpSAMD - ok
17:17:20.0860 5416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:17:20.0922 5416 HTTP - ok
17:17:21.0296 5416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:17:21.0312 5416 hwpolicy - ok
17:17:21.0686 5416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:21.0718 5416 i8042prt - ok
17:17:22.0061 5416 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
17:17:22.0076 5416 iaStor - ok
17:17:22.0279 5416 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:17:22.0295 5416 IAStorDataMgrSvc - ok
17:17:22.0685 5416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:17:22.0716 5416 iaStorV - ok
17:17:22.0919 5416 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:17:22.0950 5416 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:17:22.0950 5416 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:17:23.0200 5416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:23.0246 5416 idsvc - ok
17:17:23.0761 5416 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:17:24.0073 5416 igfx - ok
17:17:24.0448 5416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:17:24.0479 5416 iirsp - ok
17:17:24.0760 5416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:17:24.0838 5416 IKEEXT - ok
17:17:25.0274 5416 IntcAzAudAddService (72a253efca059d8cf303371255624890) C:\Windows\system32\drivers\RTKVHD64.sys
17:17:25.0337 5416 IntcAzAudAddService - ok
17:17:25.0711 5416 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:17:25.0742 5416 IntcDAud - ok
17:17:26.0101 5416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:17:26.0132 5416 intelide - ok
17:17:26.0476 5416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:26.0522 5416 intelppm - ok
17:17:26.0819 5416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:17:26.0881 5416 IPBusEnum - ok
17:17:27.0256 5416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:27.0318 5416 IpFilterDriver - ok
17:17:27.0599 5416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:17:27.0661 5416 iphlpsvc - ok
17:17:28.0020 5416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:17:28.0051 5416 IPMIDRV - ok
17:17:28.0426 5416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:17:28.0504 5416 IPNAT - ok
17:17:28.0878 5416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:17:28.0925 5416 IRENUM - ok
17:17:29.0268 5416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:17:29.0284 5416 isapnp - ok
17:17:29.0643 5416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:17:29.0658 5416 iScsiPrt - ok
17:17:30.0017 5416 JMCR (e5f9a5ac854529efbe37e475149615c1) C:\Windows\system32\DRIVERS\jmcr.sys
17:17:30.0033 5416 JMCR - ok
17:17:30.0376 5416 JME (23078cb27144d6d8510246b282968695) C:\Windows\system32\DRIVERS\JME.sys
17:17:30.0391 5416 JME - ok
17:17:30.0719 5416 johci (bb851eda4211d8d013d93f361adb13b5) C:\Windows\system32\drivers\johci.sys
17:17:30.0735 5416 johci - ok
17:17:31.0093 5416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:31.0109 5416 kbdclass - ok
17:17:31.0452 5416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:17:31.0483 5416 kbdhid - ok
17:17:31.0795 5416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:31.0811 5416 KeyIso - ok
17:17:32.0154 5416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:17:32.0185 5416 KSecDD - ok
17:17:32.0513 5416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:17:32.0544 5416 KSecPkg - ok
17:17:32.0887 5416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:17:32.0950 5416 ksthunk - ok
17:17:33.0293 5416 ksupmgr (3ca4073a107b42828732088957960643) C:\Windows\SysWOW64\ksupmgr.exe
17:17:33.0324 5416 ksupmgr - ok
17:17:33.0621 5416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:17:33.0699 5416 KtmRm - ok
17:17:34.0011 5416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:17:34.0089 5416 LanmanServer - ok
17:17:34.0401 5416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:17:34.0463 5416 LanmanWorkstation - ok
17:17:34.0837 5416 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
17:17:34.0853 5416 lirsgt - ok
17:17:35.0227 5416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:35.0274 5416 lltdio - ok
17:17:35.0571 5416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:17:35.0633 5416 lltdsvc - ok
17:17:35.0898 5416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:17:35.0976 5416 lmhosts - ok
17:17:36.0179 5416 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:17:36.0195 5416 LMS - ok
17:17:36.0553 5416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:17:36.0569 5416 LSI_FC - ok
17:17:36.0928 5416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:17:36.0943 5416 LSI_SAS - ok
17:17:37.0302 5416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:17:37.0318 5416 LSI_SAS2 - ok
17:17:37.0677 5416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:17:37.0708 5416 LSI_SCSI - ok
17:17:38.0051 5416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:17:38.0129 5416 luafv - ok
17:17:38.0425 5416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:17:38.0472 5416 Mcx2Svc - ok
17:17:38.0831 5416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:17:38.0847 5416 megasas - ok
17:17:39.0205 5416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:17:39.0237 5416 MegaSR - ok
17:17:39.0611 5416 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:17:39.0627 5416 MEIx64 - ok
17:17:39.0892 5416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:39.0970 5416 MMCSS - ok
17:17:40.0344 5416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:17:40.0407 5416 Modem - ok
17:17:40.0750 5416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:17:40.0797 5416 monitor - ok
17:17:41.0171 5416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:41.0187 5416 mouclass - ok
17:17:41.0530 5416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:41.0561 5416 mouhid - ok
17:17:41.0935 5416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:17:41.0951 5416 mountmgr - ok
17:17:42.0294 5416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:17:42.0325 5416 mpio - ok
17:17:42.0684 5416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:17:42.0731 5416 mpsdrv - ok
17:17:43.0027 5416 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:17:43.0105 5416 MpsSvc - ok
17:17:43.0464 5416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:17:43.0495 5416 MRxDAV - ok
17:17:43.0823 5416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:43.0870 5416 mrxsmb - ok
17:17:44.0213 5416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:44.0244 5416 mrxsmb10 - ok
17:17:44.0572 5416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:44.0587 5416 mrxsmb20 - ok
17:17:44.0899 5416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:17:44.0931 5416 msahci - ok
17:17:45.0258 5416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:17:45.0274 5416 msdsm - ok
17:17:45.0555 5416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:17:45.0586 5416 MSDTC - ok
17:17:45.0945 5416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:17:45.0991 5416 Msfs - ok
17:17:46.0366 5416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:17:46.0428 5416 mshidkmdf - ok
17:17:46.0787 5416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:17:46.0803 5416 msisadrv - ok
17:17:47.0099 5416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:17:47.0177 5416 MSiSCSI - ok
17:17:47.0442 5416 msiserver - ok
17:17:47.0583 5416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:47.0645 5416 MSKSSRV - ok
17:17:48.0004 5416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:48.0066 5416 MSPCLOCK - ok
17:17:48.0441 5416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:17:48.0519 5416 MSPQM - ok
17:17:48.0862 5416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:17:48.0893 5416 MsRPC - ok
17:17:49.0205 5416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:49.0221 5416 mssmbios - ok
17:17:49.0595 5416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:17:49.0657 5416 MSTEE - ok
17:17:49.0985 5416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:17:50.0016 5416 MTConfig - ok
17:17:50.0359 5416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:17:50.0375 5416 Mup - ok
17:17:50.0656 5416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:17:50.0734 5416 napagent - ok
17:17:51.0124 5416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:51.0171 5416 NativeWifiP - ok
17:17:51.0373 5416 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
17:17:51.0405 5416 NAUpdate - ok
17:17:51.0779 5416 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:17:51.0810 5416 NDIS - ok
17:17:52.0169 5416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:52.0216 5416 NdisCap - ok
17:17:52.0575 5416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:52.0637 5416 NdisTapi - ok
17:17:52.0996 5416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:53.0058 5416 Ndisuio - ok
17:17:53.0386 5416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:53.0448 5416 NdisWan - ok
17:17:53.0791 5416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:17:53.0838 5416 NDProxy - ok
17:17:54.0181 5416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:17:54.0213 5416 NetBIOS - ok
17:17:54.0556 5416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:17:54.0603 5416 NetBT - ok
17:17:54.0883 5416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:54.0915 5416 Netlogon - ok
17:17:55.0211 5416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:17:55.0289 5416 Netman - ok
17:17:55.0601 5416 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0617 5416 NetMsmqActivator - ok
17:17:55.0632 5416 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0648 5416 NetPipeActivator - ok
17:17:55.0929 5416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:17:56.0007 5416 netprofm - ok
17:17:56.0319 5416 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0334 5416 NetTcpActivator - ok
17:17:56.0350 5416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0365 5416 NetTcpPortSharing - ok
17:17:56.0740 5416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:17:56.0755 5416 nfrd960 - ok
17:17:57.0036 5416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:17:57.0083 5416 NlaSvc - ok
17:17:57.0442 5416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:17:57.0489 5416 Npfs - ok
17:17:57.0754 5416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:17:57.0832 5416 nsi - ok
17:17:58.0175 5416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:17:58.0222 5416 nsiproxy - ok
17:17:58.0596 5416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:17:58.0659 5416 Ntfs - ok
17:17:58.0986 5416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:17:59.0049 5416 Null - ok
17:17:59.0423 5416 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:17:59.0439 5416 nusb3hub - ok
17:17:59.0797 5416 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:17:59.0829 5416 nusb3xhc - ok
17:18:00.0437 5416 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:18:00.0562 5416 nvlddmkm - ok
17:18:00.0889 5416 nvpciflt (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:18:00.0905 5416 nvpciflt - ok
17:18:01.0248 5416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:18:01.0279 5416 nvraid - ok
17:18:01.0623 5416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:18:01.0638 5416 nvstor - ok
17:18:01.0935 5416 NVSvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:18:01.0981 5416 NVSvc - ok
17:18:02.0231 5416 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:18:02.0325 5416 nvUpdatusService - ok
17:18:02.0683 5416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:18:02.0715 5416 nv_agp - ok
17:18:03.0042 5416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:18:03.0073 5416 ohci1394 - ok
17:18:03.0261 5416 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:03.0276 5416 ose - ok
17:18:03.0448 5416 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:03.0588 5416 osppsvc - ok
17:18:03.0869 5416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:03.0916 5416 p2pimsvc - ok
17:18:04.0212 5416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:18:04.0259 5416 p2psvc - ok
17:18:04.0618 5416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:18:04.0649 5416 Parport - ok
17:18:05.0023 5416 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:18:05.0039 5416 partmgr - ok
17:18:05.0320 5416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:18:05.0367 5416 PcaSvc - ok
17:18:05.0710 5416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:18:05.0741 5416 pci - ok
17:18:06.0100 5416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:18:06.0115 5416 pciide - ok
17:18:06.0459 5416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:18:06.0490 5416 pcmcia - ok
17:18:06.0817 5416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:18:06.0849 5416 pcw - ok
17:18:07.0207 5416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:18:07.0270 5416 PEAUTH - ok
17:18:07.0582 5416 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:18:07.0629 5416 PeerDistSvc - ok
17:18:07.0956 5416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:18:07.0987 5416 PerfHost - ok
17:18:08.0315 5416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:18:08.0393 5416 pla - ok
17:18:08.0705 5416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:18:08.0767 5416 PlugPlay - ok
17:18:09.0033 5416 PnkBstrA - ok
17:18:09.0111 5416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:18:09.0142 5416 PNRPAutoReg - ok
17:18:09.0423 5416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:09.0454 5416 PNRPsvc - ok
17:18:09.0501 5416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:18:09.0547 5416 PolicyAgent - ok
17:18:09.0844 5416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:18:09.0906 5416 Power - ok
17:18:10.0093 5416 PowerBiosServer (02778106ea187027005ef106e25dfda7) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
17:18:10.0125 5416 PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning
17:18:10.0125 5416 PowerBiosServer - detected UnsignedFile.Multi.Generic (1)
17:18:10.0468 5416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:18:10.0530 5416 PptpMiniport - ok
17:18:10.0873 5416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:18:10.0905 5416 Processor - ok
17:18:11.0170 5416 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:18:11.0248 5416 ProfSvc - ok
17:18:11.0544 5416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:11.0560 5416 ProtectedStorage - ok
17:18:11.0919 5416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:18:11.0981 5416 Psched - ok
17:18:12.0168 5416 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:18:12.0184 5416 PSI_SVC_2 - ok
17:18:12.0574 5416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:18:12.0652 5416 ql2300 - ok
17:18:13.0026 5416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:18:13.0042 5416 ql40xx - ok
17:18:13.0307 5416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:18:13.0354 5416 QWAVE - ok
17:18:13.0697 5416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:18:13.0744 5416 QWAVEdrv - ok
17:18:14.0071 5416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:14.0134 5416 RasAcd - ok
17:18:14.0493 5416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:14.0539 5416 RasAgileVpn - ok
17:18:14.0820 5416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:18:14.0898 5416 RasAuto - ok
17:18:15.0257 5416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:15.0319 5416 Rasl2tp - ok
17:18:15.0616 5416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:18:15.0678 5416 RasMan - ok
17:18:16.0037 5416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:16.0115 5416 RasPppoe - ok
17:18:16.0474 5416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:16.0536 5416 RasSstp - ok
17:18:16.0879 5416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:16.0942 5416 rdbss - ok
17:18:17.0285 5416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:17.0332 5416 rdpbus - ok
17:18:17.0644 5416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:17.0691 5416 RDPCDD - ok
17:18:18.0018 5416 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:18:18.0049 5416 RDPDR - ok
17:18:18.0377 5416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:18:18.0455 5416 RDPENCDD - ok
17:18:18.0767 5416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:18:18.0814 5416 RDPREFMP - ok
17:18:19.0126 5416 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:18:19.0157 5416 RDPWD - ok
17:18:19.0500 5416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:18:19.0516 5416 rdyboost - ok
17:18:19.0781 5416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:18:19.0859 5416 RemoteAccess - ok
17:18:20.0140 5416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:18:20.0202 5416 RemoteRegistry - ok
17:18:20.0483 5416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:18:20.0545 5416 RpcEptMapper - ok
17:18:20.0842 5416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:18:20.0889 5416 RpcLocator - ok
17:18:21.0169 5416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:18:21.0232 5416 RpcSs - ok
17:18:21.0591 5416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:21.0637 5416 rspndr - ok
17:18:21.0965 5416 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:18:22.0012 5416 s3cap - ok
17:18:22.0261 5416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:22.0293 5416 SamSs - ok
17:18:22.0651 5416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:18:22.0683 5416 sbp2port - ok
17:18:22.0948 5416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:18:23.0010 5416 SCardSvr - ok
17:18:23.0353 5416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:18:23.0416 5416 scfilter - ok
17:18:23.0728 5416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:18:23.0775 5416 Schedule - ok
17:18:24.0055 5416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:18:24.0118 5416 SCPolicySvc - ok
17:18:24.0165 5416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:18:24.0196 5416 SDRSVC - ok
17:18:24.0383 5416 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:18:24.0414 5416 SeaPort - ok
17:18:24.0773 5416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:18:24.0820 5416 secdrv - ok
17:18:25.0116 5416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:18:25.0194 5416 seclogon - ok
17:18:25.0475 5416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:18:25.0537 5416 SENS - ok
17:18:25.0818 5416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:18:25.0849 5416 SensrSvc - ok
17:18:26.0224 5416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:18:26.0255 5416 Serenum - ok
17:18:26.0614 5416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:18:26.0645 5416 Serial - ok
17:18:27.0019 5416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:18:27.0051 5416 sermouse - ok
17:18:27.0347 5416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:18:27.0409 5416 SessionEnv - ok
17:18:27.0753 5416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:18:27.0799 5416 sffdisk - ok
17:18:28.0127 5416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:18:28.0158 5416 sffp_mmc - ok
17:18:28.0533 5416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:18:28.0564 5416 sffp_sd - ok
17:18:28.0938 5416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:18:28.0969 5416 sfloppy - ok
17:18:29.0250 5416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:18:29.0328 5416 SharedAccess - ok
17:18:29.0625 5416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:18:29.0687 5416 ShellHWDetection - ok
17:18:30.0046 5416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:18:30.0061 5416 SiSRaid2 - ok
17:18:30.0405 5416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:18:30.0420 5416 SiSRaid4 - ok
17:18:30.0763 5416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:18:30.0826 5416 Smb - ok
17:18:31.0153 5416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:18:31.0185 5416 SNMPTRAP - ok
17:18:31.0543 5416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:18:31.0575 5416 spldr - ok
17:18:31.0855 5416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:18:31.0949 5416 Spooler - ok
17:18:32.0308 5416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:18:32.0370 5416 sppsvc - ok
17:18:32.0667 5416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:18:32.0745 5416 sppuinotify - ok
17:18:33.0103 5416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:18:33.0166 5416 srv - ok
17:18:33.0540 5416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:18:33.0571 5416 srv2 - ok
17:18:33.0899 5416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:33.0930 5416 srvnet - ok
17:18:34.0211 5416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:18:34.0273 5416 SSDPSRV - ok
17:18:34.0554 5416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:18:34.0617 5416 SstpSvc - ok
17:18:34.0757 5416 Steam Client Service - ok
17:18:35.0100 5416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:18:35.0131 5416 stexstor - ok
17:18:35.0428 5416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:18:35.0490 5416 stisvc - ok
17:18:35.0833 5416 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:18:35.0865 5416 storflt - ok
17:18:36.0099 5416 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:18:36.0145 5416 StorSvc - ok
17:18:36.0504 5416 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:18:36.0535 5416 storvsc - ok
17:18:36.0863 5416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:18:36.0879 5416 swenum - ok
17:18:37.0159 5416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:18:37.0237 5416 swprv - ok
17:18:37.0596 5416 SynTP (c80b9cce2239d092421a390147a692ed) C:\Windows\system32\DRIVERS\SynTP.sys
17:18:37.0612 5416 SynTP - ok
17:18:37.0939 5416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:18:38.0002 5416 SysMain - ok
17:18:38.0283 5416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:18:38.0345 5416 TabletInputService - ok
17:18:38.0626 5416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:18:38.0688 5416 TapiSrv - ok
17:18:38.0985 5416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:18:39.0031 5416 TBS - ok
17:18:39.0453 5416 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:18:39.0515 5416 Tcpip - ok
17:18:39.0905 5416 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:39.0936 5416 TCPIP6 - ok
17:18:40.0279 5416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:18:40.0342 5416 tcpipreg - ok
17:18:40.0701 5416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:18:40.0747 5416 TDPIPE - ok
17:18:41.0075 5416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:18:41.0122 5416 TDTCP - ok
17:18:41.0449 5416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:18:41.0496 5416 tdx - ok
17:18:41.0871 5416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:18:41.0886 5416 TermDD - ok
17:18:42.0183 5416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:18:42.0245 5416 TermService - ok
17:18:42.0541 5416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:18:42.0573 5416 Themes - ok
17:18:42.0853 5416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:18:42.0916 5416 THREADORDER - ok
17:18:43.0212 5416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:18:43.0290 5416 TrkWks - ok
17:18:43.0431 5416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:18:43.0524 5416 TrustedInstaller - ok
17:18:43.0805 5416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:43.0867 5416 tssecsrv - ok
17:18:44.0195 5416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:18:44.0226 5416 TsUsbFlt - ok
17:18:44.0554 5416 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:18:44.0585 5416 TsUsbGD - ok
17:18:44.0944 5416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:45.0006 5416 tunnel - ok
17:18:45.0365 5416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:18:45.0396 5416 uagp35 - ok
17:18:45.0724 5416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:18:45.0802 5416 udfs - ok
17:18:46.0098 5416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:18:46.0129 5416 UI0Detect - ok
17:18:46.0504 5416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:18:46.0519 5416 uliagpkx - ok
17:18:46.0847 5416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:18:46.0894 5416 umbus - ok
17:18:47.0221 5416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:18:47.0268 5416 UmPass - ok
17:18:47.0533 5416 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:18:47.0580 5416 UmRdpService - ok
17:18:47.0814 5416 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:18:47.0923 5416 UNS - ok
17:18:48.0235 5416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:18:48.0298 5416 upnphost - ok
17:18:48.0657 5416 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:18:48.0719 5416 usbaudio - ok
17:18:49.0047 5416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:49.0078 5416 usbccgp - ok
17:18:49.0421 5416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:18:49.0452 5416 usbcir - ok
17:18:49.0780 5416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:18:49.0795 5416 usbehci - ok
17:18:50.0139 5416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:50.0185 5416 usbhub - ok
17:18:50.0513 5416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:18:50.0560 5416 usbohci - ok
17:18:50.0903 5416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:18:50.0934 5416 usbprint - ok
17:18:51.0293 5416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:18:51.0324 5416 usbscan - ok
17:18:51.0636 5416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:51.0683 5416 USBSTOR - ok
17:18:52.0026 5416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:18:52.0073 5416 usbuhci - ok
17:18:52.0416 5416 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:18:52.0463 5416 usbvideo - ok
17:18:52.0728 5416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:18:52.0791 5416 UxSms - ok
17:18:53.0071 5416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:53.0103 5416 VaultSvc - ok
17:18:53.0461 5416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:18:53.0477 5416 vdrvroot - ok
17:18:53.0758 5416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:18:53.0820 5416 vds - ok
17:18:54.0179 5416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:54.0226 5416 vga - ok
17:18:54.0569 5416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:18:54.0647 5416 VgaSave - ok
17:18:54.0990 5416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:18:55.0021 5416 vhdmp - ok
17:18:55.0365 5416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:18:55.0380 5416 viaide - ok
17:18:55.0708 5416 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:18:55.0739 5416 vmbus - ok
17:18:56.0067 5416 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:18:56.0113 5416 VMBusHID - ok
17:18:56.0410 5416 vmm (b2e25db5a6a178c056342abd747b7326) C:\Windows\system32\Treiber\vmm.sys
17:18:56.0425 5416 vmm - ok
17:18:56.0784 5416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:18:56.0800 5416 volmgr - ok
17:18:57.0143 5416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:18:57.0174 5416 volmgrx - ok
17:18:57.0517 5416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:18:57.0549 5416 volsnap - ok
17:18:57.0892 5416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:18:57.0923 5416 vsmraid - ok
17:18:58.0235 5416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:18:58.0344 5416 VSS - ok
17:18:58.0687 5416 VUSB3HUB (cc38015bb30360b1b1afeb995791004a) C:\Windows\system32\drivers\ViaHub3.sys
17:18:58.0734 5416 VUSB3HUB ( UnsignedFile.Multi.Generic ) - warning
17:18:58.0734 5416 VUSB3HUB - detected UnsignedFile.Multi.Generic (1)
17:18:59.0062 5416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:59.0109 5416 vwifibus - ok
17:18:59.0467 5416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:59.0514 5416 vwififlt - ok
17:18:59.0873 5416 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:18:59.0904 5416 vwifimp - ok
17:19:00.0201 5416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:19:00.0247 5416 W32Time - ok
17:19:00.0622 5416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:19:00.0653 5416 WacomPen - ok
17:19:00.0996 5416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0074 5416 WANARP - ok
17:19:01.0090 5416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0105 5416 Wanarpv6 - ok
17:19:01.0417 5416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:19:01.0495 5416 WatAdminSvc - ok
17:19:01.0807 5416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:19:01.0870 5416 wbengine - ok
17:19:02.0182 5416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:19:02.0213 5416 WbioSrvc - ok
17:19:02.0478 5416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:19:02.0541 5416 wcncsvc - ok
17:19:02.0821 5416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:19:02.0853 5416 WcsPlugInService - ok
17:19:03.0227 5416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:19:03.0243 5416 Wd - ok
17:19:03.0601 5416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:19:03.0633 5416 Wdf01000 - ok
17:19:03.0913 5416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0960 5416 WdiServiceHost - ok
17:19:03.0960 5416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0976 5416 WdiSystemHost - ok
17:19:04.0272 5416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:19:04.0319 5416 WebClient - ok
17:19:04.0615 5416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:19:04.0678 5416 Wecsvc - ok
17:19:04.0959 5416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:19:04.0974 5416 wercplsupport - ok
17:19:05.0271 5416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:19:05.0333 5416 WerSvc - ok
17:19:05.0676 5416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:05.0739 5416 WfpLwf - ok
17:19:06.0051 5416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:19:06.0066 5416 WIMMount - ok
17:19:06.0191 5416 WinDefend - ok
17:19:06.0207 5416 WinHttpAutoProxySvc - ok
17:19:06.0581 5416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:19:06.0643 5416 Winmgmt - ok
17:19:06.0971 5416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:19:07.0080 5416 WinRM - ok
17:19:07.0455 5416 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:19:07.0501 5416 WinUsb - ok
17:19:07.0767 5416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:19:07.0813 5416 Wlansvc - ok
17:19:07.0954 5416 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:19:08.0016 5416 wlidsvc - ok
17:19:08.0359 5416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:19:08.0406 5416 WmiAcpi - ok
17:19:08.0781 5416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:19:08.0827 5416 wmiApSrv - ok
17:19:08.0952 5416 WMPNetworkSvc - ok
17:19:09.0249 5416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:19:09.0264 5416 WPCSvc - ok
17:19:09.0545 5416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:19:09.0592 5416 WPDBusEnum - ok
17:19:09.0966 5416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:19:09.0997 5416 ws2ifsl - ok
17:19:10.0278 5416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:19:10.0325 5416 wscsvc - ok
17:19:10.0575 5416 WSearch - ok
17:19:10.0746 5416 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
17:19:10.0762 5416 WTGService - ok
17:19:11.0089 5416 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:19:11.0230 5416 wuauserv - ok
17:19:11.0589 5416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:19:11.0651 5416 WudfPf - ok
17:19:11.0994 5416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:19:12.0057 5416 WUDFRd - ok
17:19:12.0322 5416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:19:12.0384 5416 wudfsvc - ok
17:19:12.0649 5416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:19:12.0696 5416 WwanSvc - ok
17:19:12.0805 5416 X6va007 - ok
17:19:12.0868 5416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:19:13.0117 5416 \Device\Harddisk0\DR0 - ok
17:19:13.0117 5416 Boot (0x1200) (6c34b1637b51abca3e9a1cc8c4582bdf) \Device\Harddisk0\DR0\Partition0
17:19:13.0133 5416 \Device\Harddisk0\DR0\Partition0 - ok
17:19:13.0164 5416 Boot (0x1200) (092fc2bba5e835859f3e88bde18a02c0) \Device\Harddisk0\DR0\Partition1
17:19:13.0164 5416 \Device\Harddisk0\DR0\Partition1 - ok
17:19:13.0164 5416 ============================================================
17:19:13.0164 5416 Scan finished
17:19:13.0164 5416 ============================================================
17:19:13.0180 5388 Detected object count: 5
17:19:13.0180 5388 Actual detected object count: 5
17:19:32.0025 5388 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388 PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388 PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0040 5388 VUSB3HUB ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0040 5388 VUSB3HUB ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.03.2012, 19:36
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 20:50
| #11 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Hey, ComboFix habe ich ausgeführt, wie bei den anderen Scans verlief es ohne Probleme. Hier die Logdatei: Code:
ATTFilter ComboFix 12-03-29.02 - Jonas Hanke 29.03.2012 21:24:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8099.6298 [GMT 2:00]
ausgeführt von:: c:\users\Jonas Hanke\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\server.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-29 ))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2074-05-07 17:38 . 2006-11-21 19:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-03-29 19:30 . 2012-03-29 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 14:19 . 2012-03-29 14:19 -------- d-----w- C:\_OTL
2012-03-28 13:24 . 2012-03-28 13:24 -------- d-----w- c:\program files (x86)\ESET
2012-03-27 16:26 . 2011-08-26 17:02 2484592 ----a-w- c:\windows\SysWow64\pbsvc_p4f.exe
2012-03-27 15:35 . 2012-03-27 15:35 -------- d-----w- c:\users\UpdatusUser
2012-03-27 11:52 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{381D2696-DDF5-419C-B9DE-5365A7ECE694}\mpengine.dll
2012-03-26 19:38 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 19:38 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-26 19:38 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-26 16:52 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-26 16:52 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-26 16:52 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-26 16:52 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-26 16:52 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-26 16:52 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-26 16:52 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-26 16:46 . 2012-03-26 16:46 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-03-26 15:18 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2012-03-26 15:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-26 15:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-26 15:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-26 15:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-26 15:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-26 13:36 . 2012-03-26 13:36 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-03-25 20:31 . 2012-03-25 20:49 -------- d-----w- c:\windows\Panther
2012-03-25 20:28 . 2012-03-25 20:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-25 20:17 . 2012-03-25 20:36 -------- d-----w- C:\$WINDOWS.~Q
2012-03-25 19:57 . 2012-03-25 20:10 -------- d-----w- C:\$INPLACE.~TR
2012-03-25 19:37 . 2012-03-25 20:59 -------- d-----w- c:\users\Jonas Schule
2012-03-25 19:37 . 2012-03-25 20:26 -------- d-----w- c:\users\Detlev Hanke
2012-03-25 19:37 . 2012-03-25 20:49 -------- d-----w- c:\users\Jonas Hanke
2012-03-25 19:36 . 2012-03-25 19:44 -------- d-----w- c:\program files\Protector Suite
2012-03-25 19:35 . 2012-03-25 19:35 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-03-25 19:35 . 2012-03-25 19:35 -------- d-----w- c:\program files\Realtek
2012-03-25 19:35 . 2012-03-25 19:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-25 19:35 -------- d-----w- c:\program files\Synaptics
2012-03-25 15:33 . 2012-03-25 20:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 15:33 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 15:33 . 2012-03-26 13:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 17:27 . 2012-03-25 20:08 -------- d-----w- c:\users\TEMP.JonasH.004
2012-03-23 16:58 . 2012-03-25 20:08 -------- d-----w- c:\users\TEMP.JonasH.005
2012-03-17 11:24 . 2012-03-25 20:08 -------- d-----w- c:\users\TEMP.JonasH.003
2012-03-14 20:53 . 2012-03-25 20:08 -------- d-----w- c:\users\TEMP.JonasH.002
2012-03-11 15:13 . 2012-03-25 19:50 -------- d-----w- c:\program files (x86)\Eligium
2012-03-11 13:05 . 2012-03-25 19:50 -------- d-----w- c:\program files (x86)\eligium_0_90_1_en
2012-03-09 15:25 . 2012-03-25 20:08 -------- d-----w- c:\users\TEMP.JonasH.001
2012-03-08 20:36 . 2012-03-08 20:36 1798656 ------w- c:\windows\SysWow64\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36 110592 ------w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 20:36 . 2012-03-08 20:36 2308096 ------w- c:\windows\system32\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36 135168 ------w- c:\windows\system32\IEAdvpack.dll
2012-03-07 17:23 . 2012-03-25 19:59 -------- d-----w- c:\program files (x86)\PixLin
2012-03-07 17:23 . 1998-11-03 11:04 1355776 ----a-w- c:\windows\SysWow64\MSVBVM50.dll
2012-03-07 17:23 . 1998-05-15 19:01 99866 ----a-w- c:\windows\SysWow64\VB5DE.dll
2012-03-07 17:23 . 1997-01-15 23:00 29696 ----a-w- c:\windows\SysWow64\VB5StKit.dll
2012-03-02 22:16 . 2012-03-25 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-29 14:28 . 2012-03-25 18:09 -------- d-----w- C:\BrickForce
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 18:09 . 2011-08-26 17:06 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 18:09 . 2011-08-26 17:03 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-27 16:26 . 2011-08-26 17:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-26 16:47 . 2011-06-28 17:28 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-01 00:02 . 2011-08-09 16:28 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2011-08-09 16:28 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-08-09 16:28 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2011-08-09 16:28 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-08-09 16:28 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-09 16:28 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-29 21:00 . 2010-12-26 05:05 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-12-26 05:06 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-12-26 05:06 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2010-12-26 05:06 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-12-26 05:06 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-12-26 05:06 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-29 20:59 . 2010-12-26 05:06 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2010-12-26 05:06 849728 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-29 20:59 . 2010-12-26 05:06 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-23 07:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-02 16:52 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-02 15:07 . 2012-02-02 15:07 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-02 15:07 . 2011-09-05 17:45 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-21 12:50 . 2012-01-19 15:57 310984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-20 19:12 . 2012-01-18 20:49 164880 ----a-w- c:\users\Jonas Hanke\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-01-19 15:58 . 2012-01-19 15:57 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 5975704]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story_DE\PrePatch.exe" [2012-01-30 327680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5635736]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
R1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va007;X6va007;c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-02-18 763904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-27 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 13:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 13:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-LEGO Rock Raiders - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_p4f.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\cchservice.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29 21:37:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-29 19:37
.
Vor Suchlauf: 20 Verzeichnis(se), 386.336.530.432 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 387.156.635.648 Bytes frei
.
- - End Of File - - EA939EB7AA78B769CF1618C999F7F098
|
|
29.03.2012, 21:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 19:04
| #13 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Hey, leider geht das aswMBR.exe nicht. Ich habe AntiVir abgeschaltet und das Programm als Administrator ausgeführt und trotzdem stürzt es bei mir immer an einer Stelle ab: "C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Aplications (weiter konnte ich den Dateipfad nich lesen, weil dann das Programm abgestürzt ist). Ich habe 3 mal probiert das System scannen zu lassen, aber jedesmal trat das selbe Problem auf. |
|
30.03.2012, 20:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 20:26
| #15 |
| /// Malwareteam | Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden Danke, jetzt hat es geklappt. Hier der Inhalt der Logdatei: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 21:24:43
-----------------------------
21:24:43.053 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:43.053 Number of processors: 4 586 0x2A07
21:24:43.054 ComputerName: JONASH UserName:
21:24:44.328 Initialize success
21:24:49.913 AVAST engine defs: 12033000
21:24:53.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:24:53.622 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
21:24:53.647 Disk 0 MBR read successfully
21:24:53.650 Disk 0 MBR scan
21:24:53.656 Disk 0 Windows 7 default MBR code
21:24:53.661 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8000 MB offset 2048
21:24:53.676 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16386048
21:24:53.688 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 707302 MB offset 16590848
21:24:53.708 Disk 0 scanning C:\Windows\system32\drivers
21:25:00.962 Service scanning
21:25:27.136 Modules scanning
21:25:27.145 Disk 0 trace - called modules:
21:25:27.203 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:25:27.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009692060]
21:25:27.423 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083e7050]
21:25:27.430 Scan finished successfully
21:25:46.783 Disk 0 MBR has been saved successfully to "C:\Users\Jonas Hanke\Desktop\MBR.dat"
21:25:46.786 The log file has been saved successfully to "C:\Users\Jonas Hanke\Desktop\aswMBR.txt"
|
|
| Themen zu Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden |
| administrator, anti-malware, autostart, code, computer, dateien, dateisystem, explorer, fehlermeldungen, festplatte, folge, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, keine viren, laufwerk, malwarebytes, microsoft, ordner, problem, pup.bundleoffer.downloader.s, quarantäne, software, speicher, system, system volume information, trojan.agent, viren, virus |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
