Bka-virus otl logfile

Madhbrand · 28.03.2012, 18:45

Habe den BKA Virus,sämtliche Reiningungsvesuche sind fehlgeschlagen. Habe mithilfe von OTL die logfiles erstellt.

Madhbrand · 28.03.2012, 19:01

Sorry habs lieder falsch gepostet^^

Hier das OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.03.2012 19:35:06 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,13 Gb Available Physical Memory | 89,44% Memory free
15,95 Gb Paging File | 15,18 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 407,95 Gb Free Space | 82,91% Space Free | Partition Type: NTFS
Drive D: | 439,36 Gb Total Space | 292,87 Gb Free Space | 66,66% Space Free | Partition Type: NTFS
Drive G: | 7,51 Gb Total Space | 7,49 Gb Free Space | 99,72% Space Free | Partition Type: FAT32
 
Computer Name: PC-SEBI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe (UASSOFT.COM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 9E 11 8A 4E EA CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {43CBFBA8-6856-4FC3-A06C-64F9D4D8E7FB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=c0a93b36000000000000bcaec5ae9adf
IE - HKCU\..\SearchScopes\{43CBFBA8-6856-4FC3-A06C-64F9D4D8E7FB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE450
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7D33FED0-3A3B-4FE7-8F97-417DAB3F2D10}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,17131,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sebastian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.10 14:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.26 00:40:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.18 15:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.26 19:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.12 21:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions
[2011.12.12 21:22:28 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.11.19 16:50:36 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2012.01.05 23:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.05 23:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SkypePM] C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C83D017-8AC1-4CF9-8F52-AB0FE7850C2A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A396B56-296F-4D0F-AF0C-068BDD014E4F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d0af910-0e28-11e1-b9af-bcaec5ae9adf}\Shell - "" = AutoRun
O33 - MountPoints2\{2d0af910-0e28-11e1-b9af-bcaec5ae9adf}\Shell\AutoRun\command - "" = E:\hmh-acrev.exe
O33 - MountPoints2\{493a0626-486d-11e1-b719-0026832e2b56}\Shell - "" = AutoRun
O33 - MountPoints2\{493a0626-486d-11e1-b719-0026832e2b56}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{53bcac4b-5585-11e0-83e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53bcac4b-5585-11e0-83e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 19:15:18 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.27 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.27 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012.03.24 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Syndicate
[2012.03.24 19:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.03.24 17:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Codec
[2012.03.14 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Avira
[2012.03.14 21:26:51 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.14 21:26:51 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.14 21:26:51 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.14 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.14 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.03.12 16:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700780F900003B9A9B4EB2367
[2012.03.11 21:21:14 | 000,000,000 | -HSD | C] -- C:\Users\Sebastian\AppData\Local\ab82230d
[2012.03.04 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Facebook
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 19:26:33 | 001,792,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.28 19:26:33 | 000,767,968 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.28 19:26:33 | 000,711,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.28 19:26:33 | 000,173,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.28 19:26:33 | 000,141,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.28 19:22:27 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.28 19:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 19:22:12 | 2129,203,199 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.28 19:20:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.03.28 19:19:05 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.28 19:19:05 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.28 19:18:36 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 19:18:33 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012.03.28 19:16:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 19:16:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 19:15:06 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.28 19:15:06 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.28 19:15:06 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.28 19:15:06 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.28 19:15:06 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.03.28 15:55:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.28 15:49:48 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.24 19:56:28 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012.03.14 20:44:06 | 000,002,002 | ---- | M] () -- C:\Users\Sebastian\Desktop\Avira DE-Cleaner.lnk
[2012.03.04 20:59:55 | 702,380,442 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.04 19:26:04 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 19:22:27 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.24 19:56:28 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012.03.14 20:44:06 | 000,002,002 | ---- | C] () -- C:\Users\Sebastian\Desktop\Avira DE-Cleaner.lnk
[2012.03.04 22:50:45 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.04 22:50:45 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.04 19:26:04 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.26 18:37:52 | 000,040,274 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.25 14:51:34 | 000,092,596 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.12 00:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 14:49:49 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\{14CD9CF2-85F3-43D3-B977-EDFE24F1A274}
[2011.10.04 20:36:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.08 16:03:48 | 000,001,763 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.08 16:01:14 | 000,000,316 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.14 15:02:34 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.14 15:02:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.06.14 15:02:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.27 08:23:13 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.01 18:18:55 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.01 18:18:55 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.17 12:48:36 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat
[2011.04.17 12:47:48 | 001,769,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.29 13:50:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.23 22:04:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.03.23 22:01:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.23 22:01:48 | 000,027,873 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.23 21:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.23 21:53:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.10.13 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AbiSuite
[2011.08.24 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Azureus
[2011.11.06 03:01:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2011.03.24 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\CheckPoint
[2012.01.26 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite
[2012.02.11 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DarknessIIDemo
[2011.04.15 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo
[2011.11.21 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\gtk-2.0
[2011.10.14 16:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Kalypso Media
[2011.03.26 01:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LolClient
[2012.01.22 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LucasArts
[2011.08.24 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.10.04 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++
[2011.12.14 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PriceGong
[2012.01.13 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ProtectDISC
[2012.01.29 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PunkBuster
[2011.10.11 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Raptr
[2011.11.11 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SplitMediaLabs
[2012.02.10 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\The Creative Assembly
[2011.08.02 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\thriXXX
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2011.07.02 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Tropico 3
[2011.12.03 23:01:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Tunngle
[2011.06.24 09:25:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubisoft
[2011.12.14 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\uTorrent
[2012.03.28 19:22:27 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.03.27 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.28 15:55:02 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.28 19:18:33 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012.01.17 21:22:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
[/code]

Und hier noch die OTL Extra

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.03.2012 19:35:06 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,13 Gb Available Physical Memory | 89,44% Memory free
15,95 Gb Paging File | 15,18 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 407,95 Gb Free Space | 82,91% Space Free | Partition Type: NTFS
Drive D: | 439,36 Gb Total Space | 292,87 Gb Free Space | 66,66% Space Free | Partition Type: NTFS
Drive G: | 7,51 Gb Total Space | 7,49 Gb Free Space | 99,72% Space Free | Partition Type: FAT32
 
Computer Name: PC-SEBI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{15AD6738-23E8-4AE6-93E9-434E717EECB2}" = System Requirements Lab CYRI (64-bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4053C201-4DE9-0AFA-F58C-401D7DFE249B}" = AMD Drag and Drop Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00
"{7E277F9D-DA06-2F67-B2BF-BAF2F254D0EB}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{876B1B00-AB52-ACC6-BB0B-342897AC7B23}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3E7D4EB-D170-F9A8-B6C5-403CE95AC1B1}" = ccc-utility64
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{023E7812-63E0-F0EB-F226-806679332948}" = CCC Help Spanish
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E87F64-7182-985A-694E-08475EE6F5F1}" = CCC Help English
"{0C1FCF1A-251B-51EC-D674-0BB161BEE8CA}" = CCC Help Thai
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A7A8F56-CDB2-2925-5714-AE602C8C80D0}" = CCC Help Portuguese
"{1E2C7E1C-7FE0-63F6-5D98-26DD6B419569}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2410A9B7-A14A-FCD4-203B-E4266C98A65A}" = CCC Help Polish
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26024EB6-2EE4-DA42-CDE9-50844AE9CFB9}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2D483B8D-7B78-7484-4552-10EFD62D3FD2}" = CCC Help Norwegian
"{2D62D645-8460-6888-9E89-0F93947E0925}" = CCC Help German
"{2EF94C49-4D4F-2137-26C2-4E52E36E54DF}" = Catalyst Control Center InstallProxy
"{30B950DB-5E14-4186-A1D7-B582B5966087}" = Catalyst Control Center Graphics Previews Vista
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D961EFC-64B0-5DE7-E2FD-304EF8695922}" = CCC Help Finnish
"{4ED65F46-B813-CBE5-2B5A-61444D7ADCDD}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{5F15CD04-5682-D6AA-D5E5-F2A6643EF261}" = Catalyst Control Center Graphics Previews Common
"{64C67386-CF44-9E7A-7133-8F9CE8D6C41E}" = ccc-core-static
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C45785-4B36-A86B-7FA8-C1BDE8C00442}" = CCC Help Danish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FD9F64-38ED-4746-AB58-971CE14032E8}" = CCC Help Chinese Standard
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{82BF91C4-229F-4447-EC70-D31705D7D2E7}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B85258-2B47-571C-0D9C-50051A5EE20B}" = CCC Help Turkish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB19FE-9933-192C-ADA4-85211B7B83A5}" = CCC Help Czech
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A15FEDD-8A58-7A22-2CCC-D89A7512D7D0}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EA81723-22AD-686B-D090-8C1C9A9794D0}" = CCC Help Greek
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B213DE3E-F4E9-B9FA-B770-95E1BC8B8D8A}" = CCC Help Chinese Traditional
"{C38901F3-ED24-16C8-E1AC-C03AC05AC99F}" = CCC Help Korean
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D51A7556-FA80-9167-7576-C5B103E2B837}" = CCC Help Italian
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"{E13F254C-A426-634A-DEAA-4926F200292C}" = CCC Help French
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA378B42-D3E2-4749-A7A5-77AAF226F889}_is1" = Batman: Arkham Asylum GotY Edition
"{FBA739C4-DF56-3ADF-79EE-DE39533BBB6A}" = Catalyst Control Center Localization All
"{FBD71CB8-D95B-8DCA-8162-F052F502F382}" = CCC Help Dutch
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.17b Update
"5513-1208-7298-9440" = JDownloader 0.9
"Ad-Aware" = Ad-Aware
"ArtMoney SE_is1" = ArtMoney SE v7.37.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diamond 10.10 2400-5900 And 6800 Win7Vista" = Diamond 10.10 2400-5900 And 6800 Win7Vista
"Die Gilde" = Die Gilde
"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"Die Gilde Update v1.04a" = Die Gilde Update v1.04a
"FarmingSimulator2011_PLATINUMDE_is1" = Landwirtschafts Simulator 2011
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"Notepad++" = Notepad++
"Patrizier II Gold_is1" = Patrizier II Gold
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 204410" = The Darkness II Demo
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Syndicate_is1" = Syndicate
"thriXXX WebLaunch" = thriXXX WebLaunch
"Tunngle beta_is1" = Tunngle beta
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Medal of Honor Deutsch Patch by ChrisXPS" = Medal of Honor Deutsch Patch by ChrisXPS
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 10:52:28 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x111c  Startzeit der fehlerhaften Anwendung: 0x01ccfadc8d4f2424  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: d39d6be6-66d2-11e1-8ff7-0026832e2b56
 
Error - 05.03.2012 12:00:40 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1da4  Startzeit der fehlerhaften Anwendung: 0x01ccfae3c6d74962  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 5aa5d2fa-66dc-11e1-8ff7-0026832e2b56
 
Error - 05.03.2012 15:22:34 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x95c  Startzeit der fehlerhaften Anwendung: 0x01ccfafeb92cdc15  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 8f254aaa-66f8-11e1-8ff7-0026832e2b56
 
Error - 06.03.2012 13:02:25 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 698    Startzeit: 01ccfbbad9375620    Endzeit: 6    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 06.03.2012 15:22:09 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x390  Startzeit der fehlerhaften Anwendung: 0x01ccfbc4a05e7b46  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: aa87bd9c-67c1-11e1-8685-0026832e2b56
 
Error - 07.03.2012 12:19:15 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01ccfc77fa57b28b  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 47a880d4-6871-11e1-a494-0026832e2b56
 
Error - 07.03.2012 12:43:20 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1bfc    Startzeit: 01ccfc815f711bda    Endzeit: 15    Anwendungspfad:
 D:\Games\lol\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: a3f59b85-6874-11e1-a494-0026832e2b56

 
Error - 07.03.2012 13:05:41 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01ccfc81cd6ff4fa  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: c4604a11-6877-11e1-a494-0026832e2b56
 
Error - 07.03.2012 13:25:21 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1344  Startzeit der fehlerhaften Anwendung: 0x01ccfc8703f4181c  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 83aed840-687a-11e1-a494-0026832e2b56
 
Error - 11.03.2012 11:52:36 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1514    Startzeit: 01ccff9396795adb    Endzeit: 5    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
[ System Events ]
Error - 28.03.2012 13:19:14 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.03.2012 13:22:23 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description = 
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr  discache  luafv  spldr  Wanarpv6
 
Error - 28.03.2012 13:22:36 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description = 
 
Error - 28.03.2012 13:22:39 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description = 
 
Error - 28.03.2012 13:22:40 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description = 
 
Error - 28.03.2012 13:22:41 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

--- --- ---

Schonmal im voraus vielen Dank

markusg · 28.03.2012, 20:21

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\Sebastian\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Madhbrand · 28.03.2012, 20:41

Erstmal danke für die schnelle Antwort =) Ich hab nur den letzten satz nicht ganz verstanden. Heißt das ich soll da txt datei die ich nach dem neustart erhalte kopieren und wieder per [code] einfügen? Und heißt starte im normalen modus ich soll danach nochmal mit OTL die logfile erstellen?

Tut mir Leid falls ich ein wenig begriffsstuzig bin, bin aber gerade ein wenig verwirrt^^

Habs jetzt doch verstanden

werde es morgen aussprobieren und die Daten dann hier reinstellen

Erstmal riesigen Dank für den schnellen Support und das jetzt alles wieder funktioniert =) Die moved files hab ich bereits erfolgreic hochgeladen und ist der text von OTL nach dem Fix.

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: Public
 
User: Sebastian
->Flash cache emptied: 6258 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sebastian
->Temp folder emptied: 117659976 bytes
->Temporary Internet Files folder emptied: 277375948 bytes
->Java cache emptied: 852668 bytes
->FireFox cache emptied: 75192818 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 156672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 976005626 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102427 bytes
RecycleBin emptied: 84631083 bytes
 
Total Files Cleaned = 1.461,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161651

Files\Folders moved on Reboot...
C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\ZLT04a85.TMP not found!

Registry entries deleted on Reboot...

und nochmal vielen vielen dank

markusg · 29.03.2012, 17:33

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Madhbrand · 29.03.2012, 19:12

Hab ich gemacht auch wenn aviria sich anscheinend trotz task manager nicht komplett beenden ließ -,-. Gab aber sons keine Komplikationen.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-29.02 - Sebastian 29.03.2012  19:42:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.6111 [GMT 2:00]
ausgeführt von:: d:\download\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sebastian\AppData\Roaming\PriceGong
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\1.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\a.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\b.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\c.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\d.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\e.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\f.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\g.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\h.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\i.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\j.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\k.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\l.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\m.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\n.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\o.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\p.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\q.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\r.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\s.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\t.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\u.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\v.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\w.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\wlu.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\x.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\y.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\z.txt
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_sidebar.exe        pid: 2168     D8: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources
-------\Service_WUDFHost.exe       pid: 1176     3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
-------\Service_WUDFHost.exe       pid: 1304     3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
-------\Service_WUDFHost.exe       pid: 4400     3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 17:53 . 2012-03-29 17:53	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2012-03-29 17:53 . 2012-03-29 17:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-29 15:54 . 2012-03-20 11:41	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2012-03-28 17:15 . 2012-03-28 17:15	750488	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-03-27 19:53 . 2012-03-28 17:16	--------	d-----w-	c:\program files (x86)\GridinSoft Trojan Killer
2012-03-24 15:45 . 2012-03-24 15:45	--------	d-----w-	c:\program files (x86)\Video Codec
2012-03-14 19:32 . 2012-03-14 19:32	--------	d-----w-	c:\users\Sebastian\AppData\Roaming\Avira
2012-03-14 19:26 . 2012-01-31 07:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-14 19:26 . 2012-01-31 07:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-14 19:26 . 2011-09-16 15:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-14 19:26 . 2012-03-14 19:26	--------	d-----w-	c:\programdata\Avira
2012-03-14 19:26 . 2012-03-14 19:26	--------	d-----w-	c:\program files (x86)\Avira
2012-03-14 15:25 . 2012-03-29 17:53	--------	d-----w-	c:\users\Sebastian\AppData\Local\LogMeIn Hamachi
2012-03-14 15:25 . 2012-03-14 15:25	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-03-12 14:35 . 2012-03-12 15:02	--------	d-----w-	c:\programdata\B7E858A700780F900003B9A9B4EB2367
2012-03-11 19:21 . 2012-03-11 19:21	--------	d-sh--w-	c:\users\Sebastian\AppData\Local\ab82230d
2012-03-09 13:51 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB7E22B7-C2C6-4C0B-A70F-F0DFD23A28E6}\mpengine.dll
2012-03-04 20:50 . 2012-03-04 20:51	--------	d-----w-	c:\users\Sebastian\AppData\Local\Facebook
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 17:15 . 2011-08-07 13:44	660368	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2011-03-24 17:26	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-19 12:28 . 2011-05-21 18:00	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 21:37 . 2011-06-14 13:02	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-01-29 21:37 . 2011-06-14 13:02	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-01-26 22:31 . 2011-08-11 18:12	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-01-26 15:53 . 2012-01-26 15:53	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-14 04:06 . 2012-02-16 14:14	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-05 21:26 . 2012-01-05 21:26	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 14:14	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 14:14	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Facebook Update"="c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-04 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-29 2152152]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-10-14 745832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-29 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17	302592	----a-w-	c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-03-20 16:02]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
- c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-04 20:50]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
- c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-04 20:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 20:27]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 20:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"combofix"="c:\combofix\CF26352.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\46roig29.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-ArtMoney SE_is1 - d:\games\starcraft2\ArtMoney\Uninstall\unins000.exe
AddRemove-BattlEye - d:\games\arma 2\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Die Gilde - c:\windows\unvise32.exe
AddRemove-Die Gilde 2 - Back to the Roots_is1 - d:\games\gilde\unins000.exe
AddRemove-Little Fighter 2 version 2.0a - c:\program files (x86)\LittleFighter2\LF2_v2.0a\Uninstal.exe
AddRemove-Patrizier II Gold_is1 - d:\games\patrizier 2\unins000.exe
AddRemove-Sierra-Dienstprogramme - c:\program files (x86)\Sierra On-Line\sutil32.exe
AddRemove-thriXXX WebLaunch - c:\program files (x86)\thriXXX\WebLaunch\WebLaunchUninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~2\VUZE_R~1\UNINST~1.EXE
AddRemove-{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1 - c:\program files (x86)\Hex-Editor MX\unins000.exe
AddRemove-Medal of Honor Deutsch Patch by ChrisXPS - d:\games\moh\Uninstal.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe        pid: 2168     D8: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe       pid: 1176     3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe       pid: 1304     3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe       pid: 4400     3C: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29  20:07:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-29 18:07
.
Vor Suchlauf: 9 Verzeichnis(se), 439.601.147.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 444.944.166.912 Bytes frei
.
- - End Of File - - 2F20B880D78D14777BE09B38584E4295

--- --- ---

markusg · 29.03.2012, 20:01

tdss killer nutzen, log posten
http://www.trojaner-board.de/82358-t...entfernen.html

Madhbrand · 29.03.2012, 20:18

TDSS Killer findet nichts,außerdem hab ich nicht ganz rausgefunden wo ich die logfile herkriege. Könnte mir das bitte einer erläutern =)?

Habs doch gefunden^^

Code:

ATTFilter

21:29:17.0599 6176	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:29:19.0612 6176	============================================================
21:29:19.0612 6176	Current date / time: 2012/03/29 21:29:19.0612
21:29:19.0612 6176	SystemInfo:
21:29:19.0612 6176	
21:29:19.0612 6176	OS Version: 6.1.7601 ServicePack: 1.0
21:29:19.0612 6176	Product type: Workstation
21:29:19.0612 6176	ComputerName: PC-SEBI
21:29:19.0612 6176	UserName: Sebastian
21:29:19.0612 6176	Windows directory: C:\Windows
21:29:19.0612 6176	System windows directory: C:\Windows
21:29:19.0612 6176	Running under WOW64
21:29:19.0612 6176	Processor architecture: Intel x64
21:29:19.0612 6176	Number of processors: 4
21:29:19.0612 6176	Page size: 0x1000
21:29:19.0612 6176	Boot type: Normal boot
21:29:19.0612 6176	============================================================
21:29:19.0861 6176	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:29:19.0877 6176	\Device\Harddisk0\DR0:
21:29:19.0877 6176	MBR used
21:29:19.0877 6176	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:29:19.0877 6176	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36EB6000
21:29:19.0877 6176	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36EE8800, BlocksNum 0x3D81D800
21:29:19.0924 6176	Initialize success
21:29:19.0924 6176	============================================================
21:29:21.0328 2036	============================================================
21:29:21.0328 2036	Scan started
21:29:21.0328 2036	Mode: Manual; 
21:29:21.0328 2036	============================================================
21:29:22.0061 2036	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:29:22.0061 2036	1394ohci - ok
21:29:22.0139 2036	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:29:22.0139 2036	acedrv11 - ok
21:29:22.0186 2036	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:29:22.0201 2036	ACPI - ok
21:29:22.0233 2036	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:29:22.0248 2036	AcpiPmi - ok
21:29:22.0389 2036	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:22.0404 2036	AdobeARMservice - ok
21:29:22.0467 2036	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:22.0467 2036	adp94xx - ok
21:29:22.0529 2036	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:22.0529 2036	adpahci - ok
21:29:22.0591 2036	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:22.0591 2036	adpu320 - ok
21:29:22.0638 2036	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:29:22.0638 2036	AeLookupSvc - ok
21:29:22.0701 2036	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:29:22.0701 2036	AFD - ok
21:29:22.0763 2036	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:29:22.0763 2036	agp440 - ok
21:29:22.0794 2036	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:29:22.0810 2036	ALG - ok
21:29:22.0857 2036	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:29:22.0857 2036	aliide - ok
21:29:22.0935 2036	AMD External Events Utility (3dc106c903c1bd42e2acc3d5deff9367) C:\Windows\system32\atiesrxx.exe
21:29:22.0935 2036	AMD External Events Utility - ok
21:29:22.0997 2036	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:29:22.0997 2036	amdide - ok
21:29:23.0044 2036	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:23.0044 2036	AmdK8 - ok
21:29:23.0215 2036	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:23.0247 2036	amdkmdag - ok
21:29:23.0278 2036	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:29:23.0278 2036	amdkmdap - ok
21:29:23.0309 2036	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:23.0309 2036	AmdPPM - ok
21:29:23.0340 2036	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:29:23.0340 2036	amdsata - ok
21:29:23.0356 2036	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:23.0356 2036	amdsbs - ok
21:29:23.0371 2036	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:29:23.0371 2036	amdxata - ok
21:29:23.0449 2036	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:29:23.0449 2036	AntiVirSchedulerService - ok
21:29:23.0465 2036	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:29:23.0481 2036	AntiVirService - ok
21:29:23.0543 2036	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:29:23.0543 2036	AppHostSvc - ok
21:29:23.0574 2036	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:29:23.0574 2036	AppID - ok
21:29:23.0605 2036	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:29:23.0605 2036	AppIDSvc - ok
21:29:23.0621 2036	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:29:23.0621 2036	Appinfo - ok
21:29:23.0652 2036	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:29:23.0652 2036	arc - ok
21:29:23.0668 2036	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:23.0668 2036	arcsas - ok
21:29:23.0715 2036	asmthub3        (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
21:29:23.0715 2036	asmthub3 - ok
21:29:23.0761 2036	asmtxhci        (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
21:29:23.0761 2036	asmtxhci - ok
21:29:23.0839 2036	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:29:23.0839 2036	aspnet_state - ok
21:29:23.0855 2036	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:23.0855 2036	AsyncMac - ok
21:29:23.0902 2036	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:29:23.0902 2036	atapi - ok
21:29:23.0917 2036	AthBTPort       (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
21:29:23.0917 2036	AthBTPort - ok
21:29:23.0949 2036	ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
21:29:23.0949 2036	ATHDFU - ok
21:29:23.0980 2036	AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:29:23.0980 2036	AtherosSvc - ok
21:29:24.0011 2036	AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
21:29:24.0011 2036	AtiHDAudioService - ok
21:29:24.0042 2036	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
21:29:24.0058 2036	atksgt - ok
21:29:24.0089 2036	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:24.0105 2036	AudioEndpointBuilder - ok
21:29:24.0105 2036	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:24.0120 2036	AudioSrv - ok
21:29:24.0167 2036	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:24.0167 2036	avgntflt - ok
21:29:24.0198 2036	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:24.0198 2036	avipbb - ok
21:29:24.0214 2036	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:29:24.0214 2036	avkmgr - ok
21:29:24.0245 2036	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:29:24.0245 2036	AxInstSV - ok
21:29:24.0276 2036	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:29:24.0276 2036	b06bdrv - ok
21:29:24.0323 2036	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:24.0323 2036	b57nd60a - ok
21:29:24.0432 2036	Bandoo Coordinator (799e48fdf68d388b1b9bcbb6bd062fa2) C:\Program Files (x86)\Bandoo\Bandoo.exe
21:29:24.0448 2036	Bandoo Coordinator - ok
21:29:24.0463 2036	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:29:24.0463 2036	BDESVC - ok
21:29:24.0479 2036	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:29:24.0479 2036	Beep - ok
21:29:24.0510 2036	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:29:24.0510 2036	BFE - ok
21:29:24.0557 2036	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:29:24.0557 2036	BITS - ok
21:29:24.0573 2036	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:24.0573 2036	blbdrive - ok
21:29:24.0619 2036	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:29:24.0619 2036	bowser - ok
21:29:24.0619 2036	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:24.0619 2036	BrFiltLo - ok
21:29:24.0635 2036	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:24.0635 2036	BrFiltUp - ok
21:29:24.0666 2036	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:29:24.0666 2036	BridgeMP - ok
21:29:24.0697 2036	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:29:24.0697 2036	Browser - ok
21:29:24.0713 2036	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:29:24.0713 2036	Brserid - ok
21:29:24.0729 2036	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:24.0729 2036	BrSerWdm - ok
21:29:24.0744 2036	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:24.0744 2036	BrUsbMdm - ok
21:29:24.0760 2036	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:24.0760 2036	BrUsbSer - ok
21:29:24.0791 2036	BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
21:29:24.0791 2036	BTATH_A2DP - ok
21:29:24.0822 2036	BTATH_BUS       (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
21:29:24.0822 2036	BTATH_BUS - ok
21:29:24.0838 2036	BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:29:24.0838 2036	BTATH_HCRP - ok
21:29:24.0853 2036	BTATH_LWFLT     (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:29:24.0853 2036	BTATH_LWFLT - ok
21:29:24.0853 2036	BTATH_RCP       (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:29:24.0869 2036	BTATH_RCP - ok
21:29:24.0885 2036	BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
21:29:24.0885 2036	BtFilter - ok
21:29:24.0916 2036	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:29:24.0916 2036	BthEnum - ok
21:29:24.0931 2036	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:24.0931 2036	BTHMODEM - ok
21:29:24.0947 2036	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:29:24.0947 2036	BthPan - ok
21:29:24.0963 2036	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:29:24.0978 2036	BTHPORT - ok
21:29:25.0009 2036	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:29:25.0009 2036	bthserv - ok
21:29:25.0025 2036	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:29:25.0025 2036	BTHUSB - ok
21:29:25.0150 2036	catchme - ok
21:29:25.0165 2036	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:25.0165 2036	cdfs - ok
21:29:25.0212 2036	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:29:25.0212 2036	cdrom - ok
21:29:25.0228 2036	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:25.0228 2036	CertPropSvc - ok
21:29:25.0259 2036	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:29:25.0259 2036	circlass - ok
21:29:25.0275 2036	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:29:25.0275 2036	CLFS - ok
21:29:25.0337 2036	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:25.0337 2036	clr_optimization_v2.0.50727_32 - ok
21:29:25.0353 2036	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:25.0368 2036	clr_optimization_v2.0.50727_64 - ok
21:29:25.0415 2036	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:25.0431 2036	clr_optimization_v4.0.30319_32 - ok
21:29:25.0446 2036	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:25.0446 2036	clr_optimization_v4.0.30319_64 - ok
21:29:25.0462 2036	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:25.0462 2036	CmBatt - ok
21:29:25.0493 2036	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:29:25.0493 2036	cmdide - ok
21:29:25.0540 2036	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:29:25.0540 2036	CNG - ok
21:29:25.0555 2036	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:25.0555 2036	Compbatt - ok
21:29:25.0587 2036	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:29:25.0587 2036	CompositeBus - ok
21:29:25.0587 2036	COMSysApp - ok
21:29:25.0602 2036	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:25.0602 2036	crcdisk - ok
21:29:25.0633 2036	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:29:25.0633 2036	CryptSvc - ok
21:29:25.0665 2036	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:25.0680 2036	DcomLaunch - ok
21:29:25.0696 2036	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:29:25.0696 2036	defragsvc - ok
21:29:25.0727 2036	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:25.0727 2036	DfsC - ok
21:29:25.0758 2036	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:29:25.0758 2036	Dhcp - ok
21:29:25.0774 2036	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:25.0774 2036	discache - ok
21:29:25.0805 2036	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:29:25.0805 2036	Disk - ok
21:29:25.0821 2036	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:29:25.0836 2036	Dnscache - ok
21:29:25.0852 2036	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:29:25.0867 2036	dot3svc - ok
21:29:25.0883 2036	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:29:25.0883 2036	DPS - ok
21:29:25.0914 2036	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:25.0914 2036	drmkaud - ok
21:29:25.0945 2036	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:29:25.0945 2036	dtsoftbus01 - ok
21:29:25.0992 2036	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:25.0992 2036	DXGKrnl - ok
21:29:26.0008 2036	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:29:26.0008 2036	EapHost - ok
21:29:26.0070 2036	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:29:26.0086 2036	ebdrv - ok
21:29:26.0117 2036	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:29:26.0117 2036	EFS - ok
21:29:26.0148 2036	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:29:26.0148 2036	ehRecvr - ok
21:29:26.0164 2036	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:29:26.0164 2036	ehSched - ok
21:29:26.0195 2036	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:26.0195 2036	elxstor - ok
21:29:26.0226 2036	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:26.0226 2036	ErrDev - ok
21:29:26.0242 2036	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:29:26.0242 2036	EventSystem - ok
21:29:26.0257 2036	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:26.0257 2036	exfat - ok
21:29:26.0289 2036	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:26.0289 2036	fastfat - ok
21:29:26.0320 2036	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:29:26.0335 2036	Fax - ok
21:29:26.0351 2036	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:29:26.0367 2036	fdc - ok
21:29:26.0367 2036	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:29:26.0382 2036	fdPHost - ok
21:29:26.0382 2036	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:29:26.0382 2036	FDResPub - ok
21:29:26.0398 2036	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:26.0398 2036	FileInfo - ok
21:29:26.0413 2036	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:26.0413 2036	Filetrace - ok
21:29:26.0413 2036	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:26.0413 2036	flpydisk - ok
21:29:26.0429 2036	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:26.0429 2036	FltMgr - ok
21:29:26.0460 2036	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:29:26.0476 2036	FontCache - ok
21:29:26.0523 2036	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:26.0523 2036	FontCache3.0.0.0 - ok
21:29:26.0538 2036	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:26.0538 2036	FsDepends - ok
21:29:26.0554 2036	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:26.0554 2036	Fs_Rec - ok
21:29:26.0585 2036	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:26.0585 2036	fvevol - ok
21:29:26.0601 2036	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:26.0601 2036	gagp30kx - ok
21:29:26.0632 2036	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:29:26.0647 2036	gpsvc - ok
21:29:26.0679 2036	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:26.0679 2036	gupdate - ok
21:29:26.0694 2036	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:26.0694 2036	gupdatem - ok
21:29:26.0710 2036	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:29:26.0710 2036	hamachi - ok
21:29:26.0819 2036	Hamachi2Svc     (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:29:26.0835 2036	Hamachi2Svc - ok
21:29:26.0850 2036	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:26.0850 2036	hcw85cir - ok
21:29:26.0881 2036	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:29:26.0881 2036	HdAudAddService - ok
21:29:26.0913 2036	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:26.0913 2036	HDAudBus - ok
21:29:26.0928 2036	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:26.0928 2036	HidBatt - ok
21:29:26.0928 2036	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:26.0928 2036	HidBth - ok
21:29:26.0959 2036	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:29:26.0959 2036	HidIr - ok
21:29:26.0975 2036	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:29:26.0975 2036	hidserv - ok
21:29:27.0006 2036	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:29:27.0006 2036	HidUsb - ok
21:29:27.0037 2036	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:29:27.0037 2036	hkmsvc - ok
21:29:27.0053 2036	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:29:27.0053 2036	HomeGroupListener - ok
21:29:27.0084 2036	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:29:27.0084 2036	HomeGroupProvider - ok
21:29:27.0115 2036	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:29:27.0115 2036	HpSAMD - ok
21:29:27.0147 2036	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:29:27.0147 2036	HTTP - ok
21:29:27.0178 2036	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:29:27.0178 2036	hwpolicy - ok
21:29:27.0209 2036	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:29:27.0209 2036	i8042prt - ok
21:29:27.0225 2036	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:29:27.0240 2036	iaStor - ok
21:29:27.0271 2036	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:29:27.0271 2036	IAStorDataMgrSvc - ok
21:29:27.0303 2036	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:29:27.0303 2036	iaStorV - ok
21:29:27.0349 2036	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:27.0365 2036	idsvc - ok
21:29:27.0381 2036	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:27.0381 2036	iirsp - ok
21:29:27.0443 2036	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:29:27.0459 2036	IKEEXT - ok
21:29:27.0537 2036	IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
21:29:27.0552 2036	IntcAzAudAddService - ok
21:29:27.0599 2036	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:29:27.0599 2036	intelide - ok
21:29:27.0615 2036	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:27.0615 2036	intelppm - ok
21:29:27.0630 2036	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:29:27.0646 2036	IPBusEnum - ok
21:29:27.0661 2036	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:27.0661 2036	IpFilterDriver - ok
21:29:27.0739 2036	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:29:27.0739 2036	iphlpsvc - ok
21:29:27.0755 2036	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:27.0755 2036	IPMIDRV - ok
21:29:27.0786 2036	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:29:27.0786 2036	IPNAT - ok
21:29:27.0802 2036	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:27.0802 2036	IRENUM - ok
21:29:27.0833 2036	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:27.0833 2036	isapnp - ok
21:29:27.0864 2036	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:27.0864 2036	iScsiPrt - ok
21:29:27.0942 2036	ISWKL           (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:29:27.0942 2036	ISWKL - ok
21:29:27.0989 2036	IswSvc          (f7b072b70575bf81a1336531de327081) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
21:29:27.0989 2036	IswSvc - ok
21:29:28.0005 2036	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:28.0005 2036	kbdclass - ok
21:29:28.0036 2036	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:28.0036 2036	kbdhid - ok
21:29:28.0067 2036	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:28.0067 2036	KeyIso - ok
21:29:28.0098 2036	KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:29:28.0098 2036	KMWDFILTER - ok
21:29:28.0145 2036	KMWDSERVICE     (0000a08bed0d9dcab5dd619602c19b98) C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
21:29:28.0145 2036	KMWDSERVICE - ok
21:29:28.0161 2036	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:29:28.0161 2036	KSecDD - ok
21:29:28.0176 2036	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:28.0176 2036	KSecPkg - ok
21:29:28.0207 2036	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:28.0207 2036	ksthunk - ok
21:29:28.0239 2036	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:29:28.0239 2036	KtmRm - ok
21:29:28.0270 2036	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:29:28.0270 2036	LanmanServer - ok
21:29:28.0301 2036	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:29:28.0301 2036	LanmanWorkstation - ok
21:29:28.0379 2036	Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
21:29:28.0395 2036	Lavasoft Ad-Aware Service - ok
21:29:28.0441 2036	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
21:29:28.0441 2036	Lavasoft Kernexplorer - ok
21:29:28.0457 2036	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
21:29:28.0457 2036	Lbd - ok
21:29:28.0488 2036	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:29:28.0488 2036	LGBusEnum - ok
21:29:28.0519 2036	LGSHidFilt      (6eb4aff7873275925a6eb2efeb5be933) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
21:29:28.0519 2036	LGSHidFilt - ok
21:29:28.0535 2036	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:29:28.0535 2036	LGVirHid - ok
21:29:28.0582 2036	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
21:29:28.0582 2036	lirsgt - ok
21:29:28.0613 2036	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:28.0613 2036	lltdio - ok
21:29:28.0660 2036	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:29:28.0660 2036	lltdsvc - ok
21:29:28.0675 2036	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:29:28.0675 2036	lmhosts - ok
21:29:28.0691 2036	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:28.0691 2036	LSI_FC - ok
21:29:28.0707 2036	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:28.0707 2036	LSI_SAS - ok
21:29:28.0722 2036	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:28.0722 2036	LSI_SAS2 - ok
21:29:28.0738 2036	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:28.0753 2036	LSI_SCSI - ok
21:29:28.0753 2036	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:29:28.0753 2036	luafv - ok
21:29:28.0831 2036	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:29:28.0831 2036	McComponentHostService - ok
21:29:28.0863 2036	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:29:28.0863 2036	Mcx2Svc - ok
21:29:28.0878 2036	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:29:28.0878 2036	megasas - ok
21:29:28.0894 2036	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:28.0894 2036	MegaSR - ok
21:29:28.0925 2036	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:29:28.0925 2036	MEIx64 - ok
21:29:28.0941 2036	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:28.0941 2036	MMCSS - ok
21:29:28.0956 2036	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:29:28.0956 2036	Modem - ok
21:29:28.0987 2036	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:29:28.0987 2036	monitor - ok
21:29:29.0034 2036	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:29.0034 2036	mouclass - ok
21:29:29.0050 2036	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:29.0050 2036	mouhid - ok
21:29:29.0081 2036	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:29:29.0081 2036	mountmgr - ok
21:29:29.0112 2036	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:29:29.0112 2036	mpio - ok
21:29:29.0128 2036	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:29:29.0128 2036	mpsdrv - ok
21:29:29.0175 2036	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:29:29.0175 2036	MpsSvc - ok
21:29:29.0206 2036	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:29:29.0206 2036	MRxDAV - ok
21:29:29.0237 2036	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:29.0237 2036	mrxsmb - ok
21:29:29.0268 2036	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:29.0268 2036	mrxsmb10 - ok
21:29:29.0299 2036	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:29.0299 2036	mrxsmb20 - ok
21:29:29.0315 2036	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:29:29.0315 2036	msahci - ok
21:29:29.0346 2036	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:29:29.0346 2036	msdsm - ok
21:29:29.0362 2036	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:29:29.0362 2036	MSDTC - ok
21:29:29.0377 2036	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:29:29.0377 2036	Msfs - ok
21:29:29.0393 2036	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:29.0393 2036	mshidkmdf - ok
21:29:29.0424 2036	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:29:29.0424 2036	msisadrv - ok
21:29:29.0440 2036	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:29:29.0440 2036	MSiSCSI - ok
21:29:29.0440 2036	msiserver - ok
21:29:29.0471 2036	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:29.0471 2036	MSKSSRV - ok
21:29:29.0471 2036	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:29.0471 2036	MSPCLOCK - ok
21:29:29.0471 2036	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:29:29.0487 2036	MSPQM - ok
21:29:29.0518 2036	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:29:29.0518 2036	MsRPC - ok
21:29:29.0533 2036	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:29:29.0533 2036	mssmbios - ok
21:29:29.0549 2036	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:29:29.0549 2036	MSTEE - ok
21:29:29.0565 2036	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:29.0565 2036	MTConfig - ok
21:29:29.0565 2036	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:29:29.0565 2036	Mup - ok
21:29:29.0596 2036	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:29:29.0596 2036	mv91xx - ok
21:29:29.0627 2036	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:29:29.0627 2036	napagent - ok
21:29:29.0658 2036	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:29.0658 2036	NativeWifiP - ok
21:29:29.0689 2036	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:29:29.0705 2036	NDIS - ok
21:29:29.0721 2036	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:29.0721 2036	NdisCap - ok
21:29:29.0736 2036	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:29.0736 2036	NdisTapi - ok
21:29:29.0783 2036	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:29.0783 2036	Ndisuio - ok
21:29:29.0799 2036	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:29.0814 2036	NdisWan - ok
21:29:29.0830 2036	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:29:29.0830 2036	NDProxy - ok
21:29:29.0845 2036	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:29:29.0845 2036	NetBIOS - ok
21:29:29.0877 2036	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:29:29.0877 2036	NetBT - ok
21:29:29.0908 2036	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:29.0908 2036	Netlogon - ok
21:29:29.0939 2036	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:29:29.0939 2036	Netman - ok
21:29:30.0017 2036	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0017 2036	NetMsmqActivator - ok
21:29:30.0033 2036	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0033 2036	NetPipeActivator - ok
21:29:30.0033 2036	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:29:30.0048 2036	netprofm - ok
21:29:30.0048 2036	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0048 2036	NetTcpActivator - ok
21:29:30.0048 2036	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0064 2036	NetTcpPortSharing - ok
21:29:30.0079 2036	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:30.0079 2036	nfrd960 - ok
21:29:30.0126 2036	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:29:30.0126 2036	NlaSvc - ok
21:29:30.0189 2036	nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
21:29:30.0189 2036	nosGetPlusHelper - ok
21:29:30.0204 2036	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:29:30.0204 2036	Npfs - ok
21:29:30.0220 2036	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:29:30.0220 2036	nsi - ok
21:29:30.0220 2036	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:29:30.0220 2036	nsiproxy - ok
21:29:30.0282 2036	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:29:30.0298 2036	Ntfs - ok
21:29:30.0313 2036	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:29:30.0313 2036	Null - ok
21:29:30.0329 2036	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:29:30.0329 2036	nusb3hub - ok
21:29:30.0345 2036	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:29:30.0345 2036	nusb3xhc - ok
21:29:30.0391 2036	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:29:30.0391 2036	nvraid - ok
21:29:30.0407 2036	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:29:30.0407 2036	nvstor - ok
21:29:30.0438 2036	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:29:30.0438 2036	nv_agp - ok
21:29:30.0469 2036	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:29:30.0469 2036	ohci1394 - ok
21:29:30.0501 2036	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:30.0501 2036	p2pimsvc - ok
21:29:30.0516 2036	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:29:30.0516 2036	p2psvc - ok
21:29:30.0532 2036	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:29:30.0532 2036	Parport - ok
21:29:30.0563 2036	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:29:30.0563 2036	partmgr - ok
21:29:30.0579 2036	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:29:30.0579 2036	PcaSvc - ok
21:29:30.0594 2036	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:29:30.0594 2036	pci - ok
21:29:30.0610 2036	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:29:30.0625 2036	pciide - ok
21:29:30.0625 2036	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:30.0625 2036	pcmcia - ok
21:29:30.0641 2036	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:29:30.0641 2036	pcw - ok
21:29:30.0672 2036	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:29:30.0672 2036	PEAUTH - ok
21:29:30.0719 2036	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:29:30.0719 2036	PerfHost - ok
21:29:30.0766 2036	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:29:30.0781 2036	pla - ok
21:29:30.0813 2036	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:29:30.0828 2036	PlugPlay - ok
21:29:30.0844 2036	PnkBstrA - ok
21:29:30.0875 2036	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:29:30.0875 2036	PNRPAutoReg - ok
21:29:30.0875 2036	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:30.0891 2036	PNRPsvc - ok
21:29:30.0906 2036	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:29:30.0906 2036	PolicyAgent - ok
21:29:30.0937 2036	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:29:30.0953 2036	Power - ok
21:29:30.0969 2036	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:30.0969 2036	PptpMiniport - ok
21:29:30.0984 2036	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:29:30.0984 2036	Processor - ok
21:29:31.0015 2036	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:29:31.0015 2036	ProfSvc - ok
21:29:31.0031 2036	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:31.0031 2036	ProtectedStorage - ok
21:29:31.0062 2036	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:29:31.0062 2036	Psched - ok
21:29:31.0109 2036	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:31.0125 2036	ql2300 - ok
21:29:31.0140 2036	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:31.0140 2036	ql40xx - ok
21:29:31.0171 2036	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:29:31.0171 2036	QWAVE - ok
21:29:31.0187 2036	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:29:31.0187 2036	QWAVEdrv - ok
21:29:31.0203 2036	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:31.0203 2036	RasAcd - ok
21:29:31.0218 2036	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:31.0218 2036	RasAgileVpn - ok
21:29:31.0249 2036	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:29:31.0249 2036	RasAuto - ok
21:29:31.0265 2036	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:31.0265 2036	Rasl2tp - ok
21:29:31.0281 2036	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:29:31.0296 2036	RasMan - ok
21:29:31.0296 2036	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:31.0296 2036	RasPppoe - ok
21:29:31.0312 2036	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:31.0312 2036	RasSstp - ok
21:29:31.0343 2036	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:31.0343 2036	rdbss - ok
21:29:31.0359 2036	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:31.0359 2036	rdpbus - ok
21:29:31.0374 2036	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:31.0374 2036	RDPCDD - ok
21:29:31.0390 2036	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:29:31.0390 2036	RDPENCDD - ok
21:29:31.0405 2036	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:29:31.0405 2036	RDPREFMP - ok
21:29:31.0437 2036	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:29:31.0437 2036	RDPWD - ok
21:29:31.0468 2036	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:29:31.0468 2036	rdyboost - ok
21:29:31.0499 2036	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:29:31.0499 2036	RemoteAccess - ok
21:29:31.0515 2036	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:29:31.0515 2036	RemoteRegistry - ok
21:29:31.0546 2036	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:31.0546 2036	RFCOMM - ok
21:29:31.0561 2036	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:29:31.0561 2036	RpcEptMapper - ok
21:29:31.0577 2036	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:29:31.0577 2036	RpcLocator - ok
21:29:31.0624 2036	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:31.0624 2036	RpcSs - ok
21:29:31.0639 2036	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:31.0639 2036	rspndr - ok
21:29:31.0671 2036	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:31.0671 2036	RTL8167 - ok
21:29:31.0686 2036	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:31.0686 2036	SamSs - ok
21:29:31.0702 2036	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:29:31.0717 2036	sbp2port - ok
21:29:31.0717 2036	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:29:31.0733 2036	SCardSvr - ok
21:29:31.0749 2036	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:31.0749 2036	scfilter - ok
21:29:31.0795 2036	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:29:31.0811 2036	Schedule - ok
21:29:31.0827 2036	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:31.0827 2036	SCPolicySvc - ok
21:29:31.0842 2036	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:29:31.0842 2036	SDRSVC - ok
21:29:31.0873 2036	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:29:31.0873 2036	secdrv - ok
21:29:31.0889 2036	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:29:31.0889 2036	seclogon - ok
21:29:31.0905 2036	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:29:31.0905 2036	SENS - ok
21:29:31.0920 2036	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:29:31.0920 2036	SensrSvc - ok
21:29:31.0936 2036	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:29:31.0936 2036	Serenum - ok
21:29:31.0951 2036	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:29:31.0951 2036	Serial - ok
21:29:31.0983 2036	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:31.0983 2036	sermouse - ok
21:29:32.0014 2036	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:29:32.0014 2036	SessionEnv - ok
21:29:32.0045 2036	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:29:32.0045 2036	sffdisk - ok
21:29:32.0045 2036	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:32.0045 2036	sffp_mmc - ok
21:29:32.0061 2036	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:29:32.0061 2036	sffp_sd - ok
21:29:32.0076 2036	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:32.0076 2036	sfloppy - ok
21:29:32.0107 2036	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:29:32.0107 2036	SharedAccess - ok
21:29:32.0139 2036	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:29:32.0154 2036	ShellHWDetection - ok
21:29:32.0170 2036	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:32.0170 2036	SiSRaid2 - ok
21:29:32.0185 2036	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:32.0185 2036	SiSRaid4 - ok
21:29:32.0201 2036	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:29:32.0201 2036	Smb - ok
21:29:32.0232 2036	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:29:32.0232 2036	SNMPTRAP - ok
21:29:32.0248 2036	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:29:32.0248 2036	spldr - ok
21:29:32.0263 2036	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:29:32.0263 2036	Spooler - ok
21:29:32.0357 2036	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:29:32.0373 2036	sppsvc - ok
21:29:32.0388 2036	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:29:32.0388 2036	sppuinotify - ok
21:29:32.0419 2036	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:29:32.0419 2036	srv - ok
21:29:32.0435 2036	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:29:32.0435 2036	srv2 - ok
21:29:32.0451 2036	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:32.0451 2036	srvnet - ok
21:29:32.0466 2036	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:29:32.0466 2036	SSDPSRV - ok
21:29:32.0482 2036	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:29:32.0482 2036	SstpSvc - ok
21:29:32.0529 2036	Steam Client Service - ok
21:29:32.0544 2036	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:32.0544 2036	stexstor - ok
21:29:32.0575 2036	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:29:32.0591 2036	stisvc - ok
21:29:32.0607 2036	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:29:32.0607 2036	swenum - ok
21:29:32.0622 2036	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:29:32.0622 2036	swprv - ok
21:29:32.0669 2036	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:29:32.0669 2036	SysMain - ok
21:29:32.0700 2036	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:29:32.0700 2036	TabletInputService - ok
21:29:32.0747 2036	tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
21:29:32.0747 2036	tap0901t - ok
21:29:32.0778 2036	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:29:32.0778 2036	TapiSrv - ok
21:29:32.0794 2036	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:29:32.0809 2036	TBS - ok
21:29:32.0856 2036	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:29:32.0872 2036	Tcpip - ok
21:29:32.0919 2036	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:32.0919 2036	TCPIP6 - ok
21:29:32.0950 2036	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:29:32.0950 2036	tcpipreg - ok
21:29:32.0965 2036	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:29:32.0965 2036	TDPIPE - ok
21:29:32.0981 2036	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:29:32.0981 2036	TDTCP - ok
21:29:32.0997 2036	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:29:33.0012 2036	tdx - ok
21:29:33.0028 2036	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:29:33.0028 2036	TermDD - ok
21:29:33.0043 2036	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:29:33.0059 2036	TermService - ok
21:29:33.0075 2036	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:29:33.0075 2036	Themes - ok
21:29:33.0090 2036	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:33.0090 2036	THREADORDER - ok
21:29:33.0106 2036	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:29:33.0106 2036	TrkWks - ok
21:29:33.0137 2036	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:29:33.0137 2036	TrustedInstaller - ok
21:29:33.0168 2036	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:33.0168 2036	tssecsrv - ok
21:29:33.0184 2036	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:29:33.0184 2036	TsUsbFlt - ok
21:29:33.0231 2036	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:33.0231 2036	tunnel - ok
21:29:33.0309 2036	TunngleService  (de4fa36e187db4242df8fff2e2a86631) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
21:29:33.0324 2036	TunngleService - ok
21:29:33.0324 2036	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:33.0340 2036	uagp35 - ok
21:29:33.0371 2036	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:29:33.0371 2036	udfs - ok
21:29:33.0387 2036	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:29:33.0387 2036	UI0Detect - ok
21:29:33.0402 2036	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:29:33.0402 2036	uliagpkx - ok
21:29:33.0433 2036	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:29:33.0433 2036	umbus - ok
21:29:33.0449 2036	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:29:33.0449 2036	UmPass - ok
21:29:33.0465 2036	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:29:33.0480 2036	upnphost - ok
21:29:33.0511 2036	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:33.0511 2036	usbccgp - ok
21:29:33.0527 2036	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:29:33.0527 2036	usbcir - ok
21:29:33.0558 2036	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:33.0558 2036	usbehci - ok
21:29:33.0574 2036	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:33.0574 2036	usbhub - ok
21:29:33.0605 2036	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:29:33.0605 2036	usbohci - ok
21:29:33.0605 2036	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:33.0605 2036	usbprint - ok
21:29:33.0621 2036	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:33.0621 2036	USBSTOR - ok
21:29:33.0636 2036	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:29:33.0636 2036	usbuhci - ok
21:29:33.0652 2036	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:29:33.0652 2036	UxSms - ok
21:29:33.0683 2036	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:33.0683 2036	VaultSvc - ok
21:29:33.0683 2036	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:29:33.0699 2036	vdrvroot - ok
21:29:33.0730 2036	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:29:33.0730 2036	vds - ok
21:29:33.0745 2036	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:33.0745 2036	vga - ok
21:29:33.0745 2036	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:29:33.0745 2036	VgaSave - ok
21:29:33.0777 2036	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:29:33.0777 2036	vhdmp - ok
21:29:33.0792 2036	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:29:33.0792 2036	viaide - ok
21:29:33.0808 2036	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:29:33.0808 2036	volmgr - ok
21:29:33.0839 2036	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:29:33.0855 2036	volmgrx - ok
21:29:33.0870 2036	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:29:33.0870 2036	volsnap - ok
21:29:33.0917 2036	Vsdatant        (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
21:29:33.0917 2036	Vsdatant - ok
21:29:33.0964 2036	vsmon - ok
21:29:33.0979 2036	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:33.0979 2036	vsmraid - ok
21:29:34.0026 2036	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:29:34.0042 2036	VSS - ok
21:29:34.0073 2036	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:29:34.0073 2036	vwifibus - ok
21:29:34.0073 2036	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:29:34.0089 2036	W32Time - ok
21:29:34.0135 2036	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:34.0151 2036	W3SVC - ok
21:29:34.0151 2036	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:34.0167 2036	WacomPen - ok
21:29:34.0182 2036	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:34.0182 2036	WANARP - ok
21:29:34.0182 2036	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:34.0182 2036	Wanarpv6 - ok
21:29:34.0198 2036	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:34.0213 2036	WAS - ok
21:29:34.0260 2036	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:29:34.0276 2036	wbengine - ok
21:29:34.0291 2036	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:29:34.0291 2036	WbioSrvc - ok
21:29:34.0338 2036	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:29:34.0338 2036	wcncsvc - ok
21:29:34.0338 2036	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:29:34.0354 2036	WcsPlugInService - ok
21:29:34.0354 2036	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:29:34.0354 2036	Wd - ok
21:29:34.0385 2036	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:29:34.0385 2036	Wdf01000 - ok
21:29:34.0401 2036	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:34.0401 2036	WdiServiceHost - ok
21:29:34.0416 2036	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:34.0416 2036	WdiSystemHost - ok
21:29:34.0447 2036	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:29:34.0447 2036	WebClient - ok
21:29:34.0463 2036	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:29:34.0463 2036	Wecsvc - ok
21:29:34.0494 2036	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:29:34.0494 2036	wercplsupport - ok
21:29:34.0525 2036	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:29:34.0525 2036	WerSvc - ok
21:29:34.0541 2036	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:34.0541 2036	WfpLwf - ok
21:29:34.0557 2036	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:29:34.0557 2036	WIMMount - ok
21:29:34.0588 2036	WinDefend - ok
21:29:34.0603 2036	WinHttpAutoProxySvc - ok
21:29:34.0650 2036	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:29:34.0650 2036	Winmgmt - ok
21:29:34.0713 2036	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:29:34.0728 2036	WinRM - ok
21:29:34.0775 2036	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:29:34.0775 2036	Wlansvc - ok
21:29:34.0884 2036	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:34.0900 2036	wlidsvc - ok
21:29:34.0931 2036	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:29:34.0931 2036	WmiAcpi - ok
21:29:34.0947 2036	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:34.0947 2036	wmiApSrv - ok
21:29:34.0947 2036	WMPNetworkSvc - ok
21:29:34.0962 2036	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:29:34.0962 2036	WPCSvc - ok
21:29:34.0978 2036	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:29:34.0978 2036	WPDBusEnum - ok
21:29:34.0993 2036	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:34.0993 2036	ws2ifsl - ok
21:29:35.0009 2036	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:29:35.0009 2036	wscsvc - ok
21:29:35.0025 2036	WSearch - ok
21:29:35.0071 2036	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:29:35.0087 2036	wuauserv - ok
21:29:35.0103 2036	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:35.0103 2036	WudfPf - ok
21:29:35.0118 2036	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:35.0118 2036	WUDFRd - ok
21:29:35.0134 2036	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:29:35.0134 2036	wudfsvc - ok
21:29:35.0149 2036	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:29:35.0149 2036	WwanSvc - ok
21:29:35.0212 2036	xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
21:29:35.0212 2036	xusb21 - ok
21:29:35.0259 2036	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:35.0305 2036	\Device\Harddisk0\DR0 - ok
21:29:35.0305 2036	Boot (0x1200)   (cf0f9e95c291bfe3db32c743889fd440) \Device\Harddisk0\DR0\Partition0
21:29:35.0305 2036	\Device\Harddisk0\DR0\Partition0 - ok
21:29:35.0321 2036	Boot (0x1200)   (9f788c3f6aa99293229e4ff2addf2b77) \Device\Harddisk0\DR0\Partition1
21:29:35.0321 2036	\Device\Harddisk0\DR0\Partition1 - ok
21:29:35.0337 2036	Boot (0x1200)   (a899ccaabb6537ad95a1c911400617f2) \Device\Harddisk0\DR0\Partition2
21:29:35.0337 2036	\Device\Harddisk0\DR0\Partition2 - ok
21:29:35.0337 2036	============================================================
21:29:35.0337 2036	Scan finished
21:29:35.0337 2036	============================================================
21:29:35.0337 1244	Detected object count: 0
21:29:35.0337 1244	Actual detected object count: 0
21:29:37.0833 6720	Deinitialize success

markusg · 30.03.2012, 10:32

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Madhbrand · 30.03.2012, 17:58

bitteschön =)

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sebastian :: PC-SEBI [Administrator]

30.03.2012 18:23:33
mbam-log-2012-03-30 (18-23-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397421
Laufzeit: 33 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 30.03.2012, 19:48

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Madhbrand · 30.03.2012, 22:11

erledigt

Code:

ATTFilter

 7-Zip 9.20 (x64 edition)	Igor Pavlov	23.06.2011	4,53MB	9.20.00.0                                                              notwenig
Ad-Aware	Lavasoft	24.03.2011	                                                                                                                                                      notwendig	
Ad-Aware	Lavasoft Limited	28.03.2012	34,6MB	9.0.7                                                                                                           notwendig
Adobe Download Manager	NOS Microsystems Ltd.	23.03.2011		1.6.2.100                                              notwendig
Adobe Flash Player 10 ActiveX 64-bit	Adobe Systems Incorporated	23.03.2011	6,00MB	10.3.162.28                        notwendig
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	18.02.2012	6,00MB	11.1.102.62                        notwendig
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	17.11.2011	6,00MB	11.1.102.55                        notwendig
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	12.01.2012	168,2MB	10.1.2                                   notwendig
ArtMoney SE v7.37.1	System SoftLab	25.06.2011		7.37                                                                         unnötig
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	25.01.2012	2,23MB	1.10.0.0              unbekannt
Avira Free Antivirus	Avira	13.03.2012	109,3MB	12.0.0.898                                                                                                  notwendig
BattlEye Uninstall		16.09.2011		                                                                                                                      unbekannt
BlueJ	BlueJ Team	22.11.2011	9,24MB	3.0.6                                                                                                             notwendig
Bluetooth Win7 Suite (64)	Atheros Communications	22.03.2011	59,1MB	7.2.0.40                                                  notwendig
Call of Duty: Modern Warfare 3 - Multiplayer	Infinity Ward - Sledgehammer Games	16.02.2012		           unnötig
Call of Juarez - Bound in Blood	Ubisoft	29.05.2011	2.892MB	1.00.0000                                                                                 unnötig
CCleaner	Piriform	29.03.2012		3.17                                                                                                                                notwendig
DAEMON Tools Lite	DT Soft Ltd	25.01.2012		4.45.2.0287                                                                              hilfreich aber nicht notwendig
Diamond 10.10 2400-5900 And 6800 Win7Vista	Diamond Multimedia	10.05.2011		3.0.795.0            notwendig
Die Gilde		19.09.2011		                                                                                                                                         notwendig
Die Gilde 2 - Back to the Roots Patch v1.2	Gilde2.de	19.08.2011                                                                                                  unnötig		
Die Gilde Gold-Edition	JoWooD Productions Software AG	09.08.2011		2.06                                        notwendig
Die Gilde Update v1.04a		19.09.2011                                                                                                                                      notwendig		
DriverBoost	DriverBoost	18.01.2012	7,67MB	7                                                                                                    unnötig
Empire: Total War	The Creative Assembly	09.02.2012                                                                                                                     unnötig		
Facebook Video Calling 1.2.0.159	Skype Limited	20.03.2012	4,76MB	1.2.159                                                     unbekannt
GameShadow	Ihr Firmenname	21.10.2011	17,1MB	2.01.0000                                                                                    unbekannt
GIMP 2.6.8		20.11.2011                                                                                                                                                         unnötig		
Hex-Editor MX	NEXT-Soft	09.08.2011		6.0                                                                                                                   unnötig
Hitman Blood Money	Eidos	21.10.2011		1.00.0000                                                                                    unnötig
Intel(R) Control Center	Intel Corporation	28.03.2012		1.2.1.1007                                                                 notwendig
Intel(R) Management Engine Components	Intel Corporation	28.03.2012		7.0.0.1144                           notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	28.03.2012		10.0.0.1046                                          notwendig
Java(TM) 6 Update 26 (64-bit)	Oracle	06.08.2011	91,6MB	6.0.260                                                                                      notwendig
Java(TM) 6 Update 30	Oracle	04.01.2012	95,2MB	6.0.300                                                                                      notwendig
Java(TM) 7 Update 3 (64-bit)	Oracle	27.03.2012	93,7MB	7.0.30                                                                                         notwendig
Java(TM) SE Development Kit 7 Update 1 (64-bit)	Oracle	22.11.2011	140,9MB	1.7.0.10                                                  notwendig
JDownloader 0.9	AppWork GmbH	13.09.2011		0.9                                                                                               notwendig
Keyboard Driver	Driver Builder	26.12.2011	3,43MB	5.1                                                                                               notwendig
Landwirtschafts Simulator 2011	GIANTS Software	08.12.2011	768MB	1.0                                                            sehr unnötig!!!
League of Legends	Riot Games	15.08.2011		1.02.0000                                                                                  notwendig
LEGO Star Wars III The Clone Wars	LucasArts	21.01.2012		1.0                                                                             unnötig
Little Fighter 2 version 2.0a		29.09.2011                                                                                                                                     unnötig		
Logitech Gaming Software 8.00	Logitech Inc.	10.08.2011	28,8MB	8.00.127                                                 notwendig                                               
LogMeIn Hamachi	LogMeIn, Inc.	13.03.2012		2.1.0.166                                                                                   notwendig
Magicka	Arrowhead Game Studios AB	24.01.2012                                                                                                                                    notwendig		
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	29.03.2012	17,4MB	1.60.1.1000       notwendig
marvell 91xx driver	Marvell	25.01.2012		1.0.0.1051                                                                                                   unbekannt
McAfee Security Scan Plus	McAfee, Inc.	01.12.2011	8,30MB	2.0.181.2                                                                  unnötig?!
Microsoft .NET Framework 1.1		16.04.2011                                                                                                                    notwendig                                                                                                                                                                                                                                  notwendig		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.10.2011	38,8MB	4.0.30319            notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.10.2011	2,94MB	4.0.30319    notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	07.10.2011	52,0MB	4.0.30319                                                         notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	07.10.2011	10,7MB	4.0.30319                     notwendig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	24.08.2011	31,3MB	3.5.88.0                         unnötig
Microsoft Games for Windows Marketplace	Microsoft Corporation	26.08.2011	6,04MB	3.5.50.0                                           unnötig
Microsoft Office 2000 Premium	Microsoft Corporation	26.05.2011	252MB	9.00.2816                                                         notwendig
Microsoft Silverlight	Microsoft Corporation	15.02.2012	60,4MB	4.1.10111.0                                                                                         notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.11.2011	2,38MB	8.0.59193                                                  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	23.03.2011	0,77MB	9.0.30729              notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	25.08.2011	0,77MB	9.0.30729.6161   notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	06.04.2011	5,77MB	9.0.21022                               notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	31.03.2011	0,23MB	9.0.30729                               notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.03.2011	0,23MB	9.0.30729             notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.03.2011	0,58MB	9.0.30729.4148  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.08.2011	0,59MB	9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	23.12.2011	15,0MB	10.0.40219    notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	13.09.2011	0,92MB	3.0.5305.0                                                                                              notwendig
Microsoft Xbox 360 Accessories 1.2	Microsoft	24.07.2011	7,82MB	1.20.146.0                                                                                              notwendig
Microsoft XNA Framework Redistributable 3.1	Microsoft Corporation	26.01.2012	7,55MB	3.1.10527.0                                      notwendig
Mozilla Firefox 8.0 (x86 de)	Mozilla	17.11.2011	34,9MB	8.0                                                                                                                              notwendig
Mozilla Thunderbird (3.1.20)	Mozilla	25.03.2012		3.1.20 (de)                                                                                                                notwendig
Notepad++		17.09.2011		5.9.3                                                                                                                                            unnötig
NVIDIA PhysX	NVIDIA Corporation	30.09.2011	78,9MB	9.10.0513                                                                                                                notwendig
Oblivion	Bethesda Softworks	03.10.2011		1.00.0000                                                                                                                                  unnötig
Paint.NET v3.5.10	dotPDN LLC	14.01.2012	10,7MB	3.60.0                                                                                                                        unnötig
Patch v4.1	RUNEFORGE Games Studios	20.08.2011	66,2MB	                                                                                                                   notwendig
Patch v4.17b Update	RUNEFORGE Games Studios	21.08.2011	48,5MB                                                                                                      notwendig	
Patrizier II Gold		03.12.2011                                                                                                                                                                                        unnötig		
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	17.09.2011		11.0.0.14                                                                                unbekannt
PunkBuster Services	Even Balance, Inc.	28.01.2012		0.991                                                                                                         unnötig
Realtek Ethernet Controller Driver	Realtek	22.03.2011		7.31.1025.2010                                                                                      notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	19.01.2012		6.0.1.6235                                                             notwendig
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	22.03.2011	1,03MB	2.0.4.0                                notwendig
Sierra-Dienstprogramme		07.08.2011                                                                                                                                                                      unnötig		
Skype™ 4.0	Skype Technologies S.A.	14.04.2011	29,8MB	4.0.206                                                                                                      notwendig
StarCraft II	Blizzard Entertainment	21.02.2012		1.4.3.21029                                                                                             notwendig
Steam	Valve Corporation	05.04.2011	35,5MB	1.0.0.0                                                                                                                                            notwendig
Syndicate		23.03.2012                                                                                                                                                                                                       unnötig		
System Requirements Lab CYRI (64-bit)	Husdawg, LLC	16.12.2011	0,61MB	4.5.1.0                                                                                    unbekannt                                                                                  
TeamSpeak 3 Client	TeamSpeak Systems GmbH	21.06.2011                                                                                                                                                  unnötig		
The Darkness II Demo	Digital Extremes	27.01.2012                                                                                                                                                  unnötig		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	22.12.2011                                                                                                                                 notwendig		
thriXXX WebLaunch	thriXXX	01.08.2011		1.0                                                                                                                                                unbekannt
Tunngle beta	Tunngle.net GmbH	11.11.2011                                                                                                                                                                    notwendig		
Ubisoft Game Launcher	UBISOFT	28.01.2012		1.0.0.0                                                                                                                       notwendig
UnderCoverXP 1.23	Wicked & Wild Inc.	14.01.2012	2,12MB	                                                                                                                                    unnötig                                                                                                                                  notwendig
uTorrentBar_DE Toolbar	uTorrentBar_DE	11.12.2011                                                                                                                                                  unnötig		
Vuze Remote Toolbar	Vuze Remote	23.08.2011		6.3.3.3                                                                                                      unnötig
Windows Live ID Sign-in Assistant	Microsoft Corporation	28.11.2011	10,0MB	6.500.3165.0                                                      unbekannt
WinRAR 4.00 (64-Bit)	win.rar GmbH	10.05.2011		4.00.0                                                                                                       notwendig
ZoneAlarm	Check Point, Inc	25.11.2011		9.2.105.000                                                                                                              notwendig
ZoneAlarm Toolbar	Check Point Software Technologies	25.11.2011                                                                                                                                notwendig

markusg · 31.03.2012, 16:21

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
ArtMoney
BattlEye
Call of Duty:
Call of Juarez
Die Gilde : alle unnötigen
DriverBoost
Empire:
Facebook
GIMP
Hex
Hitman
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren

deinstaliere:
Landwirtschafts
LEGO
Little Fighter
McAfee
Notepad
Oblivion
Paint
Patrizier
PunkBuster
Sierra
Syndicate
TeamSpeak
The Darkness
UnderCoverXP
uTorrentBar_DE
Vuze
Windows Live
ZoneAlarm : beide
diese firewall leistet nichts, was die windows eigene nicht kann, also überflüssig.
öffne CCleaner analysieren bereinigen neustart
testen wie der pc läuft

Madhbrand · 31.03.2012, 19:19

Hab alles deinstalliert und neu konfiguriert wie beschrieben, Pc läuft einwandfrei (sogar einen tick schneller). Schonmal großen Dank dafür!! Ich wollte noch Fragen welchen Browser ihr am meisten empfehlt kann mich nicht recht zwischen explorer,Firefox und Chrome entscheiden ^^

Hab doch ein kleines Problem bemerkt, meine Internetverbindung bricht alle 10-15 für ein paar sekunden zusammen bevor es sich automatisch wieder neu verbindet. Woran kann das liegen?

Nach einiger Zeit googlen hab ich rausgefunden das dieses problem angeblich mit der Deinstallation von ZoneAlarm(scheiß Programm!!!) zusammenhängt, hab aber keine ahnung was ich machen soll um dies zu beheben. Soll ich nochmal mit otl logfiles erstellen?

Ps: Hab ZoneAlarm neuinstalliert was fürs erste das Problem behoben hat.

markusg · 01.04.2012, 17:54

hmm, evtl. alle erstellten regeln löschen und die deinstalation mit rewo versuchen:
http://www.hijackthis-forum.de/tipps...installer.html

29.03.2012, 20:01	#7
markusg /// Malware-holic	Bka-virus otl logfile tdss killer nutzen, log posten http://www.trojaner-board.de/82358-t...entfernen.html __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Bka-virus otl logfile

Log-Analyse und Auswertung: Bka-virus otl logfile