|
Plagegeister aller Art und deren Bekämpfung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.03.2012, 21:01 | #1 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Hallo, vor einigen Stunden habe ich die Meldung "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." bekommen und seitdem komme ich nicht mehr ins Windows. Ich habe den PC schon im abgesicherten Modus mit Netzwerkunterstützung gestartet und sowohl mit Malwarebytes' Anti-Malware, als auch mit Antivir einen Systemcheck durchgeführt. Anti-Malware hatte ein paar Funde, die ich danach gesäubert habe. Allerdings ist die Warnmeldung unter Windows nach wie vor vorhanden. Jetzt bin ich ein bisschen ratlos und wende mich daher hilfesuchend an euch. Betriebssystem ist Win 7 Home Premium Service Pack 1 (64 Bit). OTL-Logs habe ich schon erstellt, sie befinden sich im Anhang. Da die OTL.txt zu groß war, habe ich beide Dateien (OTL und Extras) gezippt. Den Log von Malwarebytes' Anti-Malware mit den Funden habe ich auch beigefügt. Für Hilfe wäre ich wirklich sehr dankbar. |
30.03.2012, 15:57 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
30.03.2012, 18:53 | #3 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Danke schonmal für die Hilfe.
__________________ESET ist durchgelaufen, habe alles befolgt wie beschrieben, hier die log.txt: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-29 05:08:57 # local_time=2012-03-29 07:08:57 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2250348 2250348 0 0 # compatibility_mode=5893 16776574 100 94 1966551 84669598 0 0 # compatibility_mode=8192 67108863 100 0 270 270 0 0 # scanned=40635 # found=0 # cleaned=0 # scan_time=1189 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=47935f6f7bb2f8488d784200fd034e01 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-30 05:41:01 # local_time=2012-03-30 07:41:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2332722 2332722 0 0 # compatibility_mode=5893 16776574 100 94 2048925 84751972 0 0 # compatibility_mode=8192 67108863 100 0 82644 82644 0 0 # scanned=445611 # found=2 # cleaned=0 # scan_time=7138 C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe a variant of Win32/Kryptik.ADFV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\49899aba-6a9c7c82 a variant of Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I |
30.03.2012, 20:01 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
01.04.2012, 20:34 | #5 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." EDIT: Im ersten Moment schien der normale Modus wieder zu funktionieren, weil bisher immer sofort der schwarze Bildschirm mit der Bezahlaufforderung kam und das diesmal ausblieb. Nach 15 Minuten kam er dann aber doch wieder. Im Startmenü vermisse ich soweit eigentlich nichts. |
02.04.2012, 11:18 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." |
02.04.2012, 16:27 | #7 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." So, alles ausgeführt. Hier das OTL-Log. Warum Opera allerdings als laufender Prozess aufgeführt wird, obwohl ich ihn extra vor dem Klick auf "Quick Scan" beendet habe, ist mir schleierhaft. Code:
ATTFilter OTL logfile created on: 02.04.2012 17:04:01 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Christoph\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 7,17 Gb Available Physical Memory | 89,79% Memory free 15,96 Gb Paging File | 15,18 Gb Available in Paging File | 95,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1547,35 Gb Free Space | 85,40% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 29,97 Gb Free Space | 59,93% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 347,46 Gb Free Space | 37,30% Space Free | Partition Type: NTFS Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\..\SearchScopes,DefaultScope = {5533C762-1B10-4633-820A-3E3C2C2057A0} IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\..\SearchScopes\{5533C762-1B10-4633-820A-3E3C2C2057A0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.29 20:07:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.11 20:09:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Christoph\AppData\Roaming\10016 [2012.03.15 11:36:19 | 000,000,000 | ---D | M] [2012.03.11 20:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.03.11 20:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.15 11:36:19 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\CHRISTOPH\APPDATA\ROAMING\10016 [2012.02.16 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [SkypePM] C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe File not found O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F705B830-3D09-48E9-8657-CD0CA5A0FE70}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell - "" = AutoRun O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.04.02 16:50:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.03.29 20:28:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.03.29 20:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.03.29 20:07:45 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.03.29 20:07:45 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.03.29 20:07:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.29 20:07:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.03.29 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.03.29 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.03.29 19:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.29 19:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.29 19:37:02 | 003,645,304 | ---- | C] (Piriform Ltd) -- C:\Users\Christoph\Desktop\ccsetup317.exe [2012.03.29 18:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.29 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2012.03.29 17:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.29 17:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.29 17:33:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.29 17:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.28 23:47:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.28 23:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.03.28 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation [2012.03.28 22:50:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\.thumbnails [2012.03.28 22:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.03.25 19:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2012.03.25 19:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2012.03.25 18:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII [2012.03.25 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.03.25 15:32:59 | 000,000,000 | ---D | C] -- C:\Downloads [2012.03.25 15:27:24 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.03.24 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\LOLReplay [2012.03.22 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Braid [2012.03.22 20:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.03.22 20:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.03.22 20:31:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\FUSSBALL MANAGER 12 [2012.03.21 12:01:54 | 000,000,000 | ---D | C] -- C:\Users\Christoph\riotsGamesLogs [2012.03.21 01:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.03.20 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Apps [2012.03.20 17:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.03.20 17:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.03.20 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.03.20 17:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012.03.20 17:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.03.20 17:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS5 [2012.03.15 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\UAs [2012.03.15 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\10016 [2012.03.15 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xmldm [2012.03.15 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\kock [2012.03.13 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\BioWare [2012.03.13 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\ICQ [2012.03.13 12:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2012.03.13 12:56:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Last.fm [2012.03.13 12:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2012.03.13 12:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm [2012.03.13 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Spotify [2012.03.13 12:43:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Spotify [2012.03.11 20:11:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Mozilla [2012.03.11 20:11:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Mozilla [2012.03.11 20:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.11 13:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.03.11 13:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.03.11 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Microsoft Help [2012.03.11 13:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.03.11 13:14:39 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.03.09 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\vlc [2012.03.09 18:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2012.03.09 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2012.03.09 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2012.03.09 16:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2012.03.08 01:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.08 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.03.05 23:30:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\EA Games [2012.03.05 23:08:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Prince of Persia [2012.03.05 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2012.03.05 22:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2012.03.05 22:59:33 | 001,347,584 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2012.03.05 22:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2012.03.05 22:59:13 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.03.05 22:59:13 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.03.05 22:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.03.05 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Rockstar Games [2012.03.05 22:26:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.03.05 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Rockstar Games [2012.03.05 22:18:12 | 000,000,000 | RH-D | C] -- C:\Users\Christoph\AppData\Roaming\SecuROM [2012.03.05 22:18:11 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.03.05 21:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012.03.05 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client [2012.03.05 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\SoftGrid Client [2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.03.05 19:29:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TP [2012.03.05 14:29:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.03.05 14:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.03.05 14:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.03.05 14:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.03.05 13:29:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Adobe [2012.03.05 12:56:45 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\My Games [2012.03.05 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2012.03.04 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\ElevatedDiagnostics [2012.03.04 23:23:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Diagnostics [2012.03.03 22:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2012.03.03 20:44:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.03.03 20:43:51 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\NVIDIA [2012.03.03 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Eidos [2012.03.03 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Diablo III [2012.03.03 20:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.03.03 20:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.03.03 20:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.03.03 20:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012.03.03 20:30:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.03.03 20:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.03.03 20:30:06 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.03.03 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.03.03 20:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos [2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.03.03 20:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.03.03 20:22:29 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Winamp [2012.03.03 20:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2012.03.03 20:01:30 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\LolClient [2012.03.03 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover [2012.03.03 19:58:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon [2012.03.03 19:55:06 | 000,564,792 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.03.03 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.03.03 19:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.03.03 19:49:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite [2012.03.03 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.03.03 19:01:59 | 000,000,000 | ---D | C] -- C:\Images [2012.03.03 19:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.03.03 18:59:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ICQ [2012.03.03 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2012.03.03 18:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012.03.03 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira [2012.03.03 18:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.03.03 18:43:21 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.03.03 18:43:21 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.03.03 18:43:21 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.03.03 18:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.03.03 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.03.03 18:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.03.03 18:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.03.03 18:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta [2012.03.03 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.03.03 18:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.03.03 17:38:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Skype [2012.03.03 17:38:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.03 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Opera [2012.03.03 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Opera [2012.03.03 17:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.03.03 17:27:04 | 000,000,000 | ---D | C] -- C:\Games [2012.03.03 17:26:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\PMB Files [2012.03.03 17:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.03.03 17:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.03.03 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Adobe [2012.03.03 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Google [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.02 16:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.02 16:59:26 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys [2012.04.02 16:57:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 16:57:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 16:56:20 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.02 16:56:20 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.02 16:56:20 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.02 16:56:20 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.02 16:56:20 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.02 16:50:00 | 565,020,539 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.29 21:56:48 | 000,022,569 | ---- | M] () -- C:\Users\Christoph\Desktop\Logs.zip [2012.03.29 20:28:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.03.29 20:07:51 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.03.29 20:07:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.03.29 20:06:20 | 074,761,776 | ---- | M] () -- C:\Users\Christoph\Desktop\avast_free1426_antivirus_setup.exe [2012.03.29 19:43:51 | 000,115,610 | ---- | M] () -- C:\Users\Christoph\Desktop\cc_20120329_194337.reg [2012.03.29 19:37:22 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.29 19:37:02 | 003,645,304 | ---- | M] (Piriform Ltd) -- C:\Users\Christoph\Desktop\ccsetup317.exe [2012.03.29 17:33:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.28 23:03:50 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk [2012.03.27 23:07:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012.03.25 18:54:53 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk [2012.03.24 12:14:18 | 000,001,806 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.03.21 20:12:23 | 000,001,446 | ---- | M] () -- C:\Users\Christoph\Desktop\Creep Timer.lnk [2012.03.20 19:54:46 | 004,863,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.19 15:28:47 | 000,001,846 | ---- | M] () -- C:\Users\Christoph\Desktop\ICQ7.7.lnk [2012.03.16 15:34:00 | 000,000,034 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res [2012.03.15 21:45:22 | 016,886,781 | ---- | M] () -- C:\Users\Christoph\Desktop\kima23150312.pdf [2012.03.13 12:43:48 | 000,001,837 | ---- | M] () -- C:\Users\Christoph\Desktop\Spotify.lnk [2012.03.09 18:12:07 | 000,000,510 | ---- | M] () -- C:\Users\Christoph\vpnstandard.pcf [2012.03.09 18:11:04 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2012.03.09 18:10:15 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.03.07 01:19:04 | 008,679,466 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.03.07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.03.05 22:59:13 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.03.05 22:59:13 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.03.05 22:18:11 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.03.05 19:43:22 | 000,000,221 | ---- | M] () -- C:\Users\Christoph\Desktop\Frozen Synapse.url [2012.03.05 19:42:29 | 000,000,221 | ---- | M] () -- C:\Users\Christoph\Desktop\Braid.url [2012.03.05 14:29:16 | 000,000,222 | ---- | M] () -- C:\Users\Christoph\Desktop\Rayman Origins Demo.url [2012.03.05 14:13:18 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.03.05 12:38:30 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Crysis SP Demo.lnk [2012.03.04 01:53:45 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.03.04 01:53:45 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.03.03 20:11:05 | 000,007,598 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg [2012.03.03 19:55:06 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.03.03 19:55:06 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.03 18:56:05 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk [2012.03.03 18:43:23 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.03 18:21:45 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.03 18:14:39 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.03.03 17:38:31 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.03 17:31:16 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.02 16:50:00 | 565,020,539 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.03.29 21:56:02 | 000,022,569 | ---- | C] () -- C:\Users\Christoph\Desktop\Logs.zip [2012.03.29 20:07:51 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.03.29 20:07:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.03.29 20:05:38 | 074,761,776 | ---- | C] () -- C:\Users\Christoph\Desktop\avast_free1426_antivirus_setup.exe [2012.03.29 19:43:43 | 000,115,610 | ---- | C] () -- C:\Users\Christoph\Desktop\cc_20120329_194337.reg [2012.03.29 19:37:22 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.29 17:33:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.28 23:03:50 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk [2012.03.27 23:07:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012.03.27 13:32:31 | 000,054,054 | ---- | C] () -- C:\Users\Christoph\Desktop\deko.jpg [2012.03.25 18:54:53 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk [2012.03.25 18:37:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.25 02:29:48 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.03.24 12:14:18 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk [2012.03.21 20:12:23 | 000,001,446 | ---- | C] () -- C:\Users\Christoph\Desktop\Creep Timer.lnk [2012.03.20 17:04:32 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.03.19 15:28:47 | 000,001,846 | ---- | C] () -- C:\Users\Christoph\Desktop\ICQ7.7.lnk [2012.03.15 21:42:35 | 016,886,781 | ---- | C] () -- C:\Users\Christoph\Desktop\kima23150312.pdf [2012.03.15 11:36:15 | 000,000,034 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res [2012.03.13 12:43:48 | 000,001,837 | ---- | C] () -- C:\Users\Christoph\Desktop\Spotify.lnk [2012.03.13 12:43:48 | 000,001,823 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.03.11 20:09:50 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.09 18:12:07 | 000,000,510 | ---- | C] () -- C:\Users\Christoph\vpnstandard.pcf [2012.03.09 18:10:15 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.03.09 18:10:10 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2012.03.09 16:18:55 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2012.03.05 22:35:05 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.03.05 19:43:22 | 000,000,221 | ---- | C] () -- C:\Users\Christoph\Desktop\Frozen Synapse.url [2012.03.05 19:42:29 | 000,000,221 | ---- | C] () -- C:\Users\Christoph\Desktop\Braid.url [2012.03.05 19:29:46 | 008,679,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.05 14:29:16 | 000,000,222 | ---- | C] () -- C:\Users\Christoph\Desktop\Rayman Origins Demo.url [2012.03.05 14:13:18 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.03.05 12:38:30 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Crysis SP Demo.lnk [2012.03.03 20:32:30 | 002,497,985 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.03.03 20:11:05 | 000,007,598 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg [2012.03.03 19:55:06 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.03 18:56:05 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk [2012.03.03 18:43:23 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.03 18:21:45 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.03 18:10:03 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.03.03 17:38:31 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.03 17:31:16 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.03.03 17:31:16 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.03.15 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\10016 [2012.03.28 22:51:53 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation [2012.03.22 20:35:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Braid [2012.03.28 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite [2012.03.03 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon [2012.03.29 17:24:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ [2012.03.15 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\kock [2012.03.03 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient [2012.03.03 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Opera [2012.03.16 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client [2012.03.29 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Spotify [2012.03.05 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP [2012.03.16 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\UAs [2012.03.16 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xmldm [2009.07.14 07:08:49 | 000,027,740 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.15 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\10016 [2012.03.27 21:14:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Adobe [2012.03.03 18:48:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Avira [2012.03.28 22:51:53 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation [2012.03.22 20:35:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Braid [2012.03.28 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite [2012.03.03 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon [2012.03.29 17:24:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ [2012.03.03 16:58:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Identities [2012.03.03 16:59:08 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Intel Corporation [2012.03.15 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\kock [2012.03.03 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient [2011.09.29 18:09:51 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Macromedia [2012.03.29 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Media Center Programs [2012.03.11 13:26:57 | 000,000,000 | --SD | M] -- C:\Users\Christoph\AppData\Roaming\Microsoft [2012.03.11 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Mozilla [2012.03.05 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\NVIDIA [2012.03.03 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Opera [2012.03.05 22:18:12 | 000,000,000 | RH-D | M] -- C:\Users\Christoph\AppData\Roaming\SecuROM [2012.04.02 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Skype [2012.03.16 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client [2012.03.29 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Spotify [2012.03.05 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP [2012.03.16 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\UAs [2012.03.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\vlc [2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Winamp [2012.03.16 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2012.03.03 19:58:41 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2011.11.23 21:16:09 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christoph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.03.13 12:43:48 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\Christoph\AppData\Roaming\Spotify\spotify.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
02.04.2012, 19:47 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [SkypePM] C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell - "" = AutoRun O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell\AutoRun\command - "" = H:\Autorun.exe [2012.03.15 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\UAs [2012.03.15 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\10016 [2012.03.15 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xmldm [2012.03.15 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\kock :Files C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.04.2012, 10:31 | #9 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Vielen, vielen Dank für die Hilfe! Ihr leistet wirklich eine super Arbeit hier auf dem Board! Hier das Log nach dem Fix. Dass die SkypePM.exe nicht mehr gefunden wurde, liegt daran, dass sie kurz vorher schon - aus Versehen - von Antivir gelöscht wurde. Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-739523016-1728194525-3442210898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found. File H:\Autorun.exe not found. C:\Users\Christoph\AppData\Roaming\UAs folder moved successfully. C:\Users\Christoph\AppData\Roaming\10016\components folder moved successfully. C:\Users\Christoph\AppData\Roaming\10016 folder moved successfully. C:\Users\Christoph\AppData\Roaming\xmldm folder moved successfully. C:\Users\Christoph\AppData\Roaming\kock folder moved successfully. ========== FILES ========== File\Folder C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe not found. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Christoph ->Temp folder emptied: 497736447 bytes ->Temporary Internet Files folder emptied: 10670928 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 51445321 bytes ->Opera cache emptied: 9415188 bytes ->Flash cache emptied: 70347 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19382 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 54794079001 bytes Total Files Cleaned = 52.799,00 mb [EMPTYFLASH] User: All Users User: Christoph ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.2 log created on 04022012_211611 Files\Folders moved on Reboot... C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
04.04.2012, 12:38 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."Zitat:
Du hattest fast 53 GB in Temordnern Läuft der normale Modus nun wieder?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2012, 15:07 | #11 | |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."Zitat:
Der normale Modus läuft jetzt wieder. |
05.04.2012, 15:18 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Achso, das meiste war einfach nur im Papierkorb Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.04.2012, 12:00 | #13 |
| "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Nachdem ich über die Ostertage nicht zu Hause und entsprechend am Rechner war, hier jetzt das vom TDSS-Killer. Frohe Ostern übrigens, nachträglich. Code:
ATTFilter 12:53:34.0194 5656 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37 12:53:34.0245 5656 ============================================================ 12:53:34.0245 5656 Current date / time: 2012/04/10 12:53:34.0245 12:53:34.0245 5656 SystemInfo: 12:53:34.0245 5656 12:53:34.0245 5656 OS Version: 6.1.7601 ServicePack: 1.0 12:53:34.0245 5656 Product type: Workstation 12:53:34.0245 5656 ComputerName: CHRISTOPH-PC 12:53:34.0246 5656 UserName: Christoph 12:53:34.0246 5656 Windows directory: C:\Windows 12:53:34.0246 5656 System windows directory: C:\Windows 12:53:34.0246 5656 Running under WOW64 12:53:34.0246 5656 Processor architecture: Intel x64 12:53:34.0246 5656 Number of processors: 8 12:53:34.0246 5656 Page size: 0x1000 12:53:34.0246 5656 Boot type: Normal boot 12:53:34.0246 5656 ============================================================ 12:53:41.0596 5656 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:53:41.0606 5656 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:53:41.0615 5656 \Device\Harddisk0\DR0: 12:53:41.0615 5656 MBR used 12:53:41.0615 5656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:53:41.0615 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800 12:53:41.0615 5656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000 12:53:41.0615 5656 \Device\Harddisk1\DR1: 12:53:41.0615 5656 MBR used 12:53:41.0615 5656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 12:53:41.0733 5656 Initialize success 12:53:41.0733 5656 ============================================================ 12:54:37.0810 5224 ============================================================ 12:54:37.0810 5224 Scan started 12:54:37.0810 5224 Mode: Manual; SigCheck; TDLFS; 12:54:37.0810 5224 ============================================================ 12:54:38.0063 5224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:54:38.0157 5224 1394ohci - ok 12:54:38.0202 5224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:54:38.0217 5224 ACPI - ok 12:54:38.0243 5224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:54:38.0318 5224 AcpiPmi - ok 12:54:38.0432 5224 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:54:38.0441 5224 AdobeARMservice - ok 12:54:38.0533 5224 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:54:38.0540 5224 AdobeFlashPlayerUpdateSvc - ok 12:54:38.0620 5224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 12:54:38.0642 5224 adp94xx - ok 12:54:38.0693 5224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 12:54:38.0711 5224 adpahci - ok 12:54:38.0750 5224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 12:54:38.0765 5224 adpu320 - ok 12:54:38.0799 5224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:54:38.0951 5224 AeLookupSvc - ok 12:54:39.0005 5224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:54:39.0057 5224 AFD - ok 12:54:39.0093 5224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:54:39.0106 5224 agp440 - ok 12:54:39.0134 5224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:54:39.0192 5224 ALG - ok 12:54:39.0220 5224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:54:39.0231 5224 aliide - ok 12:54:39.0268 5224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:54:39.0277 5224 amdide - ok 12:54:39.0310 5224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 12:54:39.0342 5224 AmdK8 - ok 12:54:39.0373 5224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 12:54:39.0413 5224 AmdPPM - ok 12:54:39.0469 5224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:54:39.0483 5224 amdsata - ok 12:54:39.0533 5224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 12:54:39.0548 5224 amdsbs - ok 12:54:39.0575 5224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:54:39.0584 5224 amdxata - ok 12:54:39.0639 5224 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 12:54:39.0650 5224 AntiVirSchedulerService - ok 12:54:39.0669 5224 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 12:54:39.0679 5224 AntiVirService - ok 12:54:39.0741 5224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:54:39.0867 5224 AppID - ok 12:54:39.0895 5224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:54:39.0949 5224 AppIDSvc - ok 12:54:39.0989 5224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:54:40.0063 5224 Appinfo - ok 12:54:40.0118 5224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 12:54:40.0132 5224 arc - ok 12:54:40.0175 5224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 12:54:40.0185 5224 arcsas - ok 12:54:40.0234 5224 asmthub3 (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys 12:54:40.0314 5224 asmthub3 - ok 12:54:40.0363 5224 asmtxhci (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys 12:54:40.0425 5224 asmtxhci - ok 12:54:40.0466 5224 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys 12:54:40.0475 5224 aswMonFlt - ok 12:54:40.0508 5224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:54:40.0576 5224 AsyncMac - ok 12:54:40.0636 5224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:54:40.0649 5224 atapi - ok 12:54:40.0707 5224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:54:40.0778 5224 AudioEndpointBuilder - ok 12:54:40.0793 5224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:54:40.0817 5224 AudioSrv - ok 12:54:40.0863 5224 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 12:54:40.0868 5224 avast! Antivirus - ok 12:54:40.0906 5224 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 12:54:40.0911 5224 avgntflt - ok 12:54:40.0928 5224 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys 12:54:40.0933 5224 avipbb - ok 12:54:40.0947 5224 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 12:54:40.0951 5224 avkmgr - ok 12:54:40.0967 5224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:54:41.0079 5224 AxInstSV - ok 12:54:41.0130 5224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 12:54:41.0184 5224 b06bdrv - ok 12:54:41.0226 5224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:54:41.0267 5224 b57nd60a - ok 12:54:41.0318 5224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:54:41.0359 5224 BDESVC - ok 12:54:41.0373 5224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:54:41.0435 5224 Beep - ok 12:54:41.0535 5224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:54:41.0584 5224 BFE - ok 12:54:41.0652 5224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 12:54:41.0712 5224 BITS - ok 12:54:41.0767 5224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 12:54:41.0809 5224 blbdrive - ok 12:54:41.0858 5224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:54:41.0918 5224 bowser - ok 12:54:41.0941 5224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 12:54:41.0969 5224 BrFiltLo - ok 12:54:42.0013 5224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 12:54:42.0045 5224 BrFiltUp - ok 12:54:42.0104 5224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:54:42.0153 5224 Browser - ok 12:54:42.0214 5224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:54:42.0298 5224 Brserid - ok 12:54:42.0367 5224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:54:42.0398 5224 BrSerWdm - ok 12:54:42.0446 5224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:54:42.0475 5224 BrUsbMdm - ok 12:54:42.0523 5224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:54:42.0550 5224 BrUsbSer - ok 12:54:42.0594 5224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 12:54:42.0622 5224 BTHMODEM - ok 12:54:42.0675 5224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:54:42.0711 5224 bthserv - ok 12:54:42.0745 5224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:54:42.0809 5224 cdfs - ok 12:54:42.0857 5224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 12:54:42.0888 5224 cdrom - ok 12:54:42.0943 5224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:54:43.0062 5224 CertPropSvc - ok 12:54:43.0137 5224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 12:54:43.0171 5224 circlass - ok 12:54:43.0202 5224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:54:43.0214 5224 CLFS - ok 12:54:43.0282 5224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:54:43.0295 5224 clr_optimization_v2.0.50727_32 - ok 12:54:43.0339 5224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:54:43.0351 5224 clr_optimization_v2.0.50727_64 - ok 12:54:43.0419 5224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:54:43.0439 5224 clr_optimization_v4.0.30319_32 - ok 12:54:43.0461 5224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:54:43.0472 5224 clr_optimization_v4.0.30319_64 - ok 12:54:43.0521 5224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 12:54:43.0551 5224 CmBatt - ok 12:54:43.0595 5224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:54:43.0601 5224 cmdide - ok 12:54:43.0647 5224 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:54:43.0674 5224 CNG - ok 12:54:43.0696 5224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 12:54:43.0708 5224 Compbatt - ok 12:54:43.0744 5224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:54:43.0780 5224 CompositeBus - ok 12:54:43.0811 5224 COMSysApp - ok 12:54:43.0832 5224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 12:54:43.0843 5224 crcdisk - ok 12:54:43.0870 5224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 12:54:43.0935 5224 CryptSvc - ok 12:54:43.0988 5224 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 12:54:43.0997 5224 CVirtA - ok 12:54:44.0054 5224 CVPND (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 12:54:44.0084 5224 CVPND - ok 12:54:44.0117 5224 CVPNDRVA (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys 12:54:44.0131 5224 CVPNDRVA - ok 12:54:44.0163 5224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:54:44.0232 5224 DcomLaunch - ok 12:54:44.0258 5224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:54:44.0316 5224 defragsvc - ok 12:54:44.0348 5224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:54:44.0413 5224 DfsC - ok 12:54:44.0467 5224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:54:44.0522 5224 Dhcp - ok 12:54:44.0555 5224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:54:44.0605 5224 discache - ok 12:54:44.0655 5224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 12:54:44.0668 5224 Disk - ok 12:54:44.0705 5224 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 12:54:44.0714 5224 DNE - ok 12:54:44.0753 5224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:54:44.0801 5224 Dnscache - ok 12:54:44.0825 5224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:54:44.0881 5224 dot3svc - ok 12:54:44.0917 5224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:54:44.0981 5224 DPS - ok 12:54:45.0014 5224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:54:45.0050 5224 drmkaud - ok 12:54:45.0091 5224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:54:45.0113 5224 DXGKrnl - ok 12:54:45.0133 5224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:54:45.0184 5224 EapHost - ok 12:54:45.0278 5224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 12:54:45.0374 5224 ebdrv - ok 12:54:45.0432 5224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:54:45.0502 5224 EFS - ok 12:54:45.0559 5224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:54:45.0624 5224 ehRecvr - ok 12:54:45.0641 5224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:54:45.0686 5224 ehSched - ok 12:54:45.0752 5224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 12:54:45.0773 5224 elxstor - ok 12:54:45.0819 5224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:54:45.0854 5224 ErrDev - ok 12:54:45.0908 5224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:54:45.0968 5224 EventSystem - ok 12:54:46.0021 5224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:54:46.0070 5224 exfat - ok 12:54:46.0106 5224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:54:46.0173 5224 fastfat - ok 12:54:46.0241 5224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:54:46.0309 5224 Fax - ok 12:54:46.0335 5224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 12:54:46.0371 5224 fdc - ok 12:54:46.0406 5224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:54:46.0466 5224 fdPHost - ok 12:54:46.0510 5224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:54:46.0576 5224 FDResPub - ok 12:54:46.0610 5224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:54:46.0616 5224 FileInfo - ok 12:54:46.0630 5224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:54:46.0669 5224 Filetrace - ok 12:54:46.0709 5224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 12:54:46.0726 5224 flpydisk - ok 12:54:46.0768 5224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:54:46.0784 5224 FltMgr - ok 12:54:46.0818 5224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:54:46.0856 5224 FontCache - ok 12:54:46.0907 5224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:54:46.0913 5224 FontCache3.0.0.0 - ok 12:54:46.0938 5224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:54:46.0945 5224 FsDepends - ok 12:54:46.0971 5224 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 12:54:46.0976 5224 Fs_Rec - ok 12:54:46.0994 5224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:54:47.0004 5224 fvevol - ok 12:54:47.0019 5224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 12:54:47.0026 5224 gagp30kx - ok 12:54:47.0068 5224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:54:47.0113 5224 gpsvc - ok 12:54:47.0156 5224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:54:47.0173 5224 hcw85cir - ok 12:54:47.0213 5224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:54:47.0248 5224 HdAudAddService - ok 12:54:47.0297 5224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:54:47.0342 5224 HDAudBus - ok 12:54:47.0391 5224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 12:54:47.0425 5224 HidBatt - ok 12:54:47.0471 5224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 12:54:47.0501 5224 HidBth - ok 12:54:47.0544 5224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 12:54:47.0559 5224 HidIr - ok 12:54:47.0595 5224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 12:54:47.0644 5224 hidserv - ok 12:54:47.0687 5224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:54:47.0702 5224 HidUsb - ok 12:54:47.0723 5224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:54:47.0783 5224 hkmsvc - ok 12:54:47.0827 5224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:54:47.0883 5224 HomeGroupListener - ok 12:54:47.0898 5224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:54:47.0934 5224 HomeGroupProvider - ok 12:54:47.0984 5224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:54:47.0997 5224 HpSAMD - ok 12:54:48.0040 5224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:54:48.0114 5224 HTTP - ok 12:54:48.0148 5224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:54:48.0155 5224 hwpolicy - ok 12:54:48.0188 5224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 12:54:48.0202 5224 i8042prt - ok 12:54:48.0238 5224 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys 12:54:48.0256 5224 iaStor - ok 12:54:48.0338 5224 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 12:54:48.0346 5224 IAStorDataMgrSvc - ok 12:54:48.0376 5224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:54:48.0396 5224 iaStorV - ok 12:54:48.0479 5224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:54:48.0507 5224 idsvc - ok 12:54:48.0644 5224 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 12:54:48.0784 5224 igfx - ok 12:54:48.0822 5224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 12:54:48.0834 5224 iirsp - ok 12:54:48.0874 5224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:54:48.0937 5224 IKEEXT - ok 12:54:49.0032 5224 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys 12:54:49.0068 5224 IntcAzAudAddService - ok 12:54:49.0101 5224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:54:49.0108 5224 intelide - ok 12:54:49.0133 5224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:54:49.0157 5224 intelppm - ok 12:54:49.0199 5224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:54:49.0254 5224 IPBusEnum - ok 12:54:49.0296 5224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:54:49.0331 5224 IpFilterDriver - ok 12:54:49.0399 5224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:54:49.0451 5224 iphlpsvc - ok 12:54:49.0497 5224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:54:49.0523 5224 IPMIDRV - ok 12:54:49.0541 5224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:54:49.0585 5224 IPNAT - ok 12:54:49.0607 5224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:54:49.0643 5224 IRENUM - ok 12:54:49.0686 5224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:54:49.0697 5224 isapnp - ok 12:54:49.0736 5224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:54:49.0751 5224 iScsiPrt - ok 12:54:49.0780 5224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 12:54:49.0792 5224 kbdclass - ok 12:54:49.0806 5224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 12:54:49.0834 5224 kbdhid - ok 12:54:49.0876 5224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:54:49.0889 5224 KeyIso - ok 12:54:49.0904 5224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:54:49.0915 5224 KSecDD - ok 12:54:49.0937 5224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:54:49.0949 5224 KSecPkg - ok 12:54:49.0961 5224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:54:50.0011 5224 ksthunk - ok 12:54:50.0053 5224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:54:50.0106 5224 KtmRm - ok 12:54:50.0158 5224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 12:54:50.0220 5224 LanmanServer - ok 12:54:50.0256 5224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:54:50.0301 5224 LanmanWorkstation - ok 12:54:50.0348 5224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:54:50.0450 5224 lltdio - ok 12:54:50.0468 5224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:54:50.0512 5224 lltdsvc - ok 12:54:50.0533 5224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:54:50.0578 5224 lmhosts - ok 12:54:50.0673 5224 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:54:50.0687 5224 LMS - ok 12:54:50.0731 5224 LoopBeMidi1 (37efb026e1a8a79fbe7044a241281b3e) C:\Windows\system32\drivers\loopbe1.sys 12:54:50.0790 5224 LoopBeMidi1 - ok 12:54:50.0841 5224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 12:54:50.0855 5224 LSI_FC - ok 12:54:50.0878 5224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 12:54:50.0892 5224 LSI_SAS - ok 12:54:50.0926 5224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 12:54:50.0940 5224 LSI_SAS2 - ok 12:54:50.0971 5224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 12:54:50.0984 5224 LSI_SCSI - ok 12:54:51.0031 5224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:54:51.0074 5224 luafv - ok 12:54:51.0093 5224 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 12:54:51.0097 5224 MBAMProtector - ok 12:54:51.0149 5224 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:54:51.0170 5224 MBAMService - ok 12:54:51.0200 5224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:54:51.0225 5224 Mcx2Svc - ok 12:54:51.0243 5224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 12:54:51.0254 5224 megasas - ok 12:54:51.0304 5224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 12:54:51.0319 5224 MegaSR - ok 12:54:51.0362 5224 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys 12:54:51.0370 5224 MEIx64 - ok 12:54:51.0395 5224 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe 12:54:51.0402 5224 MemeoBackgroundService - ok 12:54:51.0425 5224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:54:51.0493 5224 MMCSS - ok 12:54:51.0553 5224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:54:51.0609 5224 Modem - ok 12:54:51.0641 5224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:54:51.0671 5224 monitor - ok 12:54:51.0724 5224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:54:51.0729 5224 mouclass - ok 12:54:51.0754 5224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:54:51.0777 5224 mouhid - ok 12:54:51.0812 5224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:54:51.0819 5224 mountmgr - ok 12:54:51.0872 5224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:54:51.0880 5224 mpio - ok 12:54:51.0896 5224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:54:51.0931 5224 mpsdrv - ok 12:54:51.0972 5224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:54:52.0011 5224 MpsSvc - ok 12:54:52.0060 5224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:54:52.0080 5224 MRxDAV - ok 12:54:52.0125 5224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:54:52.0169 5224 mrxsmb - ok 12:54:52.0189 5224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:54:52.0214 5224 mrxsmb10 - ok 12:54:52.0278 5224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:54:52.0305 5224 mrxsmb20 - ok 12:54:52.0339 5224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:54:52.0350 5224 msahci - ok 12:54:52.0389 5224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:54:52.0403 5224 msdsm - ok 12:54:52.0442 5224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:54:52.0452 5224 MSDTC - ok 12:54:52.0486 5224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:54:52.0526 5224 Msfs - ok 12:54:52.0611 5224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:54:52.0651 5224 mshidkmdf - ok 12:54:52.0699 5224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:54:52.0709 5224 msisadrv - ok 12:54:52.0743 5224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:54:52.0785 5224 MSiSCSI - ok 12:54:52.0791 5224 msiserver - ok 12:54:52.0847 5224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:54:52.0899 5224 MSKSSRV - ok 12:54:52.0908 5224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:54:52.0969 5224 MSPCLOCK - ok 12:54:53.0020 5224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:54:53.0057 5224 MSPQM - ok 12:54:53.0113 5224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:54:53.0132 5224 MsRPC - ok 12:54:53.0164 5224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:54:53.0173 5224 mssmbios - ok 12:54:53.0203 5224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:54:53.0235 5224 MSTEE - ok 12:54:53.0271 5224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 12:54:53.0310 5224 MTConfig - ok 12:54:53.0343 5224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:54:53.0354 5224 Mup - ok 12:54:53.0392 5224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:54:53.0447 5224 napagent - ok 12:54:53.0503 5224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:54:53.0546 5224 NativeWifiP - ok 12:54:53.0613 5224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:54:53.0639 5224 NDIS - ok 12:54:53.0683 5224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:54:53.0719 5224 NdisCap - ok 12:54:53.0753 5224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:54:53.0784 5224 NdisTapi - ok 12:54:53.0819 5224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:54:53.0867 5224 Ndisuio - ok 12:54:53.0902 5224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:54:53.0956 5224 NdisWan - ok 12:54:53.0976 5224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:54:54.0013 5224 NDProxy - ok 12:54:54.0066 5224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:54:54.0118 5224 NetBIOS - ok 12:54:54.0150 5224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:54:54.0193 5224 NetBT - ok 12:54:54.0249 5224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:54:54.0264 5224 Netlogon - ok 12:54:54.0294 5224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:54:54.0345 5224 Netman - ok 12:54:54.0384 5224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:54:54.0427 5224 netprofm - ok 12:54:54.0504 5224 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:54:54.0517 5224 NetTcpPortSharing - ok 12:54:54.0557 5224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 12:54:54.0570 5224 nfrd960 - ok 12:54:54.0602 5224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:54:54.0662 5224 NlaSvc - ok 12:54:54.0689 5224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:54:54.0732 5224 Npfs - ok 12:54:54.0745 5224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:54:54.0813 5224 nsi - ok 12:54:54.0837 5224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:54:54.0892 5224 nsiproxy - ok 12:54:54.0962 5224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:54:55.0014 5224 Ntfs - ok 12:54:55.0027 5224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:54:55.0065 5224 Null - ok 12:54:55.0120 5224 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys 12:54:55.0133 5224 NVHDA - ok 12:54:55.0316 5224 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:54:55.0444 5224 nvlddmkm - ok 12:54:55.0496 5224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:54:55.0510 5224 nvraid - ok 12:54:55.0548 5224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:54:55.0562 5224 nvstor - ok 12:54:55.0617 5224 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe 12:54:55.0643 5224 nvsvc - ok 12:54:55.0726 5224 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:54:55.0761 5224 nvUpdatusService - ok 12:54:55.0800 5224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:54:55.0808 5224 nv_agp - ok 12:54:55.0877 5224 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:54:55.0896 5224 odserv - ok 12:54:55.0939 5224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:54:55.0961 5224 ohci1394 - ok 12:54:56.0011 5224 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:54:56.0023 5224 ose - ok 12:54:56.0054 5224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:54:56.0110 5224 p2pimsvc - ok 12:54:56.0134 5224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:54:56.0165 5224 p2psvc - ok 12:54:56.0222 5224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 12:54:56.0248 5224 Parport - ok 12:54:56.0275 5224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 12:54:56.0285 5224 partmgr - ok 12:54:56.0304 5224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:54:56.0341 5224 PcaSvc - ok 12:54:56.0400 5224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:54:56.0414 5224 pci - ok 12:54:56.0453 5224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:54:56.0463 5224 pciide - ok 12:54:56.0488 5224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 12:54:56.0500 5224 pcmcia - ok 12:54:56.0526 5224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:54:56.0535 5224 pcw - ok 12:54:56.0571 5224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:54:56.0606 5224 PEAUTH - ok 12:54:56.0653 5224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:54:56.0681 5224 PerfHost - ok 12:54:56.0762 5224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:54:56.0861 5224 pla - ok 12:54:56.0932 5224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:54:56.0975 5224 PlugPlay - ok 12:54:56.0989 5224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:54:57.0009 5224 PNRPAutoReg - ok 12:54:57.0042 5224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:54:57.0051 5224 PNRPsvc - ok 12:54:57.0093 5224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:54:57.0126 5224 PolicyAgent - ok 12:54:57.0171 5224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:54:57.0193 5224 Power - ok 12:54:57.0236 5224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:54:57.0289 5224 PptpMiniport - ok 12:54:57.0323 5224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 12:54:57.0343 5224 Processor - ok 12:54:57.0383 5224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 12:54:57.0418 5224 ProfSvc - ok 12:54:57.0471 5224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:54:57.0485 5224 ProtectedStorage - ok 12:54:57.0523 5224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:54:57.0582 5224 Psched - ok 12:54:57.0664 5224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 12:54:57.0719 5224 ql2300 - ok 12:54:57.0745 5224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 12:54:57.0757 5224 ql40xx - ok 12:54:57.0791 5224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:54:57.0812 5224 QWAVE - ok 12:54:57.0875 5224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:54:57.0911 5224 QWAVEdrv - ok 12:54:57.0926 5224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:54:57.0973 5224 RasAcd - ok 12:54:58.0015 5224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:54:58.0074 5224 RasAgileVpn - ok 12:54:58.0108 5224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:54:58.0161 5224 RasAuto - ok 12:54:58.0192 5224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:54:58.0247 5224 Rasl2tp - ok 12:54:58.0287 5224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:54:58.0323 5224 RasMan - ok 12:54:58.0352 5224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:54:58.0400 5224 RasPppoe - ok 12:54:58.0461 5224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:54:58.0512 5224 RasSstp - ok 12:54:58.0549 5224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:54:58.0598 5224 rdbss - ok 12:54:58.0636 5224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 12:54:58.0665 5224 rdpbus - ok 12:54:58.0716 5224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:54:58.0780 5224 RDPCDD - ok 12:54:58.0814 5224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:54:58.0869 5224 RDPENCDD - ok 12:54:58.0913 5224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:54:58.0968 5224 RDPREFMP - ok 12:54:59.0015 5224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 12:54:59.0061 5224 RDPWD - ok 12:54:59.0090 5224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:54:59.0105 5224 rdyboost - ok 12:54:59.0129 5224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:54:59.0184 5224 RemoteAccess - ok 12:54:59.0225 5224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:54:59.0285 5224 RemoteRegistry - ok 12:54:59.0316 5224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:54:59.0384 5224 RpcEptMapper - ok 12:54:59.0396 5224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:54:59.0420 5224 RpcLocator - ok 12:54:59.0454 5224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:54:59.0477 5224 RpcSs - ok 12:54:59.0501 5224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:54:59.0536 5224 rspndr - ok 12:54:59.0596 5224 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 12:54:59.0614 5224 RTL8167 - ok 12:54:59.0671 5224 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys 12:54:59.0695 5224 RTL8192su - ok 12:54:59.0733 5224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:54:59.0745 5224 SamSs - ok 12:54:59.0771 5224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:54:59.0781 5224 sbp2port - ok 12:54:59.0805 5224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:54:59.0837 5224 SCardSvr - ok 12:54:59.0855 5224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:54:59.0889 5224 scfilter - ok 12:54:59.0934 5224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:54:59.0996 5224 Schedule - ok 12:55:00.0032 5224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:55:00.0053 5224 SCPolicySvc - ok 12:55:00.0066 5224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:55:00.0111 5224 SDRSVC - ok 12:55:00.0137 5224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:55:00.0195 5224 secdrv - ok 12:55:00.0229 5224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:55:00.0269 5224 seclogon - ok 12:55:00.0305 5224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 12:55:00.0373 5224 SENS - ok 12:55:00.0412 5224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:55:00.0477 5224 SensrSvc - ok 12:55:00.0511 5224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 12:55:00.0538 5224 Serenum - ok 12:55:00.0587 5224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 12:55:00.0606 5224 Serial - ok 12:55:00.0646 5224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 12:55:00.0680 5224 sermouse - ok 12:55:00.0721 5224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:55:00.0783 5224 SessionEnv - ok 12:55:00.0818 5224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:55:00.0863 5224 sffdisk - ok 12:55:00.0898 5224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:55:00.0915 5224 sffp_mmc - ok 12:55:00.0950 5224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:55:00.0967 5224 sffp_sd - ok 12:55:00.0987 5224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 12:55:01.0017 5224 sfloppy - ok 12:55:01.0058 5224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:55:01.0124 5224 SharedAccess - ok 12:55:01.0161 5224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:55:01.0215 5224 ShellHWDetection - ok 12:55:01.0266 5224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 12:55:01.0276 5224 SiSRaid2 - ok 12:55:01.0297 5224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 12:55:01.0310 5224 SiSRaid4 - ok 12:55:01.0376 5224 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe 12:55:01.0387 5224 SkypeUpdate - ok 12:55:01.0417 5224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:55:01.0458 5224 Smb - ok 12:55:01.0505 5224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:55:01.0534 5224 SNMPTRAP - ok 12:55:01.0570 5224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:55:01.0579 5224 spldr - ok 12:55:01.0616 5224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:55:01.0663 5224 Spooler - ok 12:55:01.0724 5224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:55:01.0831 5224 sppsvc - ok 12:55:01.0877 5224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:55:01.0936 5224 sppuinotify - ok 12:55:02.0000 5224 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys 12:55:02.0021 5224 sptd - ok 12:55:02.0058 5224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:55:02.0124 5224 srv - ok 12:55:02.0172 5224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:55:02.0202 5224 srv2 - ok 12:55:02.0253 5224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:55:02.0288 5224 srvnet - ok 12:55:02.0333 5224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:55:02.0380 5224 SSDPSRV - ok 12:55:02.0408 5224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:55:02.0469 5224 SstpSvc - ok 12:55:02.0557 5224 Steam Client Service - ok 12:55:02.0585 5224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 12:55:02.0597 5224 stexstor - ok 12:55:02.0635 5224 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:55:02.0682 5224 stisvc - ok 12:55:02.0739 5224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:55:02.0749 5224 swenum - ok 12:55:02.0801 5224 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 12:55:02.0833 5224 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 12:55:02.0833 5224 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 12:55:02.0872 5224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:55:02.0924 5224 swprv - ok 12:55:02.0973 5224 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:55:03.0048 5224 SysMain - ok 12:55:03.0076 5224 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:55:03.0107 5224 TabletInputService - ok 12:55:03.0119 5224 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:55:03.0162 5224 TapiSrv - ok 12:55:03.0180 5224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:55:03.0209 5224 TBS - ok 12:55:03.0282 5224 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 12:55:03.0348 5224 Tcpip - ok 12:55:03.0386 5224 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 12:55:03.0410 5224 TCPIP6 - ok 12:55:03.0432 5224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:55:03.0476 5224 tcpipreg - ok 12:55:03.0496 5224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:55:03.0510 5224 TDPIPE - ok 12:55:03.0551 5224 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:55:03.0564 5224 TDTCP - ok 12:55:03.0582 5224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:55:03.0639 5224 tdx - ok 12:55:03.0685 5224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:55:03.0696 5224 TermDD - ok 12:55:03.0728 5224 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:55:03.0797 5224 TermService - ok 12:55:03.0832 5224 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:55:03.0842 5224 Themes - ok 12:55:03.0868 5224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:55:03.0889 5224 THREADORDER - ok 12:55:03.0910 5224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:55:03.0951 5224 TrkWks - ok 12:55:03.0993 5224 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:55:04.0054 5224 TrustedInstaller - ok 12:55:04.0101 5224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:55:04.0150 5224 tssecsrv - ok 12:55:04.0207 5224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:55:04.0230 5224 TsUsbFlt - ok 12:55:04.0280 5224 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 12:55:04.0295 5224 TsUsbGD - ok 12:55:04.0325 5224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:55:04.0364 5224 tunnel - ok 12:55:04.0406 5224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 12:55:04.0413 5224 uagp35 - ok 12:55:04.0437 5224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:55:04.0484 5224 udfs - ok 12:55:04.0517 5224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:55:04.0545 5224 UI0Detect - ok 12:55:04.0594 5224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:55:04.0601 5224 uliagpkx - ok 12:55:04.0633 5224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 12:55:04.0659 5224 umbus - ok 12:55:04.0708 5224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 12:55:04.0727 5224 UmPass - ok 12:55:04.0831 5224 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 12:55:04.0859 5224 UNS - ok 12:55:04.0878 5224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:55:04.0922 5224 upnphost - ok 12:55:04.0957 5224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:55:05.0009 5224 usbccgp - ok 12:55:05.0039 5224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:55:05.0072 5224 usbcir - ok 12:55:05.0106 5224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:55:05.0147 5224 usbehci - ok 12:55:05.0191 5224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys 12:55:05.0206 5224 usbhub - ok 12:55:05.0224 5224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:55:05.0234 5224 usbohci - ok 12:55:05.0254 5224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 12:55:05.0266 5224 usbprint - ok 12:55:05.0292 5224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:55:05.0343 5224 USBSTOR - ok 12:55:05.0367 5224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:55:05.0397 5224 usbuhci - ok 12:55:05.0427 5224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:55:05.0464 5224 UxSms - ok 12:55:05.0501 5224 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:55:05.0514 5224 VaultSvc - ok 12:55:05.0552 5224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:55:05.0562 5224 vdrvroot - ok 12:55:05.0586 5224 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:55:05.0628 5224 vds - ok 12:55:05.0664 5224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:55:05.0679 5224 vga - ok 12:55:05.0702 5224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:55:05.0756 5224 VgaSave - ok 12:55:05.0776 5224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:55:05.0788 5224 vhdmp - ok 12:55:05.0817 5224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:55:05.0826 5224 viaide - ok 12:55:05.0855 5224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:55:05.0866 5224 volmgr - ok 12:55:05.0882 5224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:55:05.0897 5224 volmgrx - ok 12:55:05.0917 5224 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:55:05.0931 5224 volsnap - ok 12:55:05.0969 5224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 12:55:05.0980 5224 vsmraid - ok 12:55:06.0028 5224 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:55:06.0100 5224 VSS - ok 12:55:06.0130 5224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:55:06.0155 5224 vwifibus - ok 12:55:06.0197 5224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:55:06.0235 5224 vwififlt - ok 12:55:06.0271 5224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:55:06.0318 5224 W32Time - ok 12:55:06.0348 5224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 12:55:06.0377 5224 WacomPen - ok 12:55:06.0419 5224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:55:06.0463 5224 WANARP - ok 12:55:06.0467 5224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:55:06.0491 5224 Wanarpv6 - ok 12:55:06.0521 5224 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:55:06.0595 5224 wbengine - ok 12:55:06.0609 5224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:55:06.0635 5224 WbioSrvc - ok 12:55:06.0663 5224 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:55:06.0698 5224 wcncsvc - ok 12:55:06.0722 5224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:55:06.0775 5224 WcsPlugInService - ok 12:55:06.0835 5224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 12:55:06.0846 5224 Wd - ok 12:55:06.0883 5224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:55:06.0908 5224 Wdf01000 - ok 12:55:06.0931 5224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:55:07.0029 5224 WdiServiceHost - ok 12:55:07.0034 5224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:55:07.0056 5224 WdiSystemHost - ok 12:55:07.0070 5224 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:55:07.0099 5224 WebClient - ok 12:55:07.0157 5224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:55:07.0210 5224 Wecsvc - ok 12:55:07.0238 5224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:55:07.0303 5224 wercplsupport - ok 12:55:07.0328 5224 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:55:07.0373 5224 WerSvc - ok 12:55:07.0445 5224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:55:07.0485 5224 WfpLwf - ok 12:55:07.0508 5224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:55:07.0514 5224 WIMMount - ok 12:55:07.0547 5224 WinDefend - ok 12:55:07.0552 5224 WinHttpAutoProxySvc - ok 12:55:07.0608 5224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:55:07.0665 5224 Winmgmt - ok 12:55:07.0714 5224 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:55:07.0770 5224 WinRM - ok 12:55:07.0796 5224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:55:07.0833 5224 Wlansvc - ok 12:55:07.0959 5224 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:55:08.0021 5224 wlidsvc - ok 12:55:08.0061 5224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:55:08.0092 5224 WmiAcpi - ok 12:55:08.0146 5224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:55:08.0178 5224 wmiApSrv - ok 12:55:08.0220 5224 WMPNetworkSvc - ok 12:55:08.0243 5224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:55:08.0260 5224 WPCSvc - ok 12:55:08.0284 5224 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:55:08.0301 5224 WPDBusEnum - ok 12:55:08.0329 5224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:55:08.0382 5224 ws2ifsl - ok 12:55:08.0402 5224 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 12:55:08.0412 5224 wscsvc - ok 12:55:08.0419 5224 WSearch - ok 12:55:08.0471 5224 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys 12:55:08.0483 5224 wsvd - ok 12:55:08.0548 5224 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:55:08.0640 5224 wuauserv - ok 12:55:08.0655 5224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:55:08.0717 5224 WudfPf - ok 12:55:08.0775 5224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:55:08.0834 5224 WUDFRd - ok 12:55:08.0847 5224 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:55:08.0881 5224 wudfsvc - ok 12:55:08.0896 5224 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:55:08.0928 5224 WwanSvc - ok 12:55:08.0991 5224 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 12:55:09.0040 5224 xusb21 - ok 12:55:09.0061 5224 MBR (0x1B8) (753ca1d394f3c0855134963d7361060f) \Device\Harddisk0\DR0 12:55:10.0650 5224 \Device\Harddisk0\DR0 - ok 12:55:10.0662 5224 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 12:55:10.0729 5224 \Device\Harddisk1\DR1 - ok 12:55:10.0774 5224 Boot (0x1200) (49df074e379c006b0de23721b7b16ffc) \Device\Harddisk0\DR0\Partition0 12:55:10.0777 5224 \Device\Harddisk0\DR0\Partition0 - ok 12:55:10.0785 5224 Boot (0x1200) (84a99c6efe08312ba4741a1e93351767) \Device\Harddisk0\DR0\Partition1 12:55:10.0787 5224 \Device\Harddisk0\DR0\Partition1 - ok 12:55:10.0819 5224 Boot (0x1200) (58406c8e820a09c1c6874e5051dea4a1) \Device\Harddisk0\DR0\Partition2 12:55:10.0821 5224 \Device\Harddisk0\DR0\Partition2 - ok 12:55:10.0823 5224 Boot (0x1200) (4984e8a6737fb69f8d5b985cd4c1e553) \Device\Harddisk1\DR1\Partition0 12:55:10.0825 5224 \Device\Harddisk1\DR1\Partition0 - ok 12:55:10.0825 5224 ============================================================ 12:55:10.0825 5224 Scan finished 12:55:10.0825 5224 ============================================================ 12:55:10.0835 5624 Detected object count: 1 12:55:10.0835 5624 Actual detected object count: 1 12:58:45.0652 5624 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 12:58:45.0652 5624 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:58:49.0397 5628 Deinitialize success |
10.04.2012, 14:00 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." |
abgesicherte, abgesicherten, achtung, anti-malware, antivir, befinden, dateien, erstell, erstellt, extras, funde, gestartet, hilfesuche, home, malwarebytes, meldung, modus, nicht mehr, ratlos, seitdem, service, stunde, stunden, warnmeldung, wirklich |