Mystart Incredibar Entfernen

Darksim · 17.09.2012, 19:57

Hallo, ich habe mir letztenseinen Virus eingefangen der die Incrediabar Toolbar auf meinem Browser installiert hat. Nachdem ich diese wieder deinstalliert hatte und in der config bei firefox einige einträge zurückgesetzt hatte blieb dies aber unverändert. Auch Anleitungen im internet brachten keine Abhilfe und, obwohl mein PC wieder schneller wurde, öffnet sich weiterhin nach jedem Firefox neustart dieselbe Seite (mystart.incredibar.com/mb178?a=6R8FfOnDai&loc=FF_NT) im neuen tab.
Auch ein Scan mit Malwarebytes Anti-Malware brachte kein Ergebnis.
Hier der Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

17.09.2012 19:07:03
mbam-log-2012-09-17 (19-07-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373666
Laufzeit: 54 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Außerdem habe ich noch mit AdwCleaner eine Scan durchgeführt:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/17/2012 um 20:53:56 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Thomas\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6R8FfOnDai&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Gefunden : user_pref("extensions.asktb.cbid", "^ABX");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2012.08.09+07.25.29-toolbar004iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbm[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.de/search?ie=UTF-8&q=");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "0f5b9c7b-8023-49d2-a87f-02354540f2cd");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1347897736365");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Amsterdam,Netherlands");
Gefunden : user_pref("extensions.asktb.notification-shown", true);
Gefunden : user_pref("extensions.asktb.o", "APN10399");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "C6657277-7012-452B-AA63-AAF669D511BC");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "09.08.2012 16:28:13");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.4.100015");
Gefunden : user_pref("extensions.asktb.version", "5.15.4.23930");
Gefunden : user_pref("extensions.enabledAddons", "ich@maltegoetz.de:1.4.3,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10643");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "2394E35D54D76C188054D5D60A9E236D");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "bad7ad420000000000001caff709ff69");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15598");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "1");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.incredibar.upn2", "6R8FfOnDai");
Gefunden : user_pref("extensions.incredibar.upn2n", "92825061086530786");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "bad7ad420000000000001caff709ff69");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15598");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8FfOnDai&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6R8FfOnDai");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92825061086530786");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10399&loc[...]

*************************

AdwCleaner[R1].txt - [12249 octets] - [17/09/2012 18:59:43]
AdwCleaner[R2].txt - [12197 octets] - [17/09/2012 20:53:56]

########## EOF - C:\AdwCleaner[R2].txt - [12258 octets] ##########

Nachdem ich ein wenig das Forum durchstöbert hatte, fand ich verschiedene Einträge bei denne aber immer von individuellen Fällen ausgegangen wurde, weshalb ich ein neues Thema eröffnet habe. Ich hoffe mir kann jemand dabei helfen, danke im voraus

cosinus · 18.09.2012, 08:41

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Darksim · 19.09.2012, 15:18

So hier ist der neue Log:

Code:

ATTFilter

 # AdwCleaner v2.002 - Datei am 09/19/2012 um 16:15:16 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Thomas\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6R8FfOnDai&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Gefunden : user_pref("extensions.asktb.cbid", "^ABX");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2012.08.09+07.25.29-toolbar004iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbm[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.de/search?ie=UTF-8&q=");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "0f5b9c7b-8023-49d2-a87f-02354540f2cd");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1348063997809");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Amsterdam,Netherlands");
Gefunden : user_pref("extensions.asktb.notification-shown", true);
Gefunden : user_pref("extensions.asktb.o", "APN10399");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "C6657277-7012-452B-AA63-AAF669D511BC");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "09.08.2012 16:28:13");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.4.100015");
Gefunden : user_pref("extensions.asktb.version", "5.15.4.23930");
Gefunden : user_pref("extensions.enabledAddons", "ich@maltegoetz.de:1.4.3,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10643");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "2394E35D54D76C188054D5D60A9E236D");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "bad7ad420000000000001caff709ff69");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15598");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "1");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.incredibar.upn2", "6R8FfOnDai");
Gefunden : user_pref("extensions.incredibar.upn2n", "92825061086530786");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "bad7ad420000000000001caff709ff69");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15598");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8FfOnDai&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6R8FfOnDai");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92825061086530786");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:39");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10399&loc[...]

*************************

AdwCleaner[R1].txt - [12249 octets] - [17/09/2012 18:59:43]
AdwCleaner[R2].txt - [12310 octets] - [17/09/2012 20:53:56]
AdwCleaner[R3].txt - [12393 octets] - [19/09/2012 16:15:16]

########## EOF - C:\AdwCleaner[R3].txt - [12454 octets] ##########

Danke für die schnelle Antwort.

cosinus · 19.09.2012, 16:24

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Darksim · 20.09.2012, 14:12

hier der Log

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/20/2012 um 15:07:04 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\prefs.js

C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\a7vlbri9.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6R8FfOnDai&loc=FF_NT");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Gelöscht : user_pref("extensions.asktb.cbid", "^ABX");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.08.09+07.25.29-toolbar004iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbm[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.de/search?ie=UTF-8&q=");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "0f5b9c7b-8023-49d2-a87f-02354540f2cd");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1348063997809");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Amsterdam,Netherlands");
Gelöscht : user_pref("extensions.asktb.notification-shown", true);
Gelöscht : user_pref("extensions.asktb.o", "APN10399");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "C6657277-7012-452B-AA63-AAF669D511BC");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "09.08.2012 16:28:13");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.4.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.4.23930");
Gelöscht : user_pref("extensions.enabledAddons", "ich@maltegoetz.de:1.4.3,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7[...]
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10643");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "2394E35D54D76C188054D5D60A9E236D");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "bad7ad420000000000001caff709ff69");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15598");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:56:39");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "1");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.incredibar.upn2", "6R8FfOnDai");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92825061086530786");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:56:39");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "bad7ad420000000000001caff709ff69");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15598");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8FfOnDai&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8FfOnDai");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92825061086530786");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:39");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10399&loc[...]

*************************

AdwCleaner[R1].txt - [12249 octets] - [17/09/2012 18:59:43]
AdwCleaner[R2].txt - [12310 octets] - [17/09/2012 20:53:56]
AdwCleaner[R3].txt - [12506 octets] - [19/09/2012 16:15:16]
AdwCleaner[R4].txt - [12519 octets] - [20/09/2012 15:05:51]
AdwCleaner[S1].txt - [12835 octets] - [20/09/2012 15:07:04]

########## EOF - C:\AdwCleaner[S1].txt - [12896 octets] ##########

cosinus · 20.09.2012, 19:36

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Darksim · 22.09.2012, 18:05

So beim ESET Scan kam folgendes heraus:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=24b9f12ba91dd543beb1d8edeba61069
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-22 04:58:42
# local_time=2012-09-22 06:58:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22378009 22378009 0 0
# compatibility_mode=5893 16776573 100 94 429380 99956071 0 0
# compatibility_mode=8192 67108863 100 0 213 213 0 0
# scanned=168665
# found=3
# cleaned=0
# scan_time=6901
C:\$Recycle.Bin\S-1-5-21-1755549282-211735427-1290128872-1000\$RZVXOFZ.zip	a variant of Android/Adware.Leadbolt.B application (unable to clean)	00000000000000000000000000000000	I
D:\$RECYCLE.BIN\S-1-5-21-1755549282-211735427-1290128872-1000\$R8F7QE4.exe	a variant of Win32/Somoto.A application (unable to clean)	00000000000000000000000000000000	I
D:\Eigene Dateien\Eigene Dokumente\Software\Smartphone\Themes\Go_Launcher_Theme_Pack.zip	a variant of Android/Adware.Leadbolt.B application (unable to clean)	00000000000000000000000000000000	I

cosinus · 22.09.2012, 20:43

Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

Darksim · 23.09.2012, 18:19

Also zum ersten: Ich hatte bis jetzt keine Probleme beim normalen Betrieb von Windows. Es sind soweit ich das beurteilen kann keine Störungen oder ähnliches aufgetreten.
2.Bei den Programmen konnte ich ebenfalls keine Unregelmäßigkeiten feststellen, alles scheint an Ort und Stelle zu sein.
3. Leider lässt sich weiterhin die browser.newtab.url nicht dauerhaft ändern. Trotz Zurücksetzten wird sie immer wieder in mystart.incredibar geändert.

cosinus · 23.09.2012, 19:21

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Darksim · 23.09.2012, 20:34

So hier ist der Log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.09.2012 21:02:01 - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,73 Gb Available Physical Memory | 78,79% Memory free
12,00 Gb Paging File | 10,61 Gb Available in Paging File | 88,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 185,55 Gb Total Space | 93,00 Gb Free Space | 50,12% Space Free | Partition Type: NTFS
Drive D: | 280,21 Gb Total Space | 178,86 Gb Free Space | 63,83% Space Free | Partition Type: NTFS
Drive H: | 14,91 Gb Total Space | 12,57 Gb Free Space | 84,30% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.23 21:00:38 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2012.08.08 16:26:38 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 14:49:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 20:09:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.08 20:09:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:09:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.09.18 18:02:30 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
PRC - [2009.08.21 10:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.07 19:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll
MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.08 17:15:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.15 14:49:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 20:09:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.08 20:09:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:09:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 20:09:00 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:09:00 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.26 16:00:21 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.26 15:27:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:02 | 000,032,536 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010.12.14 05:54:12 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.08.05 22:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008.11.04 20:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\..\SearchScopes\{F7882CF2-EB98-4FEB-8C78-59C8E4CCDFCD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=0f5b9c7b-8023-49d2-a87f-02354540f2cd&apn_sauid=C6657277-7012-452B-AA63-AAF669D511BC
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.17 18:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.18 21:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.07 18:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2012.01.07 18:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.20 15:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\a7vlbri9.default\extensions
[2012.05.18 19:18:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\a7vlbri9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.20 15:58:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\a7vlbri9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.15 16:34:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\a7vlbri9.default\extensions\ich@maltegoetz.de
[2012.07.26 16:33:58 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\a7vlbri9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.07 19:03:37 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\a7vlbri9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.04.01 14:55:23 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\a7vlbri9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.09.17 17:20:39 | 000,002,112 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\a7vlbri9.default\searchplugins\wot-safe-search.xml
[2012.09.17 18:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 15:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.17 17:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.09.17 17:42:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.17 18:04:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.17 18:04:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 18:04:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.17 18:04:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.17 18:04:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.17 18:04:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.17 18:04:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\Set Point\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2094A5-3C45-4160-AB68-AFE5A73DFA94}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 17:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.22 16:59:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe
[2012.09.17 18:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.17 18:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.16 00:40:15 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.09.16 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.09.16 00:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.16 00:15:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.16 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.15 17:13:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\mcpatcher
[2012.09.07 15:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.06 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\LogMeIn Hamachi
[2012.09.06 16:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.06 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2012.08.30 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\No23 Recorder
[2012.08.25 15:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2012.08.25 15:02:03 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Thomas\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Thomas\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Thomas\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Thomas\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 21:06:16 | 000,019,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 21:06:16 | 000,019,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 21:03:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.23 21:03:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.23 21:03:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.23 21:03:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.23 21:03:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.23 21:00:38 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.09.23 20:59:33 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{7A2094A5-3C45-4160-AB68-AFE5A73DFA94}
[2012.09.23 20:59:33 | 000,003,284 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\ANIWZCS{7A2094A5-3C45-4160-AB68-AFE5A73DFA94}
[2012.09.23 20:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.23 20:58:45 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 16:59:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe
[2012.09.22 16:57:32 | 000,001,371 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.09.19 16:38:55 | 000,712,349 | ---- | M] () -- C:\Users\Thomas\Desktop\Studienplan Medizin Physik Baechlor.png
[2012.09.19 16:35:51 | 000,571,031 | ---- | M] () -- C:\Users\Thomas\Desktop\Modulhandbuch_Bachelor_120829.pdf
[2012.09.19 16:33:36 | 000,544,164 | ---- | M] () -- C:\Users\Thomas\Desktop\Studienplan_MSc_MedPhys_2012_08_16.pdf
[2012.09.19 16:14:48 | 000,512,737 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2012.09.17 20:39:14 | 000,013,851 | ---- | M] () -- C:\Users\Thomas\Desktop\FireFox.lnk
[2012.09.15 13:04:20 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.15 13:04:20 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.15 13:03:22 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.09 19:17:17 | 391,731,839 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.30 17:56:08 | 000,001,494 | ---- | M] () -- C:\Users\Thomas\AppData\Local\RecConfig.xml
[2012.08.25 15:25:08 | 000,000,337 | ---- | M] () -- C:\Windows\cdplayer.ini
 
========== Files Created - No Company Name ==========
 
[2012.09.22 16:57:32 | 000,001,371 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.09.19 16:38:55 | 000,712,349 | ---- | C] () -- C:\Users\Thomas\Desktop\Studienplan Medizin Physik Baechlor.png
[2012.09.19 16:35:51 | 000,571,031 | ---- | C] () -- C:\Users\Thomas\Desktop\Modulhandbuch_Bachelor_120829.pdf
[2012.09.19 16:33:36 | 000,544,164 | ---- | C] () -- C:\Users\Thomas\Desktop\Studienplan_MSc_MedPhys_2012_08_16.pdf
[2012.09.17 20:39:14 | 000,013,851 | ---- | C] () -- C:\Users\Thomas\Desktop\FireFox.lnk
[2012.09.16 00:36:58 | 000,512,737 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2012.08.30 17:47:00 | 000,001,494 | ---- | C] () -- C:\Users\Thomas\AppData\Local\RecConfig.xml
[2012.08.25 15:21:42 | 000,000,337 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.08.12 14:41:37 | 000,004,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.30 14:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.03 04:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.03.17 15:10:09 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.17 15:10:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.17 15:09:57 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2012.03.13 19:24:34 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.09 19:27:09 | 000,007,603 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2012.01.07 17:53:38 | 000,003,284 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\ANIWZCS{7A2094A5-3C45-4160-AB68-AFE5A73DFA94}
[2012.01.07 17:53:02 | 000,000,280 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\ANICONFIG_{7A2094A5-3C45-4160-AB68-AFE5A73DFA94}.ini
[2012.01.07 17:52:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012.01.07 17:52:33 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012.01.07 17:52:33 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012.01.07 17:52:33 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012.01.07 17:52:32 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012.01.07 17:52:20 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012.01.07 17:51:58 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012.01.07 17:51:57 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012.01.07 17:51:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012.01.07 17:51:08 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\rt73.bin
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Thomas\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Thomas\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Thomas\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.15 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\.minecraft
[2012.09.03 20:26:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Audacity
[2012.03.17 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2012.01.07 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
[2012.01.08 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.08.12 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2012.01.07 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2012.04.26 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TrueCrypt
[2012.09.06 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client
[2012.04.24 15:42:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.15 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\.minecraft
[2012.01.26 20:02:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Adobe
[2012.01.26 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Apple Computer
[2012.09.03 20:26:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Audacity
[2012.01.07 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Avira
[2012.03.13 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Corel
[2012.03.17 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2012.07.22 19:53:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\dvdcss
[2012.01.07 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Identities
[2012.01.07 17:50:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InstallShield
[2012.01.07 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
[2012.01.07 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Logishrd
[2012.01.07 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Logitech
[2012.01.07 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Macromedia
[2012.09.16 00:16:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Media Center Programs
[2012.08.12 16:12:47 | 000,000,000 | --SD | M] -- C:\Users\Thomas\AppData\Roaming\Microsoft
[2012.01.07 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mozilla
[2012.01.09 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\NVIDIA
[2012.01.08 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.08.12 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2012.01.07 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2012.04.26 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TrueCrypt
[2012.09.06 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client
[2012.04.24 15:42:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ts3overlay
[2012.09.19 18:26:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\vlc
[2012.01.08 23:34:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WinRAR
[2012.07.24 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2012.09.15 17:13:13 | 000,270,142 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\.minecraft\Minecraft.exe
[2012.08.30 17:39:39 | 000,003,262 | R--- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2012.08.30 17:39:39 | 000,010,134 | R--- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2012.01.07 18:24:15 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---
[/code]

cosinus · 24.09.2012, 13:04

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-1755549282-211735427-1290128872-1000\..\SearchScopes\{F7882CF2-EB98-4FEB-8C78-59C8E4CCDFCD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=0f5b9c7b-8023-49d2-a87f-02354540f2cd&apn_sauid=C6657277-7012-452B-AA63-AAF669D511BC
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Darksim · 24.09.2012, 20:05

Hier ist der neue Log nach dem Fix:

Code:

ATTFilter

 ll processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1755549282-211735427-1290128872-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F7882CF2-EB98-4FEB-8C78-59C8E4CCDFCD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7882CF2-EB98-4FEB-8C78-59C8E4CCDFCD}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Thomas
->Temp folder emptied: 1249959436 bytes
->Temporary Internet Files folder emptied: 190643357 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 106763063 bytes
->Flash cache emptied: 30855 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174740645 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 7304317357 bytes
 
Total Files Cleaned = 8.608,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.66.0 log created on 09242012_205304

Files\Folders moved on Reboot...
C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 25.09.2012, 09:59

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Darksim · 25.09.2012, 16:24

Hier ist der Log vom tdss-killer, es gab keine Meldungen.

Code:

ATTFilter

17:20:55.0979 2452  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:20:56.0057 2452  ============================================================
17:20:56.0057 2452  Current date / time: 2012/09/25 17:20:56.0057
17:20:56.0057 2452  SystemInfo:
17:20:56.0057 2452  
17:20:56.0057 2452  OS Version: 6.1.7601 ServicePack: 1.0
17:20:56.0057 2452  Product type: Workstation
17:20:56.0057 2452  ComputerName: THOMAS-PC
17:20:56.0057 2452  UserName: Thomas
17:20:56.0057 2452  Windows directory: C:\Windows
17:20:56.0057 2452  System windows directory: C:\Windows
17:20:56.0057 2452  Running under WOW64
17:20:56.0057 2452  Processor architecture: Intel x64
17:20:56.0057 2452  Number of processors: 2
17:20:56.0057 2452  Page size: 0x1000
17:20:56.0057 2452  Boot type: Normal boot
17:20:56.0057 2452  ============================================================
17:20:57.0024 2452  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:57.0024 2452  Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:20:57.0040 2452  ============================================================
17:20:57.0040 2452  \Device\Harddisk0\DR0:
17:20:57.0040 2452  MBR partitions:
17:20:57.0040 2452  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x17318000
17:20:57.0040 2452  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17318800, BlocksNum 0x2306C000
17:20:57.0040 2452  \Device\Harddisk1\DR1:
17:20:57.0040 2452  MBR partitions:
17:20:57.0040 2452  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
17:20:57.0040 2452  ============================================================
17:20:57.0071 2452  C: <-> \Device\Harddisk0\DR0\Partition1
17:20:57.0102 2452  D: <-> \Device\Harddisk0\DR0\Partition2
17:20:57.0102 2452  ============================================================
17:20:57.0102 2452  Initialize success
17:20:57.0102 2452  ============================================================
17:21:50.0158 3152  ============================================================
17:21:50.0158 3152  Scan started
17:21:50.0158 3152  Mode: Manual; SigCheck; TDLFS; 
17:21:50.0158 3152  ============================================================
17:21:50.0626 3152  ================ Scan system memory ========================
17:21:50.0626 3152  System memory - ok
17:21:50.0626 3152  ================ Scan services =============================
17:21:50.0751 3152  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:21:50.0860 3152  1394ohci - ok
17:21:50.0891 3152  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:21:50.0907 3152  ACPI - ok
17:21:50.0938 3152  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:21:51.0000 3152  AcpiPmi - ok
17:21:51.0125 3152  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:21:51.0125 3152  AdobeARMservice - ok
17:21:51.0172 3152  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:51.0188 3152  adp94xx - ok
17:21:51.0234 3152  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:21:51.0250 3152  adpahci - ok
17:21:51.0266 3152  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:21:51.0266 3152  adpu320 - ok
17:21:51.0312 3152  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:21:51.0406 3152  AeLookupSvc - ok
17:21:51.0468 3152  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:21:51.0500 3152  AFD - ok
17:21:51.0546 3152  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:21:51.0562 3152  agp440 - ok
17:21:51.0578 3152  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:21:51.0640 3152  ALG - ok
17:21:51.0656 3152  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:21:51.0671 3152  aliide - ok
17:21:51.0687 3152  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:21:51.0702 3152  amdide - ok
17:21:51.0718 3152  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:21:51.0796 3152  AmdK8 - ok
17:21:51.0796 3152  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:21:51.0827 3152  AmdPPM - ok
17:21:51.0874 3152  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:21:51.0890 3152  amdsata - ok
17:21:51.0905 3152  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:51.0921 3152  amdsbs - ok
17:21:51.0936 3152  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:21:51.0936 3152  amdxata - ok
17:21:51.0968 3152  ANIWConnService - ok
17:21:51.0999 3152  [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf         C:\Windows\system32\DRIVERS\anodlwfx.sys
17:21:52.0061 3152  anodlwf - ok
17:21:52.0326 3152  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:21:52.0326 3152  AntiVirSchedulerService - ok
17:21:52.0358 3152  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:21:52.0358 3152  AntiVirService - ok
17:21:52.0451 3152  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:21:52.0467 3152  AntiVirWebService - ok
17:21:52.0498 3152  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:21:52.0638 3152  AppID - ok
17:21:52.0670 3152  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:21:52.0716 3152  AppIDSvc - ok
17:21:52.0763 3152  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:21:52.0810 3152  Appinfo - ok
17:21:52.0872 3152  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:21:52.0904 3152  AppMgmt - ok
17:21:52.0935 3152  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:21:52.0950 3152  arc - ok
17:21:52.0966 3152  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:21:52.0982 3152  arcsas - ok
17:21:53.0013 3152  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:53.0075 3152  AsyncMac - ok
17:21:53.0106 3152  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:21:53.0122 3152  atapi - ok
17:21:53.0169 3152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:21:53.0247 3152  AudioEndpointBuilder - ok
17:21:53.0278 3152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:21:53.0309 3152  AudioSrv - ok
17:21:53.0340 3152  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:21:53.0496 3152  avgntflt - ok
17:21:53.0528 3152  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:21:53.0543 3152  avipbb - ok
17:21:53.0559 3152  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:21:53.0559 3152  avkmgr - ok
17:21:53.0621 3152  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:21:53.0699 3152  AxInstSV - ok
17:21:53.0762 3152  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:53.0808 3152  b06bdrv - ok
17:21:53.0855 3152  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:53.0902 3152  b57nd60a - ok
17:21:53.0964 3152  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:21:53.0996 3152  BDESVC - ok
17:21:54.0011 3152  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:21:54.0074 3152  Beep - ok
17:21:54.0152 3152  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:21:54.0198 3152  BFE - ok
17:21:54.0245 3152  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:21:54.0308 3152  BITS - ok
17:21:54.0339 3152  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:54.0354 3152  blbdrive - ok
17:21:54.0386 3152  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:21:54.0432 3152  bowser - ok
17:21:54.0432 3152  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:54.0526 3152  BrFiltLo - ok
17:21:54.0526 3152  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:54.0542 3152  BrFiltUp - ok
17:21:54.0588 3152  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:21:54.0620 3152  Browser - ok
17:21:54.0635 3152  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:21:54.0666 3152  Brserid - ok
17:21:54.0682 3152  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:54.0698 3152  BrSerWdm - ok
17:21:54.0698 3152  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:54.0744 3152  BrUsbMdm - ok
17:21:54.0760 3152  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:54.0776 3152  BrUsbSer - ok
17:21:54.0791 3152  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:54.0822 3152  BTHMODEM - ok
17:21:54.0885 3152  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:21:54.0932 3152  bthserv - ok
17:21:54.0947 3152  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:21:54.0994 3152  cdfs - ok
17:21:55.0041 3152  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:21:55.0056 3152  cdrom - ok
17:21:55.0119 3152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:21:55.0181 3152  CertPropSvc - ok
17:21:55.0212 3152  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:21:55.0244 3152  circlass - ok
17:21:55.0275 3152  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:21:55.0306 3152  CLFS - ok
17:21:55.0353 3152  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:55.0368 3152  clr_optimization_v2.0.50727_32 - ok
17:21:55.0415 3152  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:21:55.0431 3152  clr_optimization_v2.0.50727_64 - ok
17:21:55.0524 3152  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:55.0540 3152  clr_optimization_v4.0.30319_32 - ok
17:21:55.0556 3152  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:21:55.0571 3152  clr_optimization_v4.0.30319_64 - ok
17:21:55.0602 3152  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:55.0618 3152  CmBatt - ok
17:21:55.0665 3152  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:21:55.0680 3152  cmdide - ok
17:21:55.0712 3152  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:21:55.0758 3152  CNG - ok
17:21:55.0774 3152  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:21:55.0790 3152  Compbatt - ok
17:21:55.0852 3152  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:21:55.0868 3152  CompositeBus - ok
17:21:55.0883 3152  COMSysApp - ok
17:21:55.0914 3152  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:55.0930 3152  crcdisk - ok
17:21:55.0961 3152  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:21:56.0024 3152  CryptSvc - ok
17:21:56.0055 3152  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
17:21:56.0117 3152  CSC - ok
17:21:56.0164 3152  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
17:21:56.0195 3152  CscService - ok
17:21:56.0226 3152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:21:56.0289 3152  DcomLaunch - ok
17:21:56.0336 3152  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:21:56.0367 3152  defragsvc - ok
17:21:56.0382 3152  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:21:56.0460 3152  DfsC - ok
17:21:56.0538 3152  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
17:21:56.0538 3152  dg_ssudbus - ok
17:21:56.0585 3152  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:21:56.0648 3152  Dhcp - ok
17:21:56.0694 3152  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:21:56.0726 3152  discache - ok
17:21:56.0788 3152  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:21:56.0788 3152  Disk - ok
17:21:56.0835 3152  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:21:56.0882 3152  Dnscache - ok
17:21:56.0928 3152  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:21:56.0975 3152  dot3svc - ok
17:21:56.0991 3152  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:21:57.0038 3152  DPS - ok
17:21:57.0100 3152  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:21:57.0116 3152  drmkaud - ok
17:21:57.0162 3152  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:21:57.0162 3152  dtsoftbus01 - ok
17:21:57.0225 3152  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:21:57.0240 3152  DXGKrnl - ok
17:21:57.0272 3152  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:21:57.0365 3152  EapHost - ok
17:21:57.0428 3152  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:21:57.0521 3152  ebdrv - ok
17:21:57.0552 3152  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:21:57.0615 3152  EFS - ok
17:21:57.0677 3152  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:21:57.0724 3152  ehRecvr - ok
17:21:57.0755 3152  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:21:57.0786 3152  ehSched - ok
17:21:57.0818 3152  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:21:57.0833 3152  elxstor - ok
17:21:57.0864 3152  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:21:57.0896 3152  ErrDev - ok
17:21:57.0927 3152  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:21:57.0974 3152  EventSystem - ok
17:21:57.0989 3152  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:21:58.0020 3152  exfat - ok
17:21:58.0036 3152  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:21:58.0083 3152  fastfat - ok
17:21:58.0130 3152  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:21:58.0176 3152  Fax - ok
17:21:58.0208 3152  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:21:58.0223 3152  fdc - ok
17:21:58.0239 3152  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:21:58.0286 3152  fdPHost - ok
17:21:58.0301 3152  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:21:58.0348 3152  FDResPub - ok
17:21:58.0348 3152  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:21:58.0364 3152  FileInfo - ok
17:21:58.0379 3152  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:21:58.0426 3152  Filetrace - ok
17:21:58.0442 3152  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:58.0442 3152  flpydisk - ok
17:21:58.0488 3152  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:21:58.0504 3152  FltMgr - ok
17:21:58.0566 3152  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:21:58.0598 3152  FontCache - ok
17:21:58.0660 3152  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:21:58.0660 3152  FontCache3.0.0.0 - ok
17:21:58.0691 3152  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:21:58.0691 3152  FsDepends - ok
17:21:58.0738 3152  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:21:58.0738 3152  Fs_Rec - ok
17:21:58.0785 3152  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:21:58.0800 3152  fvevol - ok
17:21:58.0832 3152  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:58.0847 3152  gagp30kx - ok
17:21:58.0894 3152  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:21:58.0941 3152  gpsvc - ok
17:21:58.0988 3152  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
17:21:59.0003 3152  hamachi - ok
17:21:59.0112 3152  [ 024225D3C3018D030EE229521F1AEE4E ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:21:59.0159 3152  Hamachi2Svc - ok
17:21:59.0175 3152  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:21:59.0237 3152  hcw85cir - ok
17:21:59.0284 3152  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:21:59.0300 3152  HdAudAddService - ok
17:21:59.0331 3152  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:21:59.0346 3152  HDAudBus - ok
17:21:59.0362 3152  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:59.0393 3152  HidBatt - ok
17:21:59.0393 3152  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:21:59.0409 3152  HidBth - ok
17:21:59.0424 3152  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:21:59.0424 3152  HidIr - ok
17:21:59.0471 3152  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:21:59.0518 3152  hidserv - ok
17:21:59.0565 3152  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:21:59.0596 3152  HidUsb - ok
17:21:59.0627 3152  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:21:59.0690 3152  hkmsvc - ok
17:21:59.0721 3152  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:21:59.0752 3152  HomeGroupListener - ok
17:21:59.0783 3152  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:21:59.0799 3152  HomeGroupProvider - ok
17:21:59.0830 3152  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:21:59.0846 3152  HpSAMD - ok
17:21:59.0892 3152  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:21:59.0955 3152  HTTP - ok
17:21:59.0986 3152  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:22:00.0002 3152  hwpolicy - ok
17:22:00.0033 3152  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:22:00.0048 3152  i8042prt - ok
17:22:00.0080 3152  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:22:00.0095 3152  iaStorV - ok
17:22:00.0158 3152  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:00.0173 3152  idsvc - ok
17:22:00.0220 3152  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:22:00.0236 3152  iirsp - ok
17:22:00.0267 3152  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:22:00.0314 3152  IKEEXT - ok
17:22:00.0423 3152  [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:22:00.0470 3152  IntcAzAudAddService - ok
17:22:00.0485 3152  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:22:00.0501 3152  intelide - ok
17:22:00.0516 3152  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:22:00.0532 3152  intelppm - ok
17:22:00.0563 3152  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:22:00.0594 3152  IPBusEnum - ok
17:22:00.0626 3152  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:00.0688 3152  IpFilterDriver - ok
17:22:00.0719 3152  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:22:00.0782 3152  iphlpsvc - ok
17:22:00.0813 3152  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:22:00.0828 3152  IPMIDRV - ok
17:22:00.0860 3152  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:22:00.0891 3152  IPNAT - ok
17:22:00.0938 3152  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:22:00.0969 3152  IRENUM - ok
17:22:00.0984 3152  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:22:01.0000 3152  isapnp - ok
17:22:01.0031 3152  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:22:01.0047 3152  iScsiPrt - ok
17:22:01.0109 3152  [ DB85FE8D6CBAA2047CB4DA1B2C193D76 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
17:22:01.0140 3152  JRAID - ok
17:22:01.0156 3152  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:01.0172 3152  kbdclass - ok
17:22:01.0203 3152  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:01.0218 3152  kbdhid - ok
17:22:01.0234 3152  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:22:01.0250 3152  KeyIso - ok
17:22:01.0281 3152  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:22:01.0296 3152  KSecDD - ok
17:22:01.0312 3152  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:22:01.0328 3152  KSecPkg - ok
17:22:01.0359 3152  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:22:01.0390 3152  ksthunk - ok
17:22:01.0437 3152  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:22:01.0484 3152  KtmRm - ok
17:22:01.0530 3152  [ 7D80A55B6D0C2A54728158E846F4696D ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
17:22:01.0546 3152  L8042Kbd - ok
17:22:01.0577 3152  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:22:01.0624 3152  LanmanServer - ok
17:22:01.0655 3152  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:22:01.0702 3152  LanmanWorkstation - ok
17:22:01.0827 3152  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:22:01.0842 3152  LBTServ - ok
17:22:01.0874 3152  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:22:01.0889 3152  LHidFilt - ok
17:22:01.0905 3152  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:22:01.0967 3152  lltdio - ok
17:22:01.0998 3152  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:22:02.0030 3152  lltdsvc - ok
17:22:02.0045 3152  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:22:02.0076 3152  lmhosts - ok
17:22:02.0108 3152  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:22:02.0123 3152  LMouFilt - ok
17:22:02.0170 3152  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:02.0186 3152  LSI_FC - ok
17:22:02.0201 3152  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:02.0201 3152  LSI_SAS - ok
17:22:02.0217 3152  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:02.0232 3152  LSI_SAS2 - ok
17:22:02.0248 3152  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:02.0264 3152  LSI_SCSI - ok
17:22:02.0295 3152  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:22:02.0326 3152  luafv - ok
17:22:02.0357 3152  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:22:02.0451 3152  Mcx2Svc - ok
17:22:02.0482 3152  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:22:02.0482 3152  megasas - ok
17:22:02.0544 3152  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:02.0607 3152  MegaSR - ok
17:22:02.0685 3152  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:22:02.0732 3152  MMCSS - ok
17:22:02.0747 3152  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:22:02.0778 3152  Modem - ok
17:22:02.0810 3152  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:22:02.0841 3152  monitor - ok
17:22:02.0888 3152  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:22:02.0903 3152  mouclass - ok
17:22:02.0919 3152  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:22:02.0934 3152  mouhid - ok
17:22:02.0966 3152  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:22:02.0966 3152  mountmgr - ok
17:22:02.0997 3152  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:22:03.0012 3152  mpio - ok
17:22:03.0012 3152  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:22:03.0044 3152  mpsdrv - ok
17:22:03.0090 3152  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:22:03.0122 3152  MpsSvc - ok
17:22:03.0153 3152  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:22:03.0184 3152  MRxDAV - ok
17:22:03.0215 3152  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:03.0246 3152  mrxsmb - ok
17:22:03.0278 3152  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:03.0293 3152  mrxsmb10 - ok
17:22:03.0324 3152  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:03.0340 3152  mrxsmb20 - ok
17:22:03.0356 3152  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:22:03.0371 3152  msahci - ok
17:22:03.0402 3152  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:22:03.0418 3152  msdsm - ok
17:22:03.0434 3152  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:22:03.0449 3152  MSDTC - ok
17:22:03.0449 3152  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:22:03.0480 3152  Msfs - ok
17:22:03.0496 3152  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:22:03.0543 3152  mshidkmdf - ok
17:22:03.0574 3152  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:22:03.0590 3152  msisadrv - ok
17:22:03.0636 3152  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:22:03.0683 3152  MSiSCSI - ok
17:22:03.0699 3152  msiserver - ok
17:22:03.0714 3152  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:22:03.0761 3152  MSKSSRV - ok
17:22:03.0761 3152  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:03.0824 3152  MSPCLOCK - ok
17:22:03.0824 3152  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:22:03.0870 3152  MSPQM - ok
17:22:03.0902 3152  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:22:03.0917 3152  MsRPC - ok
17:22:03.0933 3152  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:22:03.0948 3152  mssmbios - ok
17:22:03.0948 3152  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:22:03.0995 3152  MSTEE - ok
17:22:03.0995 3152  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:04.0011 3152  MTConfig - ok
17:22:04.0042 3152  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:22:04.0058 3152  Mup - ok
17:22:04.0104 3152  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:22:04.0136 3152  napagent - ok
17:22:04.0182 3152  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:22:04.0214 3152  NativeWifiP - ok
17:22:04.0276 3152  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:22:04.0307 3152  NDIS - ok
17:22:04.0323 3152  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:04.0370 3152  NdisCap - ok
17:22:04.0385 3152  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:04.0416 3152  NdisTapi - ok
17:22:04.0463 3152  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:04.0494 3152  Ndisuio - ok
17:22:04.0541 3152  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:04.0588 3152  NdisWan - ok
17:22:04.0619 3152  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:22:04.0666 3152  NDProxy - ok
17:22:04.0666 3152  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:22:04.0713 3152  NetBIOS - ok
17:22:04.0728 3152  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:22:04.0791 3152  NetBT - ok
17:22:04.0806 3152  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:22:04.0806 3152  Netlogon - ok
17:22:04.0869 3152  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:22:04.0916 3152  Netman - ok
17:22:04.0947 3152  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:22:04.0994 3152  netprofm - ok
17:22:05.0056 3152  [ 26672F93749AC9FD28DA1B0F94EFA78D ] netr28ux        C:\Windows\system32\DRIVERS\Dnetr28ux.sys
17:22:05.0087 3152  netr28ux - ok
17:22:05.0118 3152  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:05.0134 3152  NetTcpPortSharing - ok
17:22:05.0181 3152  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:05.0181 3152  nfrd960 - ok
17:22:05.0228 3152  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:22:05.0259 3152  NlaSvc - ok
17:22:05.0290 3152  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:22:05.0306 3152  Npfs - ok
17:22:05.0337 3152  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:22:05.0368 3152  nsi - ok
17:22:05.0384 3152  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:22:05.0430 3152  nsiproxy - ok
17:22:05.0477 3152  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:22:05.0540 3152  Ntfs - ok
17:22:05.0555 3152  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:22:05.0602 3152  Null - ok
17:22:05.0883 3152  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:06.0054 3152  nvlddmkm - ok
17:22:06.0086 3152  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:22:06.0101 3152  nvraid - ok
17:22:06.0117 3152  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:22:06.0132 3152  nvstor - ok
17:22:06.0179 3152  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:22:06.0195 3152  nvsvc - ok
17:22:06.0413 3152  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:22:06.0460 3152  nvUpdatusService - ok
17:22:06.0491 3152  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:22:06.0507 3152  nv_agp - ok
17:22:06.0554 3152  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:22:06.0554 3152  ohci1394 - ok
17:22:06.0600 3152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:22:06.0647 3152  p2pimsvc - ok
17:22:06.0678 3152  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:22:06.0694 3152  p2psvc - ok
17:22:06.0710 3152  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:22:06.0725 3152  Parport - ok
17:22:06.0756 3152  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:22:06.0772 3152  partmgr - ok
17:22:06.0788 3152  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:22:06.0819 3152  PcaSvc - ok
17:22:06.0834 3152  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:22:06.0834 3152  pci - ok
17:22:06.0850 3152  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:22:06.0866 3152  pciide - ok
17:22:06.0881 3152  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:06.0897 3152  pcmcia - ok
17:22:06.0897 3152  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:22:06.0912 3152  pcw - ok
17:22:06.0959 3152  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:22:07.0006 3152  PEAUTH - ok
17:22:07.0053 3152  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:22:07.0115 3152  PeerDistSvc - ok
17:22:07.0193 3152  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:22:07.0209 3152  PerfHost - ok
17:22:07.0287 3152  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:22:07.0349 3152  pla - ok
17:22:07.0396 3152  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:22:07.0427 3152  PlugPlay - ok
17:22:07.0458 3152  PnkBstrA - ok
17:22:07.0490 3152  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:22:07.0521 3152  PNRPAutoReg - ok
17:22:07.0536 3152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:22:07.0552 3152  PNRPsvc - ok
17:22:07.0583 3152  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:22:07.0630 3152  PolicyAgent - ok
17:22:07.0677 3152  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:22:07.0724 3152  Power - ok
17:22:07.0802 3152  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:22:07.0848 3152  PptpMiniport - ok
17:22:07.0880 3152  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:22:07.0958 3152  Processor - ok
17:22:07.0989 3152  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:22:08.0036 3152  ProfSvc - ok
17:22:08.0051 3152  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:22:08.0067 3152  ProtectedStorage - ok
17:22:08.0114 3152  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:22:08.0160 3152  Psched - ok
17:22:08.0238 3152  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:22:08.0254 3152  PSI_SVC_2 - ok
17:22:08.0301 3152  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:22:08.0348 3152  ql2300 - ok
17:22:08.0363 3152  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:08.0379 3152  ql40xx - ok
17:22:08.0410 3152  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:22:08.0426 3152  QWAVE - ok
17:22:08.0441 3152  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:22:08.0488 3152  QWAVEdrv - ok
17:22:08.0504 3152  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:22:08.0535 3152  RasAcd - ok
17:22:08.0566 3152  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:08.0597 3152  RasAgileVpn - ok
17:22:08.0613 3152  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:22:08.0644 3152  RasAuto - ok
17:22:08.0675 3152  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:08.0706 3152  Rasl2tp - ok
17:22:08.0738 3152  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:22:08.0769 3152  RasMan - ok
17:22:08.0800 3152  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:08.0831 3152  RasPppoe - ok
17:22:08.0847 3152  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:22:08.0878 3152  RasSstp - ok
17:22:08.0909 3152  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:22:08.0940 3152  rdbss - ok
17:22:08.0956 3152  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:08.0972 3152  rdpbus - ok
17:22:08.0972 3152  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:09.0003 3152  RDPCDD - ok
17:22:09.0034 3152  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:22:09.0065 3152  RDPDR - ok
17:22:09.0081 3152  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:22:09.0128 3152  RDPENCDD - ok
17:22:09.0143 3152  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:22:09.0174 3152  RDPREFMP - ok
17:22:09.0206 3152  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:22:09.0252 3152  RDPWD - ok
17:22:09.0299 3152  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:22:09.0315 3152  rdyboost - ok
17:22:09.0362 3152  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:22:09.0408 3152  RemoteAccess - ok
17:22:09.0440 3152  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:22:09.0486 3152  RemoteRegistry - ok
17:22:09.0502 3152  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:22:09.0549 3152  RpcEptMapper - ok
17:22:09.0596 3152  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:22:09.0627 3152  RpcLocator - ok
17:22:09.0674 3152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:22:09.0705 3152  RpcSs - ok
17:22:09.0720 3152  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:22:09.0767 3152  rspndr - ok
17:22:09.0814 3152  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:22:09.0830 3152  RTL8167 - ok
17:22:09.0892 3152  [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
17:22:09.0923 3152  RtNdPt60 - ok
17:22:09.0954 3152  [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
17:22:09.0970 3152  RTTEAMPT - ok
17:22:09.0986 3152  [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
17:22:10.0001 3152  RTVLANPT - ok
17:22:10.0032 3152  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:22:10.0064 3152  s3cap - ok
17:22:10.0079 3152  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:22:10.0095 3152  SamSs - ok
17:22:10.0126 3152  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:22:10.0142 3152  sbp2port - ok
17:22:10.0188 3152  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:22:10.0251 3152  SCardSvr - ok
17:22:10.0282 3152  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:22:10.0329 3152  scfilter - ok
17:22:10.0376 3152  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:22:10.0438 3152  Schedule - ok
17:22:10.0469 3152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:22:10.0500 3152  SCPolicySvc - ok
17:22:10.0532 3152  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:22:10.0563 3152  SDRSVC - ok
17:22:10.0610 3152  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:22:10.0641 3152  secdrv - ok
17:22:10.0688 3152  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:22:10.0734 3152  seclogon - ok
17:22:10.0750 3152  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:22:10.0781 3152  SENS - ok
17:22:10.0797 3152  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:22:10.0828 3152  SensrSvc - ok
17:22:10.0844 3152  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:22:10.0859 3152  Serenum - ok
17:22:10.0875 3152  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:22:10.0906 3152  Serial - ok
17:22:10.0922 3152  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:22:10.0937 3152  sermouse - ok
17:22:10.0984 3152  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:22:11.0031 3152  SessionEnv - ok
17:22:11.0062 3152  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:22:11.0093 3152  sffdisk - ok
17:22:11.0109 3152  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:22:11.0109 3152  sffp_mmc - ok
17:22:11.0124 3152  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:22:11.0140 3152  sffp_sd - ok
17:22:11.0156 3152  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:11.0171 3152  sfloppy - ok
17:22:11.0202 3152  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:22:11.0234 3152  SharedAccess - ok
17:22:11.0280 3152  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:22:11.0327 3152  ShellHWDetection - ok
17:22:11.0343 3152  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:11.0358 3152  SiSRaid2 - ok
17:22:11.0358 3152  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:11.0374 3152  SiSRaid4 - ok
17:22:11.0390 3152  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:22:11.0421 3152  Smb - ok
17:22:11.0452 3152  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:22:11.0483 3152  SNMPTRAP - ok
17:22:11.0483 3152  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:22:11.0499 3152  spldr - ok
17:22:11.0546 3152  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:22:11.0592 3152  Spooler - ok
17:22:11.0686 3152  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:22:11.0795 3152  sppsvc - ok
17:22:11.0842 3152  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:22:11.0873 3152  sppuinotify - ok
17:22:11.0920 3152  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:22:11.0951 3152  srv - ok
17:22:11.0967 3152  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:22:11.0998 3152  srv2 - ok
17:22:12.0029 3152  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:22:12.0045 3152  srvnet - ok
17:22:12.0076 3152  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:22:12.0107 3152  SSDPSRV - ok
17:22:12.0107 3152  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:22:12.0138 3152  SstpSvc - ok
17:22:12.0185 3152  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
17:22:12.0232 3152  ssudmdm - ok
17:22:12.0279 3152  Steam Client Service - ok
17:22:12.0372 3152  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:22:12.0388 3152  Stereo Service - ok
17:22:12.0419 3152  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:22:12.0435 3152  stexstor - ok
17:22:12.0482 3152  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:22:12.0528 3152  stisvc - ok
17:22:12.0591 3152  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:22:12.0591 3152  storflt - ok
17:22:12.0638 3152  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
17:22:12.0669 3152  StorSvc - ok
17:22:12.0684 3152  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:22:12.0700 3152  storvsc - ok
17:22:12.0731 3152  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:22:12.0747 3152  swenum - ok
17:22:12.0778 3152  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:22:12.0825 3152  swprv - ok
17:22:12.0903 3152  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:22:12.0965 3152  SysMain - ok
17:22:13.0137 3152  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:22:13.0152 3152  TabletInputService - ok
17:22:13.0199 3152  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:22:13.0246 3152  TapiSrv - ok
17:22:13.0246 3152  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:22:13.0277 3152  TBS - ok
17:22:13.0340 3152  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:22:13.0386 3152  Tcpip - ok
17:22:13.0449 3152  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:22:13.0480 3152  TCPIP6 - ok
17:22:13.0511 3152  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:22:13.0558 3152  tcpipreg - ok
17:22:13.0589 3152  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:22:13.0620 3152  TDPIPE - ok
17:22:13.0652 3152  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:22:13.0667 3152  TDTCP - ok
17:22:13.0714 3152  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:22:13.0761 3152  tdx - ok
17:22:13.0792 3152  [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
17:22:13.0808 3152  TEAM - ok
17:22:13.0823 3152  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:22:13.0839 3152  TermDD - ok
17:22:13.0886 3152  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:22:13.0917 3152  TermService - ok
17:22:13.0932 3152  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:22:13.0964 3152  Themes - ok
17:22:13.0979 3152  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:22:14.0010 3152  THREADORDER - ok
17:22:14.0057 3152  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:22:14.0104 3152  TrkWks - ok
17:22:14.0151 3152  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
17:22:14.0166 3152  truecrypt - ok
17:22:14.0198 3152  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:22:14.0229 3152  TrustedInstaller - ok
17:22:14.0260 3152  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:14.0307 3152  tssecsrv - ok
17:22:14.0338 3152  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:22:14.0369 3152  TsUsbFlt - ok
17:22:14.0416 3152  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:22:14.0447 3152  tunnel - ok
17:22:14.0510 3152  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:22:14.0525 3152  uagp35 - ok
17:22:14.0556 3152  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:22:14.0588 3152  udfs - ok
17:22:14.0603 3152  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:22:14.0634 3152  UI0Detect - ok
17:22:14.0666 3152  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:22:14.0681 3152  uliagpkx - ok
17:22:14.0744 3152  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:22:14.0759 3152  umbus - ok
17:22:14.0759 3152  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:22:14.0775 3152  UmPass - ok
17:22:14.0822 3152  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
17:22:14.0837 3152  UmRdpService - ok
17:22:14.0853 3152  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:22:14.0900 3152  upnphost - ok
17:22:14.0931 3152  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:14.0962 3152  usbccgp - ok
17:22:15.0009 3152  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:22:15.0009 3152  usbcir - ok
17:22:15.0024 3152  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:22:15.0056 3152  usbehci - ok
17:22:15.0087 3152  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:22:15.0118 3152  usbhub - ok
17:22:15.0149 3152  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:22:15.0165 3152  usbohci - ok
17:22:15.0196 3152  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:22:15.0212 3152  usbprint - ok
17:22:15.0227 3152  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:15.0243 3152  USBSTOR - ok
17:22:15.0258 3152  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:22:15.0274 3152  usbuhci - ok
17:22:15.0321 3152  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:22:15.0336 3152  usbvideo - ok
17:22:15.0368 3152  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:22:15.0414 3152  UxSms - ok
17:22:15.0430 3152  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:22:15.0446 3152  VaultSvc - ok
17:22:15.0492 3152  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:22:15.0492 3152  vdrvroot - ok
17:22:15.0539 3152  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:22:15.0586 3152  vds - ok
17:22:15.0602 3152  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:15.0617 3152  vga - ok
17:22:15.0633 3152  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:22:15.0680 3152  VgaSave - ok
17:22:15.0680 3152  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:22:15.0695 3152  vhdmp - ok
17:22:15.0726 3152  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:22:15.0742 3152  viaide - ok
17:22:15.0758 3152  [ 8B6B42D782202363A562F82B0E13B1C0 ] VLAN            C:\Windows\system32\DRIVERS\RtVLAN60.sys
17:22:15.0758 3152  VLAN - ok
17:22:15.0804 3152  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:22:15.0820 3152  vmbus - ok
17:22:15.0851 3152  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:22:15.0867 3152  VMBusHID - ok
17:22:15.0882 3152  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:22:15.0882 3152  volmgr - ok
17:22:15.0929 3152  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:22:15.0945 3152  volmgrx - ok
17:22:15.0976 3152  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:22:15.0976 3152  volsnap - ok
17:22:15.0992 3152  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:16.0007 3152  vsmraid - ok
17:22:16.0070 3152  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:22:16.0132 3152  VSS - ok
17:22:16.0148 3152  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:22:16.0179 3152  vwifibus - ok
17:22:16.0179 3152  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:22:16.0194 3152  vwififlt - ok
17:22:16.0226 3152  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:22:16.0257 3152  vwifimp - ok
17:22:16.0304 3152  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:22:16.0335 3152  W32Time - ok
17:22:16.0335 3152  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:22:16.0366 3152  WacomPen - ok
17:22:16.0382 3152  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:22:16.0413 3152  WANARP - ok
17:22:16.0428 3152  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:22:16.0460 3152  Wanarpv6 - ok
17:22:16.0506 3152  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:22:16.0553 3152  wbengine - ok
17:22:16.0569 3152  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:22:16.0584 3152  WbioSrvc - ok
17:22:16.0631 3152  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:22:16.0662 3152  wcncsvc - ok
17:22:16.0694 3152  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:22:16.0709 3152  WcsPlugInService - ok
17:22:16.0725 3152  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:22:16.0740 3152  Wd - ok
17:22:16.0772 3152  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:22:16.0787 3152  Wdf01000 - ok
17:22:16.0803 3152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:22:16.0850 3152  WdiServiceHost - ok
17:22:16.0850 3152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:22:16.0865 3152  WdiSystemHost - ok
17:22:16.0912 3152  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:22:16.0959 3152  WebClient - ok
17:22:16.0974 3152  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:22:17.0021 3152  Wecsvc - ok
17:22:17.0021 3152  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:22:17.0068 3152  wercplsupport - ok
17:22:17.0099 3152  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:22:17.0130 3152  WerSvc - ok
17:22:17.0177 3152  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:17.0208 3152  WfpLwf - ok
17:22:17.0224 3152  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:22:17.0240 3152  WIMMount - ok
17:22:17.0255 3152  WinDefend - ok
17:22:17.0255 3152  WinHttpAutoProxySvc - ok
17:22:17.0318 3152  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:22:17.0349 3152  Winmgmt - ok
17:22:17.0411 3152  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:22:17.0505 3152  WinRM - ok
17:22:17.0567 3152  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:22:17.0583 3152  WinUsb - ok
17:22:17.0630 3152  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:22:17.0676 3152  Wlansvc - ok
17:22:17.0708 3152  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:22:17.0723 3152  WmiAcpi - ok
17:22:17.0770 3152  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:22:17.0801 3152  wmiApSrv - ok
17:22:17.0817 3152  WMPNetworkSvc - ok
17:22:17.0832 3152  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:22:17.0848 3152  WPCSvc - ok
17:22:17.0879 3152  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:22:17.0895 3152  WPDBusEnum - ok
17:22:17.0926 3152  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:22:17.0957 3152  ws2ifsl - ok
17:22:17.0973 3152  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:22:18.0004 3152  wscsvc - ok
17:22:18.0004 3152  WSearch - ok
17:22:18.0082 3152  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:22:18.0160 3152  wuauserv - ok
17:22:18.0191 3152  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:22:18.0238 3152  WudfPf - ok
17:22:18.0300 3152  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:18.0347 3152  WUDFRd - ok
17:22:18.0378 3152  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:22:18.0410 3152  wudfsvc - ok
17:22:18.0441 3152  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:22:18.0488 3152  WwanSvc - ok
17:22:18.0503 3152  ================ Scan global ===============================
17:22:18.0550 3152  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:22:18.0581 3152  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:22:18.0597 3152  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:22:18.0628 3152  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:22:18.0659 3152  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:22:18.0659 3152  [Global] - ok
17:22:18.0659 3152  ================ Scan MBR ==================================
17:22:18.0675 3152  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:22:18.0956 3152  \Device\Harddisk0\DR0 - ok
17:22:18.0956 3152  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:22:19.0049 3152  \Device\Harddisk1\DR1 - ok
17:22:19.0049 3152  ================ Scan VBR ==================================
17:22:19.0065 3152  [ F75C9CAB0627BEAA37526F705EE035E8 ] \Device\Harddisk0\DR0\Partition1
17:22:19.0065 3152  \Device\Harddisk0\DR0\Partition1 - ok
17:22:19.0096 3152  [ 010BD194D40F499BAD0AACC1A20F1DBC ] \Device\Harddisk0\DR0\Partition2
17:22:19.0096 3152  \Device\Harddisk0\DR0\Partition2 - ok
17:22:19.0112 3152  [ 24A374C3200F6EB597F7C9B3B70E4715 ] \Device\Harddisk1\DR1\Partition1
17:22:19.0112 3152  \Device\Harddisk1\DR1\Partition1 - ok
17:22:19.0112 3152  ============================================================
17:22:19.0112 3152  Scan finished
17:22:19.0112 3152  ============================================================
17:22:19.0127 3516  Detected object count: 0
17:22:19.0127 3516  Actual detected object count: 0