Geschwindigketseinbruch beim Browser

mppriest · 15.04.2013, 11:33

Hallo Leute,
surfen mit dem Opera ist nur noch mit viel Geduld möglich, die Seiten bauen sich extrem langsam bis gar nicht auf.
Daher hab ich Eure Schritte (hoffentlichg richtig) befolgt und hab hier nun drei Dateien, deren Inhalt ich nachfolgend schicke:

OTL:

OTL logfile created on: 15.04.2013 11:36:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toms-Win7-Rechner\Downloads\Diverse
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,62 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 65,16% Memory free
7,25 Gb Paging File | 5,94 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 38,03 Gb Free Space | 25,35% Space Free | Partition Type: NTFS
Drive E: | 128,00 Gb Total Space | 127,32 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive F: | 127,99 Gb Total Space | 3,46 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive G: | 337,76 Gb Total Space | 265,19 Gb Free Space | 78,51% Space Free | Partition Type: NTFS
Drive H: | 1735,02 Gb Total Space | 600,94 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive I: | 281,51 Gb Total Space | 276,90 Gb Free Space | 98,36% Space Free | Partition Type: NTFS
Drive J: | 500,00 Gb Total Space | 430,21 Gb Free Space | 86,04% Space Free | Partition Type: NTFS

Computer Name: TOMS-WIN7-RECHN | User Name: Toms-Win7-Rechner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.15 11:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toms-Win7-Rechner\Downloads\Diverse\OTL.exe
PRC - [2013.01.18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.31 21:41:34 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.17 13:38:49 | 000,874,896 | ---- | M] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.exe
PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:19 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.11.20 22:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009.12.04 08:48:54 | 001,728,512 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.13 22:03:13 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009.11.03 04:11:50 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 09:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 09:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 06:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll

========== Services (SafeList) ==========

SRV - [2013.03.29 20:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 22:03:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.31 21:41:34 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013.04.15 09:18:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.11.09 16:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.11.09 16:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.10.31 21:42:07 | 000,586,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.08.11 13:46:46 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.11.25 14:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DE8572-2898-4BD2-8130-B7CA96229F51}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.26 13:26:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.15 09:18:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.15 09:17:40 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Programs
[2013.04.15 09:06:17 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Malwarebytes
[2013.04.15 09:06:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.15 09:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 19:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.03 22:18:27 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Screentime
[2013.03.28 20:18:29 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\WinZip
[2013.03.28 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.03.28 20:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.03.26 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony Creative Software Inc
[2013.03.23 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Eidos
[2013.03.23 09:07:57 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Remedy
[2013.03.18 09:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.03.18 09:01:18 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\TrackMania
[2013.03.17 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rondomedia
[2013.03.16 21:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2013.03.16 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rainbow
[2013.03.16 20:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sage von Odysseus
[2013.03.16 20:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\rondomedia
[2013.03.16 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DominiGame Death Man
[2013.03.16 20:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeathMan
[2012.10.17 13:38:49 | 015,158,160 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.dll
[2012.10.17 13:38:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Users\Toms-Win7-Rechner\D3DCompiler_43.dll
[2012.10.17 13:38:49 | 000,874,896 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.15 11:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 11:33:32 | 2918,686,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 11:30:14 | 000,000,000 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.04.15 11:03:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 10:57:04 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 10:57:04 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 09:18:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.13 07:23:37 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.13 07:23:37 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.13 07:23:37 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.13 07:23:37 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 09:58:27 | 000,289,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.22 08:46:40 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.15 11:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.03.22 08:46:40 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.02.13 21:14:06 | 000,000,194 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\.ptbt0
[2013.02.13 09:01:13 | 000,220,733 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\test
[2012.11.25 22:45:48 | 000,140,480 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.25 22:45:48 | 000,138,056 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\PnkBstrK.sys
[2012.11.25 22:45:14 | 000,298,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.25 22:45:12 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.25 22:45:11 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.10.18 14:27:15 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.17 14:23:47 | 000,017,408 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Local\WebpageIcons.db
[2012.10.17 14:23:10 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.10.17 14:23:10 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.10.17 14:10:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.10.17 14:07:29 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.17 13:38:50 | 000,034,184 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\opera_install_log.xml
[2012.10.17 13:38:49 | 000,527,083 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\encoding.bin
[2012.10.17 13:38:49 | 000,148,990 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\pubsuffix.xml
[2012.10.17 13:38:49 | 000,143,872 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html5_entity_init.dat
[2012.10.17 13:38:49 | 000,059,028 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\mathml.dtd
[2012.10.17 13:38:49 | 000,024,420 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files_old.sig
[2012.10.17 13:38:49 | 000,016,092 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files.sig
[2012.10.17 13:38:49 | 000,007,904 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html40_entities.dtd
[2012.10.17 13:38:49 | 000,000,301 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\c3nform.vxml
[2012.10.17 13:38:49 | 000,000,229 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\operaprefs_default.ini
[2012.10.17 03:31:17 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.10.17 03:31:17 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.10.17 03:31:17 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.10.17 03:31:17 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.03.16 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DominiGame Death Man
[2013.04.04 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Dropbox
[2013.04.10 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DVDVideoSoft
[2013.04.05 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\elsterformular
[2012.11.21 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Need for Speed World
[2013.03.02 10:36:20 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Nokia
[2013.03.02 10:36:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Nokia Suite
[2012.10.18 12:40:09 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\OpenOffice.org
[2012.10.17 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Opera
[2012.12.02 13:03:11 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Origin
[2013.03.02 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\PC Suite
[2013.03.06 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\ProtectDISC
[2012.10.23 09:06:32 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Publish Providers
[2013.03.16 21:00:02 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rainbow
[2012.12.19 22:31:30 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rovio
[2013.02.27 09:31:57 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Simple Sudoku
[2013.03.28 20:04:39 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony
[2013.03.26 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony Creative Software Inc
[2012.10.22 09:43:19 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\SoundSpectrum
[2013.03.07 08:46:15 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Total Eclipse
[2013.02.13 09:10:36 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Trine2
[2013.04.03 08:21:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\XnView

========== Purity Check ==========

< End of report >

EXTRAS:

OTL Extras logfile created on: 15.04.2013 11:36:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toms-Win7-Rechner\Downloads\Diverse
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,62 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 65,16% Memory free
7,25 Gb Paging File | 5,94 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 38,03 Gb Free Space | 25,35% Space Free | Partition Type: NTFS
Drive E: | 128,00 Gb Total Space | 127,32 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive F: | 127,99 Gb Total Space | 3,46 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive G: | 337,76 Gb Total Space | 265,19 Gb Free Space | 78,51% Space Free | Partition Type: NTFS
Drive H: | 1735,02 Gb Total Space | 600,94 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive I: | 281,51 Gb Total Space | 276,90 Gb Free Space | 98,36% Space Free | Partition Type: NTFS
Drive J: | 500,00 Gb Total Space | 430,21 Gb Free Space | 86,04% Space Free | Partition Type: NTFS

Computer Name: TOMS-WIN7-RECHN | User Name: Toms-Win7-Rechner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- G:\Programme\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Users\Toms-Win7-Rechner\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Users\Toms-Win7-Rechner\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A07576-A5F1-4937-8589-85173684DC72}" = lport=139 | protocol=6 | dir=in | app=system |
"{098CE2E2-C15D-49CE-A80E-0E2D1102E9E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{265A0F44-A707-4D61-B50E-43A97185CA02}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{2F491BDF-E3BD-47B2-B1CA-0B95D6036A7C}" = rport=138 | protocol=17 | dir=out | app=system |
"{3197996C-7501-4693-A65D-2EF562D892DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D21C3F9-632D-41FD-8323-0A60D9E1B30E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{583642C8-F1DA-4D3C-B0FB-DD5A9DBAC4F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DC120D9-EA9C-4FE1-BDB8-7C267671FE7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F97B395-88FE-470C-AF30-A25F900AC9DA}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{66D75520-11C0-46DE-8339-643ABA054F92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724F3158-7311-4223-BEED-1EF4C394CD11}" = lport=445 | protocol=6 | dir=in | app=system |
"{79E763F5-6DD3-47B5-BA22-9915354E1F4E}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{8F898C48-7C51-4706-8430-7F767E152534}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FB46871-FF33-4944-99DC-410B291F7C1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1FC9899-D4F6-47B2-B616-54F2F9A898A4}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{A2341801-96AB-4290-89F9-D91262DC9CCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A262AF7E-6C0F-493B-8F35-54C0F272A25F}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A80AF5A7-39DE-4D56-A27C-4582837D07BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B1F2F7CB-B1AF-486F-885C-A964BD77F6EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B444253D-0464-4E1B-8FF7-12073D4EFF79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65B1EAC-8212-4FC8-BEEF-9A989D1BF59B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B86C781A-B1AB-473F-88D2-5CA4F0B63FE7}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{BD0DB79E-E6CE-4CE8-B890-D1B50A22985A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1441821-56F9-4D33-A621-3D2FF02F360F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1FC5355-2DC5-47CF-9E77-CB9668C731B0}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{F89FDBAB-7C63-498B-9D51-29E774CEA119}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9AE3F14-13D2-411C-B8EA-01104F602942}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE30A5B4-7467-4088-9784-C0027AB9F274}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03489610-3DE1-43E5-B5B9-0F43A14946AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{085122A5-A187-46F3-B400-A618D688F11F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\limbo\limbo.exe |
"{08766C4D-5740-4DA7-B71C-8C0CEED92D71}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{0FCE9012-315B-4989-9129-FA7CA6B122C4}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{11873A23-037D-4F1E-979B-ECFA036CA505}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{12142AB0-19EB-4D70-9DD0-E0B05B850631}" = protocol=17 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"{13368F50-AED6-424D-8463-BA2C0A1C7C40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider underworld\tru.exe |
"{147586A1-370D-4941-A51A-E00CB713DC1B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{17649DA3-1F99-42D9-9B52-4D24F2EBFD63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18E869EF-E6DD-4CF6-BE17-BECEF5496D52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{19E4AACC-C6D6-42EF-AE4D-B91F2D4B4D58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B8EE7A4-1AF9-4937-ACC5-3998EEBAA7C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{225DE42A-ABE0-454C-BDAD-01BFCBCA319D}" = protocol=17 | dir=in | app=g:\programme\opera\opera.exe |
"{29B8F597-3A2D-4E84-BF04-97264C6E2C06}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{2F33CE4A-1DFA-40EC-A0C6-109DD3B18DC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C8505AE-E916-4EC8-9A7C-36A0AA5BB820}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{3DB81719-C521-4E71-9D51-B1EC22B98D1A}" = protocol=6 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"{3E036974-90B4-4D21-A050-5A7E1EA7BC07}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3FAA0592-14A6-41E5-AE6D-56323AC3F60D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{4572B282-B01D-443B-93D6-048172312642}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0C8077-CE7A-4DB9-8301-A5E9744865E8}" = protocol=17 | dir=in | app=c:\users\toms-win7-rechner\opera.exe |
"{5CDF22AE-FB69-4403-9748-1D37D89E52C3}" = protocol=6 | dir=out | app=system |
"{60BB597C-CE1B-4C42-A43B-A59CBB107BAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{619C5A78-EEB9-46C5-A14B-B2E775A8517E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{6484FD6E-D056-41A1-B277-482EDB831018}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider underworld\tru.exe |
"{6A01FB8A-4B21-4C9C-8809-4345EAAC3F44}" = protocol=6 | dir=in | app=c:\users\toms-win7-rechner\opera.exe |
"{6AD856B8-16FE-41AB-848B-1A99D23D3FCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E890695-5DBE-45AF-A256-D2F1A149DA19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{731E4465-E1D7-4C1D-B661-1D3E6EB683BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{759E120F-1F26-4167-9436-347C0EC4C913}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B600A53-FA67-46FB-AB2F-E8B1265EC32E}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{7C4CC9BE-8367-4D51-986D-FACD587C7533}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{846B3F52-2C27-4F31-AEDA-75427687A0DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider\tombraider.exe |
"{852AE591-2DDC-428D-89D5-001287FD95D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{86C3464B-0E62-45E4-8984-874D1E8511EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92A3CA85-A40A-44C0-A32F-70B3C066DEC2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9716FFB0-6CC6-4AE1-AF61-E71F9FD4EBFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B5C894A-9D63-4AC2-B59F-BB210F146A23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F58927F-FA34-435B-832C-C15B1344C875}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{A64AD7AA-FD32-49FF-BB6E-6C01485B3529}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{B0DA4CFA-3B73-43FD-BC6A-A189398EB670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{B789ED5E-ED2C-4EA9-82D9-E1A2210AA7B7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BD11407D-4C6E-4ABA-B15B-89B5A158C60E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C2ECD1D5-8657-4A41-AED6-A53A0223F986}" = protocol=6 | dir=in | app=g:\programme\opera\opera.exe |
"{C3FA9926-E01B-4DC1-8C4C-15F45AF8E353}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{C5D3FC6F-6583-481A-AA1F-8F2EA021D2A6}" = dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{C9B40042-C63F-4244-A2C9-9C16DE270369}" = protocol=6 | dir=in | app=c:\users\toms-win7-rechner\appdata\roaming\dropbox\bin\dropbox.exe |
"{D3FB6971-2862-42B7-B0C9-1BB13BE6EE5C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{E1BDBA9B-B896-4729-8566-D0FA5B64A24B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{EBA277F0-A55C-4F80-993E-1C46817305F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\limbo\limbo.exe |
"{F0FAB01C-26EC-42C8-8378-73968E9D1F66}" = protocol=17 | dir=in | app=c:\users\toms-win7-rechner\appdata\roaming\dropbox\bin\dropbox.exe |
"{F2F93C4F-1553-4724-AF96-1FE2318E1D43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F31CBB74-5B3A-4A2A-9422-28E4625BF077}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider\tombraider.exe |
"{F5D0F152-FB83-4AB2-AC95-82929EBF7E1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{07ED8941-3DDF-4E3D-8BC2-B9399C182B08}C:\program files\origin games\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"TCP Query User{1640EBD7-E9E7-4F91-965A-A34994817041}C:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{17E46F89-0EA5-4DCA-B0A5-7F52D85924CD}C:\program files\origin games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\origin games\crysis 2\bin32\crysis2.exe |
"TCP Query User{3122506B-91DA-48D6-AC6A-F008824BE3AC}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{7AD2B88E-F4C3-4014-A539-052A24E72851}F:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\games\tmnationsforever\tmforever.exe |
"UDP Query User{04EDB3DF-7530-4BCC-A684-7CAA643CA25F}C:\program files\origin games\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"UDP Query User{336D9539-2EFB-4738-A310-6C5C7E33ACF1}C:\program files\origin games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\origin games\crysis 2\bin32\crysis2.exe |
"UDP Query User{4FA37607-02A5-4DA9-9F86-8CE31DC159EF}C:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{D521C37B-8A51-42D1-BBA8-0788A88A6D2C}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{EAF0E596-2649-4FE3-A805-FF90223CFE26}F:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\games\tmnationsforever\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B644D34F-0296-11E2-938E-F04DA23A5C58}" = Vegas Pro 11.0
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeon" = Aeon
"DeathMan_is1" = DeathMan
"Die Sage von Odysseus_is1" = Die Sage von Odysseus
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Opera 12.14.1738" = Opera 12.14
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Simple Sudoku_is1" = Simple Sudoku 4.2
"Steam App 108710" = Alan Wake
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 203160" = Tomb Raider
"Steam App 233070" = TrackMania² Stadium Open Beta
"Steam App 35720" = Trine 2
"Steam App 48000" = LIMBO
"Steam App 8140" = Tomb Raider: Underworld
"TmNationsForever_is1" = TmNationsForever
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.4
"XnView_is1" = XnView 1.99.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2013 04:04:02 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:11:34 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

Error - 15.04.2013 05:51:37 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

Error - 15.04.2013 06:11:06 | Computer Name = Toms-Win7-Rechn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 0.0.0.0, Zeitstempel:
0x4e21f2b1 Name des fehlerhaften Moduls: gmer.exe, Version: 0.0.0.0, Zeitstempel:
0x4e21f2b1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8360 ID des fehlerhaften Prozesses:
0x8c8 Startzeit der fehlerhaften Anwendung: 0x01ce39c18a3c81c9 Pfad der fehlerhaften
Anwendung: C:\Users\Toms-Win7-Rechner\Downloads\Diverse\gmer.exe Pfad des fehlerhaften
Moduls: C:\Users\Toms-Win7-Rechner\Downloads\Diverse\gmer.exe Berichtskennung: c8a0a2b5-a5b4-11e2-8224-00252275a0da

Error - 15.04.2013 06:35:20 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21.01.2013 16:45:59 | Computer Name = Toms-Win7-Rechn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 22.01.2013 16:43:01 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 22.01.2013 16:43:01 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 23.01.2013 04:21:35 | Computer Name = Toms-Win7-Rechn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?01.?2013 um 21:27:25 unerwartet heruntergefahren.

Error - 25.01.2013 14:15:07 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 26.01.2013 07:32:14 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882

Error - 26.01.2013 16:47:55 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 29.01.2013 06:53:38 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 30.01.2013 03:25:24 | Computer Name = Toms-Win7-Rechn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?01.?2013 um 20:55:11 unerwartet heruntergefahren.

Error - 31.01.2013 04:04:48 | Computer Name = Toms-Win7-Rechn | Source = DCOM | ID = 10010
Description =

< End of report >

GMER:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-15 12:20:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\00000061 SAMSUNG_ rev.1AJ1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\TOMS-W~1\AppData\Local\Temp\fwtoiuod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x9283D392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x9285824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x92858580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x928588F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x9283DE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x92857F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x9283E37E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x9283E26C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x928583F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9283D14E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x9283E496]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9283D9C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9283DB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x9283E5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x928584B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9283E856]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x9283DE4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9283F858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x9283E948]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x9283EEB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x92856722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x9283E410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x9283E2F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x9283D5CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9283EC98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x9283E528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9283D4C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x9283E664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x9285691A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0x9283F1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x9283EAE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x928586E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x92858632]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x92858750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x9283F6FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x928580BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x9283DCAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x9283E702]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9283F32A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9283F41E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x9283F558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9283E778]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9283D76C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x9283D6C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x9283F092]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9283D858]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83088A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C21F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 830C922C 4 Bytes [92, D3, 83, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830C9254 8 Bytes [4A, 82, 85, 92, 80, 85, 85, ...] {DEC EDX; ADD BYTE [EBP-0x7a7a7f6e], 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 830C9298 4 Bytes [F6, 88, 85, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 830C92C4 4 Bytes [0C, DE, 83, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 830C92E8 4 Bytes [32, 7F, 85, 92] {XOR BH, [EDI-0x7b]; XCHG EDX, EAX}
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys
AttachedDevice \Driver\tdx \Device\Udp kl1.sys
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{75B7F889-1856-11E2-A6E3-806E6F6E6963} 1295408488
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jg\OpenWithProgids@j\20g_auto_file

---- EOF - GMER 2.1 ----

Ich hoffe, dass ich es richtig gemacht habe. Danke für Eure Bemühungen,

Gruss
Tom

cosinus · 15.04.2013, 13:27

Hallo und

Zitat:

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

mppriest · 15.04.2013, 19:33

nein,
ich hab keine weiteren logs im angebot. soll ich noch weitere schritte unternehmen?
nein es ist ein privat-pc, und ich hab die win7-version normal und legal übers internet gekauft und bezahlt.
gruss
tom

cosinus · 15.04.2013, 20:25

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

mppriest · 15.04.2013, 21:10

Allet klaro,
vorab swchon mal Danke. Ich mache es am morgigen Dienstag vormitag, bis dahin.
gruss
tom

cosinus · 15.04.2013, 21:28

Ok, bis morgen

mppriest · 16.04.2013, 08:15

Morgen,

so hab alles durchlaufen lassen, die aswMBR ist abgestürzt und ich habe den AV Scan auf (none) gestellt. Die TDSS Killer hat zwei Sachen angemahnt, die ich per Skip weiterlaufen ließ. Also hier die entsprechenden Daten:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Toms-Win7-Rechner :: TOMS-WIN7-RECHN [administrator]

16.04.2013 08:37:08
mbar-log-2013-04-16 (08-37-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26395
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dann:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-16 09:04:24
-----------------------------
09:04:24.347    OS Version: Windows 6.1.7601 Service Pack 1
09:04:24.347    Number of processors: 4 586 0x502
09:04:24.347    ComputerName: TOMS-WIN7-RECHN  UserName: 
09:04:24.675    Initialize success
09:04:38.832    AVAST engine defs: 13041501
09:05:02.865    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000005f
09:05:02.880    Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
09:05:02.880    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000060
09:05:02.896    Disk 1 Vendor: SAMSUNG_ 1AQ1 Size: 1907729MB BusType: 3
09:05:02.896    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000061
09:05:02.896    Disk 2 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
09:05:03.068    Disk 2 MBR read successfully
09:05:03.068    Disk 2 MBR scan
09:05:03.099    Disk 2 Windows 7 default MBR code
09:05:03.115    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS       153604 MB offset 45
09:05:03.130    Disk 2 Partition - 00     0F Extended LBA            800264 MB offset 314581680
09:05:03.146    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       288261 MB offset 314581725
09:05:03.162    Disk 2 Partition - 00     05     Extended            512002 MB offset 904942080
09:05:03.193    Disk 2 Partition 3 00     07    HPFS/NTFS NTFS       512002 MB offset 904942125
09:05:03.208    Disk 2 scanning sectors +1953524160
09:05:03.412    Disk 2 scanning C:\Windows\system32\drivers
09:05:14.599    Service scanning
09:05:15.130    Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
09:05:15.193    Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
09:05:15.224    Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
09:05:15.505    Service adp94xx C:\Windows\system32\drivers\adp94xx.sys **LOCKED** 32
09:05:15.537    Service adpahci C:\Windows\system32\drivers\adpahci.sys **LOCKED** 32
09:05:15.599    Service adpu320 C:\Windows\system32\drivers\adpu320.sys **LOCKED** 32
09:05:15.693    Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
09:05:15.740    Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
09:05:15.771    Service aic78xx C:\Windows\system32\drivers\djsvs.sys **LOCKED** 32
09:05:15.818    Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
09:05:15.865    Service amdagp C:\Windows\system32\drivers\amdagp.sys **LOCKED** 32
09:05:15.896    Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
09:05:15.927    Service AmdK8 C:\Windows\system32\drivers\amdk8.sys **LOCKED** 32
09:05:15.974    Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
09:05:16.037    Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
09:05:16.068    Service amdsbs C:\Windows\system32\drivers\amdsbs.sys **LOCKED** 32
09:05:16.115    Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
09:05:16.162    Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
09:05:16.271    Service arc C:\Windows\system32\drivers\arc.sys **LOCKED** 32
09:05:16.302    Service arcsas C:\Windows\system32\drivers\arcsas.sys **LOCKED** 32
09:05:16.412    Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
09:05:16.458    Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
09:05:16.849    Service b06bdrv C:\Windows\system32\drivers\bxvbdx.sys **LOCKED** 32
09:05:16.896    Service b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys **LOCKED** 32
09:05:16.958    Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
09:05:17.162    Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
09:05:17.224    Service BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys **LOCKED** 32
09:05:17.255    Service BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys **LOCKED** 32
09:05:17.349    Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
09:05:17.396    Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
09:05:17.427    Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
09:05:17.443    Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
09:05:17.474    Service BTHMODEM C:\Windows\system32\drivers\bthmodem.sys **LOCKED** 32
09:05:17.568    Service cdrom C:\Windows\system32\DRIVERS\cdrom.sys **LOCKED** 32
09:05:17.646    Service circlass C:\Windows\system32\drivers\circlass.sys **LOCKED** 32
09:05:17.708    Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
09:05:17.880    Service CmBatt C:\Windows\system32\drivers\CmBatt.sys **LOCKED** 32
09:05:17.927    Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
09:05:18.005    Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
09:05:18.037    Service Compbatt C:\Windows\system32\drivers\compbatt.sys **LOCKED** 32
09:05:18.068    Service CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys **LOCKED** 32
09:05:18.130    Service crcdisk C:\Windows\system32\drivers\crcdisk.sys **LOCKED** 32
09:05:18.240    Service CSC C:\Windows\system32\drivers\csc.sys **LOCKED** 32
09:05:18.505    Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
09:05:18.537    Service Disk C:\Windows\system32\drivers\disk.sys **LOCKED** 32
09:05:18.615    Service dmvsc C:\Windows\system32\drivers\dmvsc.sys **LOCKED** 32
09:05:18.755    Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
09:05:18.849    Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
09:05:19.130    Service ebdrv C:\Windows\system32\drivers\evbdx.sys **LOCKED** 32
09:05:19.287    Service elxstor C:\Windows\system32\drivers\elxstor.sys **LOCKED** 32
09:05:19.318    Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
09:05:19.646    Service fdc C:\Windows\system32\drivers\fdc.sys **LOCKED** 32
09:05:19.740    Service flpydisk C:\Windows\system32\drivers\flpydisk.sys **LOCKED** 32
09:05:20.099    Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
09:05:20.146    Service gagp30kx C:\Windows\system32\drivers\gagp30kx.sys **LOCKED** 32
09:05:20.255    Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
09:05:20.318    Service HdAudAddService C:\Windows\system32\drivers\HdAudio.sys **LOCKED** 32
09:05:20.380    Service HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys **LOCKED** 32
09:05:20.427    Service HidBatt C:\Windows\system32\drivers\HidBatt.sys **LOCKED** 32
09:05:20.474    Service HidBth C:\Windows\system32\drivers\hidbth.sys **LOCKED** 32
09:05:20.568    Service HidIr C:\Windows\system32\drivers\hidir.sys **LOCKED** 32
09:05:20.677    Service HidUsb C:\Windows\system32\DRIVERS\hidusb.sys **LOCKED** 32
09:05:20.927    Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
09:05:21.005    Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
09:05:21.037    Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
09:05:21.068    Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
09:05:21.146    Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
09:05:21.333    Service iirsp C:\Windows\system32\drivers\iirsp.sys **LOCKED** 32
09:05:21.443    Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
09:05:21.490    Service intelppm C:\Windows\system32\drivers\intelppm.sys **LOCKED** 32
09:05:21.552    Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
09:05:21.802    Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
09:05:21.865    Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
09:05:21.896    Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
09:05:21.943    Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
09:05:22.021    Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
09:05:22.068    Service kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys **LOCKED** 32
09:05:22.115    Service kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys **LOCKED** 32
09:05:22.271    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
09:05:22.333    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
09:05:22.490    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 32
09:05:22.521    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 32
09:05:22.599    Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
09:05:22.677    Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
09:05:22.990    Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
09:05:23.099    Service LSI_FC C:\Windows\system32\drivers\lsi_fc.sys **LOCKED** 32
09:05:23.162    Service LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys **LOCKED** 32
09:05:23.193    Service LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys **LOCKED** 32
09:05:23.240    Service LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys **LOCKED** 32
09:05:23.287    Service megasas C:\Windows\system32\drivers\megasas.sys **LOCKED** 32
09:05:23.333    Service MegaSR C:\Windows\system32\drivers\MegaSR.sys **LOCKED** 32
09:05:23.396    Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
09:05:23.505    Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
09:05:23.552    Service mouclass C:\Windows\system32\DRIVERS\mouclass.sys **LOCKED** 32
09:05:23.599    Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
09:05:23.630    Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
09:05:23.677    Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
09:05:23.708    Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
09:05:23.943    Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
09:05:23.990    Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
09:05:24.115    Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
09:05:24.146    Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
09:05:24.255    Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
09:05:24.287    Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
09:05:24.333    Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
09:05:24.380    Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
09:05:24.412    Service mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys **LOCKED** 32
09:05:24.443    Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
09:05:24.474    Service MTConfig C:\Windows\system32\drivers\MTConfig.sys **LOCKED** 32
09:05:24.599    Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
09:05:24.708    Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
09:05:24.740    Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
09:05:24.787    Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
09:05:24.802    Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
09:05:24.849    Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
09:05:24.880    Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
09:05:24.958    Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
09:05:25.318    Service nfrd960 C:\Windows\system32\drivers\nfrd960.sys **LOCKED** 32
09:05:25.443    Service nmwcd C:\Windows\system32\drivers\ccdcmb.sys **LOCKED** 32
09:05:25.505    Service nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys **LOCKED** 32
09:05:25.599    Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
09:05:25.802    Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
09:05:25.865    Service NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys **LOCKED** 32
09:05:25.912    Service NVHDA C:\Windows\system32\drivers\nvhda32v.sys **LOCKED** 32
09:05:26.552    Service nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys **LOCKED** 32
09:05:26.630    Service NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys **LOCKED** 32
09:05:26.677    Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
09:05:26.724    Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
09:05:27.021    Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
09:05:27.068    Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
09:05:27.208    Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
09:05:27.255    Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
09:05:27.302    Service Parvdm C:\Windows\system32\DRIVERS\parvdm.sys **LOCKED** 32
09:05:27.427    Service pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys **LOCKED** 32
09:05:27.458    Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
09:05:27.505    Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
09:05:27.537    Service pcmcia C:\Windows\system32\drivers\pcmcia.sys **LOCKED** 32
09:05:27.583    Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
09:05:27.646    Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
09:05:28.146    Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
09:05:28.193    Service Processor C:\Windows\system32\drivers\processr.sys **LOCKED** 32
09:05:28.302    Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
09:05:28.412    Service ql2300 C:\Windows\system32\drivers\ql2300.sys **LOCKED** 32
09:05:28.490    Service ql40xx C:\Windows\system32\drivers\ql40xx.sys **LOCKED** 32
09:05:28.568    Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
09:05:28.615    Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
09:05:28.662    Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
09:05:28.724    Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
09:05:28.802    Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
09:05:28.833    Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
09:05:28.927    Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
09:05:28.958    Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
09:05:29.005    Service RDPDR C:\Windows\System32\drivers\rdpdr.sys **LOCKED** 32
09:05:29.052    Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
09:05:29.083    Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
09:05:29.130    Service RdpVideoMiniport C:\Windows\System32\drivers\rdpvideominiport.sys **LOCKED** 32
09:05:29.193    Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
09:05:29.240    Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
09:05:29.583    Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
09:05:29.693    Service RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys **LOCKED** 32
09:05:29.740    Service s3cap C:\Windows\system32\drivers\vms3cap.sys **LOCKED** 32
09:05:29.818    Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
09:05:29.880    Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
09:05:30.052    Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
09:05:30.146    Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
09:05:30.193    Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
09:05:30.224    Service sermouse C:\Windows\system32\drivers\sermouse.sys **LOCKED** 32
09:05:30.443    Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
09:05:30.474    Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
09:05:30.505    Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
09:05:30.537    Service sfloppy C:\Windows\system32\drivers\sfloppy.sys **LOCKED** 32
09:05:30.693    Service sisagp C:\Windows\system32\drivers\sisagp.sys **LOCKED** 32
09:05:30.724    Service SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys **LOCKED** 32
09:05:30.771    Service SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys **LOCKED** 32
09:05:30.802    Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
09:05:30.849    Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
09:05:31.630    Service stexstor C:\Windows\system32\drivers\stexstor.sys **LOCKED** 32
09:05:31.740    Service storflt C:\Windows\system32\drivers\vmstorfl.sys **LOCKED** 32
09:05:31.802    Service storvsc C:\Windows\system32\drivers\storvsc.sys **LOCKED** 32
09:05:31.849    Service swenum C:\Windows\system32\DRIVERS\swenum.sys **LOCKED** 32
09:05:32.240    Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
09:05:32.365    Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
09:05:32.412    Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
09:05:32.443    Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
09:05:32.490    Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
09:05:32.521    Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
09:05:32.568    Service TermDD C:\Windows\system32\DRIVERS\termdd.sys **LOCKED** 32
09:05:32.818    Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
09:05:32.880    Service TsUsbFlt C:\Windows\System32\drivers\tsusbflt.sys **LOCKED** 32
09:05:32.927    Service TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys **LOCKED** 32
09:05:32.958    Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
09:05:33.005    Service uagp35 C:\Windows\system32\drivers\uagp35.sys **LOCKED** 32
09:05:33.099    Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
09:05:33.162    Service umbus C:\Windows\system32\DRIVERS\umbus.sys **LOCKED** 32
09:05:33.193    Service UmPass C:\Windows\system32\drivers\umpass.sys **LOCKED** 32
09:05:33.412    Service upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys **LOCKED** 32
09:05:33.505    Service usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys **LOCKED** 32
09:05:33.568    Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
09:05:33.662    Service usbehci C:\Windows\system32\DRIVERS\usbehci.sys **LOCKED** 32
09:05:33.724    Service usbhub C:\Windows\system32\DRIVERS\usbhub.sys **LOCKED** 32
09:05:33.755    Service usbohci C:\Windows\system32\DRIVERS\usbohci.sys **LOCKED** 32
09:05:33.787    Service usbprint C:\Windows\system32\drivers\usbprint.sys **LOCKED** 32
09:05:33.818    Service usbser C:\Windows\system32\drivers\usbser.sys **LOCKED** 32
09:05:33.849    Service UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys **LOCKED** 32
09:05:33.896    Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
09:05:33.943    Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 32
09:05:34.005    Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
09:05:34.083    Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
09:05:34.115    Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
09:05:34.162    Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
09:05:34.208    Service viaagp C:\Windows\system32\drivers\viaagp.sys **LOCKED** 32
09:05:34.240    Service ViaC7 C:\Windows\system32\drivers\viac7.sys **LOCKED** 32
09:05:34.365    Service VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys **LOCKED** 32
09:05:34.396    Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
09:05:34.443    Service vmbus C:\Windows\system32\drivers\vmbus.sys **LOCKED** 32
09:05:34.474    Service VMBusHID C:\Windows\system32\drivers\VMBusHID.sys **LOCKED** 32
09:05:34.521    Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
09:05:34.583    Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
09:05:34.630    Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
09:05:34.677    Service vsmraid C:\Windows\system32\drivers\vsmraid.sys **LOCKED** 32
09:05:34.802    Service vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys **LOCKED** 32
09:05:34.865    Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED** 32
09:05:34.896    Service vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys **LOCKED** 32
09:05:34.974    Service WacomPen C:\Windows\system32\drivers\wacompen.sys **LOCKED** 32
09:05:34.990    Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
09:05:35.021    Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
09:05:35.240    Service Wd C:\Windows\system32\drivers\wd.sys **LOCKED** 32
09:05:35.318    Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
09:05:35.490    Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
09:05:35.896    Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED** 32
09:05:36.005    Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
09:05:36.208    Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
09:05:36.521    Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
09:05:36.552    Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
09:05:37.130    Modules scanning
09:05:41.552    Disk 2 trace - called modules:
09:05:41.568    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 
09:05:41.583    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8749f9c0]
09:05:41.583    3 CLASSPNP.SYS[8dcab59e] -> nt!IofCallDriver -> [0x8641b700]
09:05:41.599    5 ACPI.sys[837b73d4] -> nt!IofCallDriver -> \Device\00000061[0x8641fb60]
09:05:41.599    Scan finished successfully
09:06:13.474    Disk 2 MBR has been saved successfully to "C:\Users\Toms-Win7-Rechner\Desktop\MBR.dat"
09:06:13.490    The log file has been saved successfully to "C:\Users\Toms-Win7-Rechner\Desktop\aswMBR.txt"

dann:

Code:

ATTFilter

09:07:08.0892 3116  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:07:09.0064 3116  ============================================================
09:07:09.0064 3116  Current date / time: 2013/04/16 09:07:09.0064
09:07:09.0064 3116  SystemInfo:
09:07:09.0064 3116  
09:07:09.0064 3116  OS Version: 6.1.7601 ServicePack: 1.0
09:07:09.0064 3116  Product type: Workstation
09:07:09.0064 3116  ComputerName: TOMS-WIN7-RECHN
09:07:09.0064 3116  UserName: Toms-Win7-Rechner
09:07:09.0064 3116  Windows directory: C:\Windows
09:07:09.0064 3116  System windows directory: C:\Windows
09:07:09.0064 3116  Processor architecture: Intel x86
09:07:09.0064 3116  Number of processors: 4
09:07:09.0064 3116  Page size: 0x1000
09:07:09.0064 3116  Boot type: Normal boot
09:07:09.0064 3116  ============================================================
09:07:10.0220 3116  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x2F50C, SectorsPerTrack: 0x2D, TracksPerCylinder: 0x70, Type 'K0', Flags 0x00000050
09:07:10.0220 3116  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:07:10.0220 3116  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x5EA14, SectorsPerTrack: 0x2D, TracksPerCylinder: 0x70, Type 'K0', Flags 0x00000050
09:07:10.0220 3116  ============================================================
09:07:10.0220 3116  \Device\Harddisk0\DR0:
09:07:10.0236 3116  MBR partitions:
09:07:10.0236 3116  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2D, BlocksNum 0xFFFEC13
09:07:10.0251 3116  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFEC6D, BlocksNum 0x2A385C23
09:07:10.0251 3116  \Device\Harddisk1\DR1:
09:07:10.0251 3116  MBR partitions:
09:07:10.0251 3116  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
09:07:10.0251 3116  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD8E0C87D
09:07:10.0251 3116  \Device\Harddisk2\DR2:
09:07:10.0251 3116  MBR partitions:
09:07:10.0251 3116  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x2D, BlocksNum 0x12C02283
09:07:10.0267 3116  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x12C022DD, BlocksNum 0x23302F23
09:07:10.0267 3116  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x35F0522D, BlocksNum 0x3E801793
09:07:10.0267 3116  ============================================================
09:07:10.0298 3116  E: <-> \Device\Harddisk0\DR0\Partition1
09:07:10.0298 3116  F: <-> \Device\Harddisk1\DR1\Partition1
09:07:10.0330 3116  G: <-> \Device\Harddisk0\DR0\Partition2
09:07:10.0330 3116  H: <-> \Device\Harddisk1\DR1\Partition2
09:07:10.0361 3116  C: <-> \Device\Harddisk2\DR2\Partition1
09:07:10.0376 3116  I: <-> \Device\Harddisk2\DR2\Partition2
09:07:10.0392 3116  J: <-> \Device\Harddisk2\DR2\Partition3
09:07:10.0392 3116  ============================================================
09:07:10.0392 3116  Initialize success
09:07:10.0392 3116  ============================================================
09:07:24.0292 5632  ============================================================
09:07:24.0292 5632  Scan started
09:07:24.0292 5632  Mode: Manual; SigCheck; TDLFS; 
09:07:24.0292 5632  ============================================================
09:07:24.0949 5632  ================ Scan system memory ========================
09:07:24.0949 5632  System memory - ok
09:07:24.0949 5632  ================ Scan services =============================
09:07:25.0089 5632  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:07:25.0230 5632  1394ohci - ok
09:07:25.0261 5632  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:07:25.0277 5632  ACPI - ok
09:07:25.0292 5632  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:07:25.0324 5632  AcpiPmi - ok
09:07:25.0402 5632  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:07:25.0433 5632  AdobeARMservice - ok
09:07:25.0480 5632  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:07:25.0496 5632  AdobeFlashPlayerUpdateSvc - ok
09:07:25.0527 5632  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:07:25.0542 5632  adp94xx - ok
09:07:25.0558 5632  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:07:25.0589 5632  adpahci - ok
09:07:25.0605 5632  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:07:25.0621 5632  adpu320 - ok
09:07:25.0636 5632  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:07:25.0667 5632  AeLookupSvc - ok
09:07:25.0714 5632  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
09:07:25.0792 5632  AFD - ok
09:07:25.0808 5632  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:07:25.0824 5632  agp440 - ok
09:07:25.0839 5632  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:07:25.0855 5632  aic78xx - ok
09:07:25.0886 5632  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
09:07:25.0902 5632  ALG - ok
09:07:25.0917 5632  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:07:25.0917 5632  aliide - ok
09:07:25.0933 5632  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:07:25.0949 5632  amdagp - ok
09:07:25.0964 5632  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:07:25.0980 5632  amdide - ok
09:07:25.0996 5632  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:07:26.0011 5632  AmdK8 - ok
09:07:26.0027 5632  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:07:26.0042 5632  AmdPPM - ok
09:07:26.0074 5632  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:07:26.0089 5632  amdsata - ok
09:07:26.0105 5632  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:07:26.0121 5632  amdsbs - ok
09:07:26.0136 5632  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:07:26.0152 5632  amdxata - ok
09:07:26.0167 5632  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
09:07:26.0199 5632  AppID - ok
09:07:26.0214 5632  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:07:26.0246 5632  AppIDSvc - ok
09:07:26.0277 5632  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
09:07:26.0339 5632  Appinfo - ok
09:07:26.0371 5632  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:07:26.0386 5632  AppMgmt - ok
09:07:26.0402 5632  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
09:07:26.0417 5632  arc - ok
09:07:26.0433 5632  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:07:26.0433 5632  arcsas - ok
09:07:26.0511 5632  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:07:26.0542 5632  aspnet_state - ok
09:07:26.0558 5632  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:07:26.0667 5632  AsyncMac - ok
09:07:26.0683 5632  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
09:07:26.0716 5632  atapi - ok
09:07:26.0732 5632  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:07:26.0779 5632  AudioEndpointBuilder - ok
09:07:26.0779 5632  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:07:26.0810 5632  Audiosrv - ok
09:07:26.0859 5632  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
09:07:26.0875 5632  AVP - ok
09:07:26.0906 5632  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:07:26.0937 5632  AxInstSV - ok
09:07:26.0968 5632  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
09:07:26.0984 5632  b06bdrv - ok
09:07:27.0000 5632  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:07:27.0031 5632  b57nd60x - ok
09:07:27.0048 5632  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:07:27.0066 5632  BDESVC - ok
09:07:27.0099 5632  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:07:27.0134 5632  Beep - ok
09:07:27.0169 5632  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
09:07:27.0203 5632  BFE - ok
09:07:27.0234 5632  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
09:07:27.0267 5632  BITS - ok
09:07:27.0298 5632  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:07:27.0314 5632  blbdrive - ok
09:07:27.0330 5632  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:07:27.0376 5632  bowser - ok
09:07:27.0392 5632  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:07:27.0423 5632  BrFiltLo - ok
09:07:27.0439 5632  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:07:27.0486 5632  BrFiltUp - ok
09:07:27.0501 5632  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
09:07:27.0533 5632  Browser - ok
09:07:27.0548 5632  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:07:27.0582 5632  Brserid - ok
09:07:27.0599 5632  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:07:27.0615 5632  BrSerWdm - ok
09:07:27.0615 5632  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:07:27.0650 5632  BrUsbMdm - ok
09:07:27.0650 5632  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:07:27.0683 5632  BrUsbSer - ok
09:07:27.0685 5632  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:07:27.0701 5632  BTHMODEM - ok
09:07:27.0716 5632  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
09:07:27.0748 5632  bthserv - ok
09:07:27.0763 5632  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:07:27.0794 5632  cdfs - ok
09:07:27.0810 5632  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:07:27.0826 5632  cdrom - ok
09:07:27.0841 5632  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:07:27.0875 5632  CertPropSvc - ok
09:07:27.0892 5632  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:07:27.0910 5632  circlass - ok
09:07:27.0927 5632  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
09:07:27.0943 5632  CLFS - ok
09:07:27.0990 5632  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:07:28.0039 5632  clr_optimization_v2.0.50727_32 - ok
09:07:28.0089 5632  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:07:28.0105 5632  clr_optimization_v4.0.30319_32 - ok
09:07:28.0105 5632  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:07:28.0136 5632  CmBatt - ok
09:07:28.0136 5632  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:07:28.0152 5632  cmdide - ok
09:07:28.0185 5632  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:07:28.0220 5632  CNG - ok
09:07:28.0220 5632  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:07:28.0238 5632  Compbatt - ok
09:07:28.0253 5632  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:07:28.0285 5632  CompositeBus - ok
09:07:28.0285 5632  COMSysApp - ok
09:07:28.0285 5632  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:07:28.0300 5632  crcdisk - ok
09:07:28.0332 5632  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:07:28.0363 5632  CryptSvc - ok
09:07:28.0394 5632  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
09:07:28.0410 5632  CSC - ok
09:07:28.0441 5632  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
09:07:28.0457 5632  CscService - ok
09:07:28.0488 5632  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:07:28.0519 5632  DcomLaunch - ok
09:07:28.0535 5632  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:07:28.0566 5632  defragsvc - ok
09:07:28.0582 5632  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:07:28.0613 5632  DfsC - ok
09:07:28.0628 5632  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:07:28.0660 5632  Dhcp - ok
09:07:28.0675 5632  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
09:07:28.0707 5632  discache - ok
09:07:28.0722 5632  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
09:07:28.0738 5632  Disk - ok
09:07:28.0769 5632  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:07:28.0785 5632  dmvsc - ok
09:07:28.0800 5632  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:07:28.0832 5632  Dnscache - ok
09:07:28.0847 5632  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:07:28.0894 5632  dot3svc - ok
09:07:28.0910 5632  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
09:07:28.0925 5632  DPS - ok
09:07:28.0957 5632  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:07:29.0003 5632  drmkaud - ok
09:07:29.0019 5632  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:07:29.0050 5632  DXGKrnl - ok
09:07:29.0066 5632  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
09:07:29.0113 5632  EapHost - ok
09:07:29.0207 5632  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
09:07:29.0269 5632  ebdrv - ok
09:07:29.0285 5632  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
09:07:29.0316 5632  EFS - ok
09:07:29.0332 5632  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:07:29.0347 5632  elxstor - ok
09:07:29.0363 5632  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:07:29.0378 5632  ErrDev - ok
09:07:29.0410 5632  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
09:07:29.0441 5632  EventSystem - ok
09:07:29.0457 5632  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:07:29.0472 5632  exfat - ok
09:07:29.0488 5632  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:07:29.0519 5632  fastfat - ok
09:07:29.0550 5632  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
09:07:29.0566 5632  Fax - ok
09:07:29.0597 5632  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
09:07:29.0644 5632  fdc - ok
09:07:29.0675 5632  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
09:07:29.0722 5632  fdPHost - ok
09:07:29.0738 5632  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
09:07:29.0769 5632  FDResPub - ok
09:07:29.0769 5632  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:07:29.0785 5632  FileInfo - ok
09:07:29.0800 5632  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:07:29.0816 5632  Filetrace - ok
09:07:29.0832 5632  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:07:29.0863 5632  flpydisk - ok
09:07:29.0878 5632  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:07:29.0894 5632  FltMgr - ok
09:07:29.0972 5632  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
09:07:30.0035 5632  FontCache - ok
09:07:30.0082 5632  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:07:30.0097 5632  FontCache3.0.0.0 - ok
09:07:30.0113 5632  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:07:30.0128 5632  FsDepends - ok
09:07:30.0160 5632  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:07:30.0175 5632  Fs_Rec - ok
09:07:30.0207 5632  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:07:30.0222 5632  fvevol - ok
09:07:30.0253 5632  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:07:30.0253 5632  gagp30kx - ok
09:07:30.0285 5632  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:07:30.0332 5632  gpsvc - ok
09:07:30.0347 5632  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:07:30.0378 5632  hcw85cir - ok
09:07:30.0394 5632  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:07:30.0425 5632  HdAudAddService - ok
09:07:30.0443 5632  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:07:30.0458 5632  HDAudBus - ok
09:07:30.0458 5632  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:07:30.0490 5632  HidBatt - ok
09:07:30.0490 5632  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:07:30.0521 5632  HidBth - ok
09:07:30.0552 5632  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:07:30.0583 5632  HidIr - ok
09:07:30.0599 5632  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
09:07:30.0630 5632  hidserv - ok
09:07:30.0646 5632  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:07:30.0662 5632  HidUsb - ok
09:07:30.0677 5632  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:07:30.0708 5632  hkmsvc - ok
09:07:30.0724 5632  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:07:30.0740 5632  HomeGroupListener - ok
09:07:30.0771 5632  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:07:30.0818 5632  HomeGroupProvider - ok
09:07:30.0849 5632  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:07:30.0865 5632  HpSAMD - ok
09:07:30.0880 5632  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:07:30.0912 5632  HTTP - ok
09:07:30.0927 5632  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:07:30.0943 5632  hwpolicy - ok
09:07:30.0958 5632  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:07:30.0958 5632  i8042prt - ok
09:07:31.0005 5632  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:07:31.0068 5632  iaStorV - ok
09:07:31.0130 5632  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:07:31.0162 5632  idsvc - ok
09:07:31.0177 5632  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:07:31.0193 5632  iirsp - ok
09:07:31.0224 5632  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:07:31.0255 5632  IKEEXT - ok
09:07:31.0287 5632  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:07:31.0287 5632  intelide - ok
09:07:31.0318 5632  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
09:07:31.0333 5632  intelppm - ok
09:07:31.0349 5632  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:07:31.0396 5632  IPBusEnum - ok
09:07:31.0396 5632  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:07:31.0427 5632  IpFilterDriver - ok
09:07:31.0458 5632  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:07:31.0474 5632  iphlpsvc - ok
09:07:31.0490 5632  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:07:31.0505 5632  IPMIDRV - ok
09:07:31.0537 5632  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:07:31.0615 5632  IPNAT - ok
09:07:31.0630 5632  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:07:31.0677 5632  IRENUM - ok
09:07:31.0693 5632  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:07:31.0710 5632  isapnp - ok
09:07:31.0742 5632  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:07:31.0835 5632  iScsiPrt - ok
09:07:31.0851 5632  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:07:31.0867 5632  kbdclass - ok
09:07:31.0867 5632  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:07:31.0898 5632  kbdhid - ok
09:07:31.0914 5632  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
09:07:31.0929 5632  KeyIso - ok
09:07:31.0945 5632  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
09:07:31.0960 5632  KL1 - ok
09:07:31.0976 5632  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
09:07:31.0992 5632  kl2 - ok
09:07:32.0023 5632  [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
09:07:32.0039 5632  KLIF - ok
09:07:32.0085 5632  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
09:07:32.0117 5632  KLIM6 - ok
09:07:32.0132 5632  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
09:07:32.0148 5632  klmouflt - ok
09:07:32.0179 5632  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:07:32.0195 5632  KSecDD - ok
09:07:32.0210 5632  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:07:32.0226 5632  KSecPkg - ok
09:07:32.0257 5632  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:07:32.0289 5632  KtmRm - ok
09:07:32.0304 5632  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:07:32.0335 5632  LanmanServer - ok
09:07:32.0351 5632  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:07:32.0382 5632  LanmanWorkstation - ok
09:07:32.0398 5632  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:07:32.0445 5632  lltdio - ok
09:07:32.0460 5632  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:07:32.0492 5632  lltdsvc - ok
09:07:32.0492 5632  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:07:32.0523 5632  lmhosts - ok
09:07:32.0554 5632  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:07:32.0570 5632  LSI_FC - ok
09:07:32.0585 5632  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:07:32.0601 5632  LSI_SAS - ok
09:07:32.0601 5632  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:07:32.0617 5632  LSI_SAS2 - ok
09:07:32.0632 5632  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:07:32.0632 5632  LSI_SCSI - ok
09:07:32.0648 5632  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
09:07:32.0695 5632  luafv - ok
09:07:32.0695 5632  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:07:32.0710 5632  megasas - ok
09:07:32.0726 5632  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:07:32.0742 5632  MegaSR - ok
09:07:32.0773 5632  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
09:07:32.0804 5632  MMCSS - ok
09:07:32.0804 5632  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
09:07:32.0835 5632  Modem - ok
09:07:32.0867 5632  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:07:32.0882 5632  monitor - ok
09:07:32.0914 5632  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:07:32.0914 5632  mouclass - ok
09:07:32.0945 5632  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:07:32.0992 5632  mouhid - ok
09:07:33.0023 5632  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:07:33.0039 5632  mountmgr - ok
09:07:33.0054 5632  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:07:33.0070 5632  mpio - ok
09:07:33.0085 5632  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:07:33.0117 5632  mpsdrv - ok
09:07:33.0132 5632  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:07:33.0179 5632  MpsSvc - ok
09:07:33.0195 5632  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:07:33.0226 5632  MRxDAV - ok
09:07:33.0257 5632  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:07:33.0257 5632  mrxsmb - ok
09:07:33.0289 5632  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:07:33.0304 5632  mrxsmb10 - ok
09:07:33.0320 5632  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:07:33.0335 5632  mrxsmb20 - ok
09:07:33.0351 5632  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
09:07:33.0367 5632  msahci - ok
09:07:33.0382 5632  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:07:33.0382 5632  msdsm - ok
09:07:33.0398 5632  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
09:07:33.0445 5632  MSDTC - ok
09:07:33.0460 5632  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:07:33.0492 5632  Msfs - ok
09:07:33.0507 5632  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:07:33.0539 5632  mshidkmdf - ok
09:07:33.0554 5632  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:07:33.0554 5632  msisadrv - ok
09:07:33.0585 5632  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:07:33.0617 5632  MSiSCSI - ok
09:07:33.0632 5632  msiserver - ok
09:07:33.0648 5632  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:07:33.0664 5632  MSKSSRV - ok
09:07:33.0681 5632  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:07:33.0714 5632  MSPCLOCK - ok
09:07:33.0750 5632  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:07:33.0783 5632  MSPQM - ok
09:07:33.0798 5632  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:07:33.0814 5632  MsRPC - ok
09:07:33.0830 5632  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:07:33.0830 5632  mssmbios - ok
09:07:33.0845 5632  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:07:33.0876 5632  MSTEE - ok
09:07:33.0892 5632  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:07:33.0908 5632  MTConfig - ok
09:07:33.0908 5632  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:07:33.0923 5632  Mup - ok
09:07:33.0955 5632  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
09:07:34.0001 5632  napagent - ok
09:07:34.0019 5632  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:07:34.0050 5632  NativeWifiP - ok
09:07:34.0082 5632  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:07:34.0097 5632  NDIS - ok
09:07:34.0113 5632  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:07:34.0144 5632  NdisCap - ok
09:07:34.0160 5632  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:07:34.0175 5632  NdisTapi - ok
09:07:34.0191 5632  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:07:34.0222 5632  Ndisuio - ok
09:07:34.0238 5632  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:07:34.0269 5632  NdisWan - ok
09:07:34.0285 5632  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:07:34.0300 5632  NDProxy - ok
09:07:34.0316 5632  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:07:34.0363 5632  NetBIOS - ok
09:07:34.0378 5632  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:07:34.0410 5632  NetBT - ok
09:07:34.0425 5632  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
09:07:34.0441 5632  Netlogon - ok
09:07:34.0472 5632  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
09:07:34.0503 5632  Netman - ok
09:07:34.0535 5632  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:07:34.0550 5632  NetMsmqActivator - ok
09:07:34.0550 5632  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:07:34.0566 5632  NetPipeActivator - ok
09:07:34.0582 5632  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
09:07:34.0613 5632  netprofm - ok
09:07:34.0613 5632  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:07:34.0628 5632  NetTcpActivator - ok
09:07:34.0628 5632  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:07:34.0644 5632  NetTcpPortSharing - ok
09:07:34.0660 5632  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:07:34.0675 5632  nfrd960 - ok
09:07:34.0722 5632  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:07:34.0769 5632  NlaSvc - ok
09:07:34.0785 5632  [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
09:07:34.0832 5632  nmwcd - ok
09:07:34.0917 5632  [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
09:07:34.0949 5632  nmwcdc - ok
09:07:34.0949 5632  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:07:34.0980 5632  Npfs - ok
09:07:34.0996 5632  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
09:07:35.0027 5632  nsi - ok
09:07:35.0042 5632  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:07:35.0074 5632  nsiproxy - ok
09:07:35.0121 5632  [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:07:35.0136 5632  Ntfs - ok
09:07:35.0152 5632  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
09:07:35.0183 5632  Null - ok
09:07:35.0214 5632  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
09:07:35.0230 5632  NVENETFD - ok
09:07:35.0261 5632  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
09:07:35.0277 5632  NVHDA - ok
09:07:35.0451 5632  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:07:35.0638 5632  nvlddmkm - ok
09:07:35.0685 5632  [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
09:07:35.0701 5632  NVNET - ok
09:07:35.0750 5632  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:07:35.0765 5632  nvraid - ok
09:07:35.0796 5632  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:07:35.0796 5632  nvstor - ok
09:07:35.0843 5632  [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:07:35.0859 5632  nvsvc - ok
09:07:35.0921 5632  [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:07:35.0953 5632  nvUpdatusService - ok
09:07:35.0968 5632  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:07:35.0984 5632  nv_agp - ok
09:07:36.0000 5632  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:07:36.0015 5632  ohci1394 - ok
09:07:36.0046 5632  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:07:36.0062 5632  p2pimsvc - ok
09:07:36.0109 5632  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:07:36.0140 5632  p2psvc - ok
09:07:36.0171 5632  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:07:36.0203 5632  Parport - ok
09:07:36.0234 5632  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:07:36.0265 5632  partmgr - ok
09:07:36.0281 5632  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:07:36.0296 5632  Parvdm - ok
09:07:36.0312 5632  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:07:36.0343 5632  PcaSvc - ok
09:07:36.0375 5632  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:07:36.0406 5632  pccsmcfd - ok
09:07:36.0421 5632  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
09:07:36.0453 5632  pci - ok
09:07:36.0468 5632  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
09:07:36.0468 5632  pciide - ok
09:07:36.0500 5632  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:07:36.0515 5632  pcmcia - ok
09:07:36.0515 5632  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
09:07:36.0531 5632  pcw - ok
09:07:36.0578 5632  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:07:36.0625 5632  PEAUTH - ok
09:07:36.0640 5632  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:07:36.0687 5632  PeerDistSvc - ok
09:07:36.0718 5632  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
09:07:36.0765 5632  pla - ok
09:07:36.0796 5632  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:07:36.0828 5632  PlugPlay - ok
09:07:36.0890 5632  [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
09:07:36.0906 5632  PnkBstrA - ok
09:07:36.0921 5632  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:07:36.0937 5632  PNRPAutoReg - ok
09:07:36.0953 5632  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:07:36.0968 5632  PNRPsvc - ok
09:07:36.0984 5632  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:07:37.0031 5632  PolicyAgent - ok
09:07:37.0062 5632  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
09:07:37.0093 5632  Power - ok
09:07:37.0109 5632  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:07:37.0140 5632  PptpMiniport - ok
09:07:37.0156 5632  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
09:07:37.0171 5632  Processor - ok
09:07:37.0171 5632  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
09:07:37.0203 5632  ProfSvc - ok
09:07:37.0218 5632  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:07:37.0234 5632  ProtectedStorage - ok
09:07:37.0250 5632  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:07:37.0265 5632  Psched - ok
09:07:37.0312 5632  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:07:37.0343 5632  ql2300 - ok
09:07:37.0359 5632  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:07:37.0359 5632  ql40xx - ok
09:07:37.0390 5632  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
09:07:37.0421 5632  QWAVE - ok
09:07:37.0437 5632  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:07:37.0453 5632  QWAVEdrv - ok
09:07:37.0468 5632  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:07:37.0484 5632  RasAcd - ok
09:07:37.0501 5632  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:07:37.0533 5632  RasAgileVpn - ok
09:07:37.0548 5632  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
09:07:37.0580 5632  RasAuto - ok
09:07:37.0595 5632  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:07:37.0626 5632  Rasl2tp - ok
09:07:37.0658 5632  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
09:07:37.0720 5632  RasMan - ok
09:07:37.0720 5632  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:07:37.0753 5632  RasPppoe - ok
09:07:37.0771 5632  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:07:37.0806 5632  RasSstp - ok
09:07:37.0822 5632  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:07:37.0853 5632  rdbss - ok
09:07:37.0869 5632  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:07:37.0884 5632  rdpbus - ok
09:07:37.0900 5632  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:37.0953 5632  RDPCDD - ok
09:07:37.0984 5632  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:07:38.0000 5632  RDPDR - ok
09:07:38.0015 5632  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:07:38.0046 5632  RDPENCDD - ok
09:07:38.0062 5632  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:07:38.0093 5632  RDPREFMP - ok
09:07:38.0125 5632  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:07:38.0156 5632  RdpVideoMiniport - ok
09:07:38.0171 5632  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:07:38.0203 5632  RDPWD - ok
09:07:38.0218 5632  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:07:38.0218 5632  rdyboost - ok
09:07:38.0267 5632  [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU    C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
09:07:38.0283 5632  Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
09:07:38.0283 5632  Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
09:07:38.0316 5632  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:07:38.0333 5632  RemoteAccess - ok
09:07:38.0365 5632  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:07:38.0380 5632  RemoteRegistry - ok
09:07:38.0396 5632  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:07:38.0443 5632  RpcEptMapper - ok
09:07:38.0458 5632  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
09:07:38.0474 5632  RpcLocator - ok
09:07:38.0474 5632  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
09:07:38.0505 5632  RpcSs - ok
09:07:38.0537 5632  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:07:38.0568 5632  rspndr - ok
09:07:38.0583 5632  [ 031C4928ABA3E209CD6F96B7F4B085ED ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
09:07:38.0615 5632  RTL8192su - ok
09:07:38.0630 5632  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:07:38.0662 5632  s3cap - ok
09:07:38.0677 5632  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
09:07:38.0693 5632  SamSs - ok
09:07:38.0708 5632  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:07:38.0724 5632  sbp2port - ok
09:07:38.0740 5632  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:07:38.0771 5632  SCardSvr - ok
09:07:38.0787 5632  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:07:38.0818 5632  scfilter - ok
09:07:38.0833 5632  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
09:07:38.0896 5632  Schedule - ok
09:07:38.0914 5632  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:07:38.0945 5632  SCPolicySvc - ok
09:07:38.0962 5632  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:07:38.0978 5632  SDRSVC - ok
09:07:39.0011 5632  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:07:39.0027 5632  secdrv - ok
09:07:39.0042 5632  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
09:07:39.0074 5632  seclogon - ok
09:07:39.0089 5632  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
09:07:39.0136 5632  SENS - ok
09:07:39.0167 5632  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:07:39.0183 5632  SensrSvc - ok
09:07:39.0199 5632  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:07:39.0214 5632  Serenum - ok
09:07:39.0230 5632  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:07:39.0246 5632  Serial - ok
09:07:39.0261 5632  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:07:39.0277 5632  sermouse - ok
09:07:39.0371 5632  [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:07:39.0417 5632  ServiceLayer - ok
09:07:39.0433 5632  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:07:39.0464 5632  SessionEnv - ok
09:07:39.0464 5632  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:07:39.0480 5632  sffdisk - ok
09:07:39.0496 5632  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:07:39.0511 5632  sffp_mmc - ok
09:07:39.0511 5632  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:07:39.0542 5632  sffp_sd - ok
09:07:39.0542 5632  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:07:39.0558 5632  sfloppy - ok
09:07:39.0605 5632  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:07:39.0683 5632  SharedAccess - ok
09:07:39.0732 5632  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:07:39.0763 5632  ShellHWDetection - ok
09:07:39.0779 5632  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:07:39.0794 5632  sisagp - ok
09:07:39.0794 5632  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:07:39.0810 5632  SiSRaid2 - ok
09:07:39.0810 5632  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:07:39.0826 5632  SiSRaid4 - ok
09:07:39.0857 5632  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:07:39.0888 5632  Smb - ok
09:07:39.0906 5632  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:07:39.0921 5632  SNMPTRAP - ok
09:07:39.0937 5632  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:07:39.0937 5632  spldr - ok
09:07:39.0968 5632  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
09:07:39.0984 5632  Spooler - ok
09:07:40.0046 5632  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
09:07:40.0109 5632  sppsvc - ok
09:07:40.0126 5632  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:07:40.0160 5632  sppuinotify - ok
09:07:40.0207 5632  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:07:40.0238 5632  srv - ok
09:07:40.0253 5632  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:07:40.0285 5632  srv2 - ok
09:07:40.0300 5632  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:07:40.0316 5632  srvnet - ok
09:07:40.0347 5632  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:07:40.0394 5632  SSDPSRV - ok
09:07:40.0394 5632  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:07:40.0425 5632  SstpSvc - ok
09:07:40.0457 5632  Steam Client Service - ok
09:07:40.0519 5632  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:07:40.0566 5632  Stereo Service - ok
09:07:40.0566 5632  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:07:40.0582 5632  stexstor - ok
09:07:40.0628 5632  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:07:40.0660 5632  StiSvc - ok
09:07:40.0675 5632  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:07:40.0691 5632  storflt - ok
09:07:40.0707 5632  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
09:07:40.0722 5632  StorSvc - ok
09:07:40.0738 5632  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:07:40.0753 5632  storvsc - ok
09:07:40.0769 5632  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:07:40.0769 5632  swenum - ok
09:07:40.0785 5632  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
09:07:40.0832 5632  swprv - ok
09:07:40.0847 5632  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
09:07:40.0894 5632  SysMain - ok
09:07:40.0910 5632  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:07:40.0941 5632  TabletInputService - ok
09:07:40.0957 5632  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:07:40.0972 5632  TapiSrv - ok
09:07:40.0988 5632  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
09:07:41.0019 5632  TBS - ok
09:07:41.0082 5632  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:07:41.0150 5632  Tcpip - ok
09:07:41.0183 5632  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:07:41.0199 5632  TCPIP6 - ok
09:07:41.0230 5632  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:07:41.0246 5632  tcpipreg - ok
09:07:41.0261 5632  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:07:41.0292 5632  TDPIPE - ok
09:07:41.0308 5632  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:07:41.0341 5632  TDTCP - ok
09:07:41.0341 5632  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:07:41.0373 5632  tdx - ok
09:07:41.0373 5632  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:07:41.0388 5632  TermDD - ok
09:07:41.0404 5632  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
09:07:41.0435 5632  TermService - ok
09:07:41.0435 5632  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
09:07:41.0466 5632  Themes - ok
09:07:41.0482 5632  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:07:41.0498 5632  THREADORDER - ok
09:07:41.0529 5632  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
09:07:41.0560 5632  TrkWks - ok
09:07:41.0625 5632  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:07:41.0687 5632  TrustedInstaller - ok
09:07:41.0703 5632  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:41.0718 5632  tssecsrv - ok
09:07:41.0750 5632  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:07:41.0765 5632  TsUsbFlt - ok
09:07:41.0781 5632  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:07:41.0796 5632  TsUsbGD - ok
09:07:41.0828 5632  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:07:41.0863 5632  tunnel - ok
09:07:41.0878 5632  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:07:41.0878 5632  uagp35 - ok
09:07:41.0914 5632  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:07:41.0947 5632  udfs - ok
09:07:41.0978 5632  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:07:42.0009 5632  UI0Detect - ok
09:07:42.0025 5632  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:07:42.0041 5632  uliagpkx - ok
09:07:42.0056 5632  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:07:42.0072 5632  umbus - ok
09:07:42.0103 5632  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:07:42.0134 5632  UmPass - ok
09:07:42.0166 5632  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:07:42.0197 5632  UmRdpService - ok
09:07:42.0322 5632  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
09:07:42.0400 5632  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
09:07:42.0400 5632  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
09:07:42.0478 5632  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
09:07:42.0541 5632  upnphost - ok
09:07:42.0556 5632  [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
09:07:42.0587 5632  upperdev - ok
09:07:42.0634 5632  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:42.0650 5632  usbccgp - ok
09:07:42.0666 5632  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:07:42.0666 5632  usbcir - ok
09:07:42.0697 5632  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:07:42.0728 5632  usbehci - ok
09:07:42.0744 5632  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:07:42.0759 5632  usbhub - ok
09:07:42.0759 5632  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:07:42.0791 5632  usbohci - ok
09:07:42.0791 5632  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:07:42.0822 5632  usbprint - ok
09:07:42.0837 5632  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
09:07:42.0853 5632  usbser - ok
09:07:42.0884 5632  [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
09:07:42.0900 5632  UsbserFilt - ok
09:07:42.0947 5632  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:42.0994 5632  USBSTOR - ok
09:07:43.0009 5632  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:07:43.0041 5632  usbuhci - ok
09:07:43.0056 5632  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
09:07:43.0087 5632  UxSms - ok
09:07:43.0087 5632  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
09:07:43.0103 5632  VaultSvc - ok
09:07:43.0119 5632  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:07:43.0134 5632  vdrvroot - ok
09:07:43.0166 5632  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
09:07:43.0197 5632  vds - ok
09:07:43.0212 5632  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:43.0228 5632  vga - ok
09:07:43.0244 5632  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:07:43.0259 5632  VgaSave - ok
09:07:43.0275 5632  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:07:43.0291 5632  vhdmp - ok
09:07:43.0324 5632  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:07:43.0341 5632  viaagp - ok
09:07:43.0357 5632  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:07:43.0373 5632  ViaC7 - ok
09:07:43.0408 5632  [ 4B1C025D194BBB41B1D7E86B54D88DC1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
09:07:43.0455 5632  VIAHdAudAddService - ok
09:07:43.0486 5632  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
09:07:43.0486 5632  viaide - ok
09:07:43.0517 5632  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:07:43.0517 5632  vmbus - ok
09:07:43.0533 5632  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:07:43.0564 5632  VMBusHID - ok
09:07:43.0580 5632  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:07:43.0595 5632  volmgr - ok
09:07:43.0611 5632  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:07:43.0626 5632  volmgrx - ok
09:07:43.0642 5632  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:07:43.0658 5632  volsnap - ok
09:07:43.0673 5632  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:07:43.0689 5632  vsmraid - ok
09:07:43.0720 5632  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
09:07:43.0767 5632  VSS - ok
09:07:43.0798 5632  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:07:43.0814 5632  vwifibus - ok
09:07:43.0830 5632  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:07:43.0861 5632  vwififlt - ok
09:07:43.0876 5632  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:07:43.0892 5632  vwifimp - ok
09:07:43.0908 5632  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
09:07:43.0939 5632  W32Time - ok
09:07:43.0955 5632  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:07:43.0970 5632  WacomPen - ok
09:07:43.0986 5632  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:07:44.0001 5632  WANARP - ok
09:07:44.0017 5632  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:07:44.0033 5632  Wanarpv6 - ok
09:07:44.0064 5632  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
09:07:44.0095 5632  wbengine - ok
09:07:44.0111 5632  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:07:44.0142 5632  WbioSrvc - ok
09:07:44.0158 5632  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:07:44.0173 5632  wcncsvc - ok
09:07:44.0189 5632  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:07:44.0205 5632  WcsPlugInService - ok
09:07:44.0205 5632  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
09:07:44.0220 5632  Wd - ok
09:07:44.0251 5632  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:07:44.0267 5632  Wdf01000 - ok
09:07:44.0283 5632  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:07:44.0298 5632  WdiServiceHost - ok
09:07:44.0298 5632  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:07:44.0314 5632  WdiSystemHost - ok
09:07:44.0330 5632  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
09:07:44.0361 5632  WebClient - ok
09:07:44.0361 5632  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:07:44.0392 5632  Wecsvc - ok
09:07:44.0423 5632  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:07:44.0439 5632  wercplsupport - ok
09:07:44.0455 5632  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:07:44.0501 5632  WerSvc - ok
09:07:44.0517 5632  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:07:44.0548 5632  WfpLwf - ok
09:07:44.0548 5632  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:07:44.0564 5632  WIMMount - ok
09:07:44.0626 5632  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:07:44.0673 5632  WinDefend - ok
09:07:44.0689 5632  WinHttpAutoProxySvc - ok
09:07:44.0736 5632  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:07:44.0798 5632  Winmgmt - ok
09:07:44.0851 5632  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:07:44.0898 5632  WinRM - ok
09:07:44.0929 5632  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:07:44.0945 5632  WinUsb - ok
09:07:44.0976 5632  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:07:45.0023 5632  Wlansvc - ok
09:07:45.0023 5632  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:07:45.0039 5632  WmiAcpi - ok
09:07:45.0054 5632  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:07:45.0070 5632  wmiApSrv - ok
09:07:45.0101 5632  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:07:45.0148 5632  WMPNetworkSvc - ok
09:07:45.0148 5632  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:07:45.0164 5632  WPCSvc - ok
09:07:45.0179 5632  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:07:45.0195 5632  WPDBusEnum - ok
09:07:45.0210 5632  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:07:45.0242 5632  ws2ifsl - ok
09:07:45.0242 5632  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:07:45.0257 5632  wscsvc - ok
09:07:45.0273 5632  WSearch - ok
09:07:45.0320 5632  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:07:45.0367 5632  wuauserv - ok
09:07:45.0382 5632  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:07:45.0398 5632  WudfPf - ok
09:07:45.0398 5632  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:45.0429 5632  WUDFRd - ok
09:07:45.0496 5632  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:07:45.0527 5632  wudfsvc - ok
09:07:45.0558 5632  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:07:45.0574 5632  WwanSvc - ok
09:07:45.0607 5632  ================ Scan global ===============================
09:07:45.0623 5632  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:07:45.0654 5632  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:07:45.0669 5632  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:07:45.0685 5632  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:07:45.0716 5632  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:07:45.0732 5632  [Global] - ok
09:07:45.0732 5632  ================ Scan MBR ==================================
09:07:45.0732 5632  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
09:07:45.0935 5632  \Device\Harddisk0\DR0 - ok
09:07:45.0935 5632  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
09:07:46.0169 5632  \Device\Harddisk1\DR1 - ok
09:07:46.0185 5632  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:07:46.0404 5632  \Device\Harddisk2\DR2 - ok
09:07:46.0404 5632  ================ Scan VBR ==================================
09:07:46.0404 5632  [ 3FF68D6DB9C8258CC9A0A143F1E76A47 ] \Device\Harddisk0\DR0\Partition1
09:07:46.0419 5632  \Device\Harddisk0\DR0\Partition1 - ok
09:07:46.0419 5632  [ FCEDA9EDE72541F7669FEE5875FDD03F ] \Device\Harddisk0\DR0\Partition2
09:07:46.0419 5632  \Device\Harddisk0\DR0\Partition2 - ok
09:07:46.0435 5632  [ 8175E5A21D8F5C2D1C341CD1A22B6187 ] \Device\Harddisk1\DR1\Partition1
09:07:46.0435 5632  \Device\Harddisk1\DR1\Partition1 - ok
09:07:46.0435 5632  [ BA7B2EDBEA5F442B1B12D86F49004FD3 ] \Device\Harddisk1\DR1\Partition2
09:07:46.0435 5632  \Device\Harddisk1\DR1\Partition2 - ok
09:07:46.0451 5632  [ 6AD82F1AB44AF705DD20C74B45392F1D ] \Device\Harddisk2\DR2\Partition1
09:07:46.0451 5632  \Device\Harddisk2\DR2\Partition1 - ok
09:07:46.0451 5632  [ F49D705B12D51CF52B451D027B688D33 ] \Device\Harddisk2\DR2\Partition2
09:07:46.0451 5632  \Device\Harddisk2\DR2\Partition2 - ok
09:07:46.0466 5632  [ 741DC34308B60C5B3F97D6B0D6D35167 ] \Device\Harddisk2\DR2\Partition3
09:07:46.0466 5632  \Device\Harddisk2\DR2\Partition3 - ok
09:07:46.0466 5632  ============================================================
09:07:46.0466 5632  Scan finished
09:07:46.0466 5632  ============================================================
09:07:46.0482 3680  Detected object count: 2
09:07:46.0482 3680  Actual detected object count: 2
09:09:21.0720 3680  Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:21.0720 3680  Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:09:21.0720 3680  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:21.0720 3680  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:09:33.0548 5008  Deinitialize success

cosinus · 16.04.2013, 09:24

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

mppriest · 16.04.2013, 10:13

So,

ich habe die drei Dateien erstellen lassen, bei OTL habe ich allerdings nur ein Logfile erhalten:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x86
Ran by Toms-Win7-Rechner on 16.04.2013 at 10:36:24,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Toms-Win7-Rechner\AppData\Roaming\dvdvideosoftiehelpers"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2013 at 10:45:29,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dann:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 16/04/2013 um 10:57:00 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Toms-Win7-Rechner - TOMS-WIN7-RECHN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Toms-Win7-Rechner\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\TOMS-W~1\AppData\Local\Temp\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Toms-Win7-Rechner\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1278 octets] - [16/04/2013 10:54:27]
AdwCleaner[R2].txt - [1338 octets] - [16/04/2013 10:55:36]
AdwCleaner[S1].txt - [1271 octets] - [16/04/2013 10:57:00]

########## EOF - C:\AdwCleaner[S1].txt - [1331 octets] ##########

dann:

Code:

ATTFilter

OTL logfile created on: 16.04.2013 11:01:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Toms-Win7-Rechner\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,62 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,90% Memory free
7,25 Gb Paging File | 5,83 Gb Available in Paging File | 80,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 38,44 Gb Free Space | 25,63% Space Free | Partition Type: NTFS
Drive E: | 128,00 Gb Total Space | 127,32 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive F: | 127,99 Gb Total Space | 3,46 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive G: | 337,76 Gb Total Space | 265,19 Gb Free Space | 78,51% Space Free | Partition Type: NTFS
Drive H: | 1735,02 Gb Total Space | 600,94 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive I: | 281,51 Gb Total Space | 276,90 Gb Free Space | 98,36% Space Free | Partition Type: NTFS
Drive J: | 500,00 Gb Total Space | 430,21 Gb Free Space | 86,04% Space Free | Partition Type: NTFS
 
Computer Name: TOMS-WIN7-RECHN | User Name: Toms-Win7-Rechner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Toms-Win7-Rechner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\Toms-Win7-Rechner\opera.exe (Opera Software)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Realtek11nSU) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1581345296-1996030448-3988025079-1000\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DE8572-2898-4BD2-8130-B7CA96229F51}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.26 13:26:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.16 10:36:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.16 10:36:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.16 10:30:49 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Toms-Win7-Rechner\Desktop\JRT.exe
[2013.04.15 22:13:50 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Desktop\mbar-1.05.0.1001
[2013.04.15 22:07:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Toms-Win7-Rechner\Desktop\tdsskiller.exe
[2013.04.15 22:07:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Toms-Win7-Rechner\Desktop\aswMBR.exe
[2013.04.15 11:32:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toms-Win7-Rechner\Desktop\OTL.exe
[2013.04.15 09:17:40 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Programs
[2013.04.15 09:06:17 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Malwarebytes
[2013.04.15 09:06:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.15 09:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.10 09:55:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 09:55:44 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 09:55:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 09:55:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 09:55:44 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 09:55:43 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 09:55:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 09:55:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 09:55:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 09:55:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 09:50:30 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 09:50:29 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 09:50:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 09:50:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.05 19:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.04 14:48:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.04 14:48:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.04 14:48:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.04 14:48:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.04 14:48:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.04 14:48:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys
[2013.04.04 14:48:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.04 14:48:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.04 14:48:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.04 14:48:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.04 14:48:36 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.04 14:48:36 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.04 14:48:36 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.04 14:48:36 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.04 14:48:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.04 14:48:35 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.03 22:18:27 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Screentime
[2013.03.28 20:18:29 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\WinZip
[2013.03.28 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.03.28 20:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.03.26 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony Creative Software Inc
[2013.03.23 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Eidos
[2013.03.23 09:07:57 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Remedy
[2013.03.22 08:46:40 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.22 08:46:40 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.22 08:46:40 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.22 08:46:40 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.22 08:46:40 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.22 08:46:40 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.22 08:46:40 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.22 08:46:40 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.22 08:46:40 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.22 08:46:40 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.22 08:46:40 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.22 08:46:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.22 08:46:40 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.22 08:46:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.22 08:46:40 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.22 08:46:40 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.22 08:46:40 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.22 08:46:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.22 08:46:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.22 08:46:40 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.22 08:46:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.22 08:46:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.22 08:46:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.22 08:46:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.22 08:46:40 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.22 08:46:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.18 09:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.03.18 09:01:18 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\TrackMania
[2013.03.17 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rondomedia
[2012.10.17 13:38:49 | 015,158,160 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.dll
[2012.10.17 13:38:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Users\Toms-Win7-Rechner\D3DCompiler_43.dll
[2012.10.17 13:38:49 | 000,874,896 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.16 11:03:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.16 10:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.16 10:58:19 | 2918,686,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.16 10:36:00 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Toms-Win7-Rechner\Desktop\JRT.exe
[2013.04.16 10:33:30 | 000,613,083 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\Desktop\adwcleaner.exe
[2013.04.16 08:32:36 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.16 08:32:36 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 22:08:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Toms-Win7-Rechner\Desktop\aswMBR.exe
[2013.04.15 22:07:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Toms-Win7-Rechner\Desktop\tdsskiller.exe
[2013.04.15 12:24:08 | 000,010,610 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\Desktop\extras.zip
[2013.04.15 12:23:08 | 000,001,600 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\Desktop\gmer.zip
[2013.04.15 11:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toms-Win7-Rechner\Desktop\OTL.exe
[2013.04.15 11:30:14 | 000,000,000 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.04.13 07:23:37 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.13 07:23:37 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.13 07:23:37 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.13 07:23:37 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 09:58:27 | 000,289,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.22 08:46:40 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.22 08:46:40 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.22 08:46:40 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.22 08:46:40 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.22 08:46:40 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.22 08:46:40 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.22 08:46:40 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.22 08:46:40 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.22 08:46:40 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.22 08:46:40 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.22 08:46:40 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.22 08:46:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.22 08:46:40 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.22 08:46:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.22 08:46:40 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.22 08:46:40 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.22 08:46:40 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.22 08:46:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.22 08:46:40 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.22 08:46:40 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.22 08:46:40 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.22 08:46:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.22 08:46:40 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.22 08:46:40 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.22 08:46:40 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.22 08:46:40 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.22 08:46:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 05:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 10:31:20 | 000,613,083 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\Desktop\adwcleaner.exe
[2013.04.15 12:24:31 | 000,010,610 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\Desktop\extras.zip
[2013.04.15 12:23:30 | 000,001,600 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\Desktop\gmer.zip
[2013.04.15 11:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.03.22 08:46:40 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.02.13 21:14:06 | 000,000,194 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\.ptbt0
[2013.02.13 09:01:13 | 000,220,733 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\test
[2012.11.25 22:45:48 | 000,140,480 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.25 22:45:48 | 000,138,056 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\PnkBstrK.sys
[2012.11.25 22:45:14 | 000,298,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.25 22:45:12 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.25 22:45:11 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.10.18 14:27:15 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.17 14:23:47 | 000,017,408 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Local\WebpageIcons.db
[2012.10.17 14:23:10 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.10.17 14:23:10 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.10.17 14:10:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.10.17 14:07:29 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.17 13:38:50 | 000,034,184 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\opera_install_log.xml
[2012.10.17 13:38:49 | 000,527,083 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\encoding.bin
[2012.10.17 13:38:49 | 000,148,990 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\pubsuffix.xml
[2012.10.17 13:38:49 | 000,143,872 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html5_entity_init.dat
[2012.10.17 13:38:49 | 000,059,028 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\mathml.dtd
[2012.10.17 13:38:49 | 000,024,420 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files_old.sig
[2012.10.17 13:38:49 | 000,016,092 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files.sig
[2012.10.17 13:38:49 | 000,007,904 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html40_entities.dtd
[2012.10.17 13:38:49 | 000,000,301 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\c3nform.vxml
[2012.10.17 13:38:49 | 000,000,229 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\operaprefs_default.ini
[2012.10.17 03:31:17 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.10.17 03:31:17 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.10.17 03:31:17 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.10.17 03:31:17 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

cosinus · 16.04.2013, 11:12

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

mppriest · 16.04.2013, 11:39

Hey,

hier das Malwarebytes-Logfile:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Toms-Win7-Rechner :: TOMS-WIN7-RECHN [administrator]

16.04.2013 12:28:46
mbar-log-2013-04-16 (12-28-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26391
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Bei ESET kommt eine Meldung:Can not get Update. Is proxy configured?

cosinus · 16.04.2013, 12:35

Den ESET-Installer möchtest du mal per Rechtsklick => als Admin ausführen

mppriest · 16.04.2013, 19:30

Hallo,
hab alles wie von Dir vorgegeben gemacht, er bricht aber mit obiger Meldung ab.

Hallo,

auf jeden Fall wollte ich mich an dieser Stelle mal für Deine ausführliche Hilfe bedanken. Ist schon klasse, dass es solche Leute wie Dich gibt.
Danke und sag mir doch bescheid, ob ich noch etwas unternehmen soll.
Okay,
Gruss
Tom

cosinus · 17.04.2013, 11:50

Bitte prüfen

Falsche Proxy Einstellungen entfernen

Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)

mppriest · 17.04.2013, 11:57

Hey,

war alles richtig, ging eine ganze Weile nicht zu starten, jetzt vor 10 Min. ging es plötzlich. Der Scanner läuft gerade, muss allerdings auch gleich arbeiten, entweder poste ich es gleich noch irgendwann, heute abend oder morgen vormittag.
Seltsam das alles. Und nach wie vor hat er (manchmal) Browserbezogen gesprochen Geschwindigkeitsprobleme. Dann ist ein Z.B. DSL-Speedtest einwandfrei, dann läuft wieder gar nichts.
Na warten wir den Scan-Test mal ab.
Gruss
Tom

Hey,
so hier das Logfile vo ESET, eine Bedrohung hat er gefunden. Was soll ich machen?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d322fa57a14cad4c8e10ec73b7faf406
# engine=13641
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-18 08:51:21
# local_time=2013-04-18 09:51:21 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 100 9129 62922993 0 0
# compatibility_mode=5893 16776573 100 94 173047 118741472 0 0
# scanned=443780
# found=1
# cleaned=0
# scan_time=8871
sh=EAAC95FB8C496E565898AD97C6469C09B242F65B ft=1 fh=cf30ea3f22cda594 vn="Variante von Win32/Adware.ToolPlugin.A Anwendung" ac=I fn="G:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\WZSE0.TMP\setup.exe"

15.04.2013, 21:28	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Geschwindigketseinbruch beim Browser Ok, bis morgen __________________ --> Geschwindigketseinbruch beim Browser

16.04.2013, 12:35	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Geschwindigketseinbruch beim Browser Den ESET-Installer möchtest du mal per Rechtsklick => als Admin ausführen __________________ Logfiles bitte immer in CODE-Tags posten

Geschwindigketseinbruch beim Browser

Log-Analyse und Auswertung: Geschwindigketseinbruch beim Browser