Weißer Bildschirm nach Start

Petra-Müller · 22.05.2013, 15:09

Windows 7 Rechner zeigt nach Start einen weissen Bildschirm. Start im Abgesicherten Modus klappt nicht, da er beim Hochfahren hängen bleibt. Start mit REATOGO-X-PE Rescue Disk von Januar 2013 klappt.
OTLPE ist drauf, kann aber nicht ausgeführt werden wegen Meldung "no windows installations found".
Malwarebites ist leider nicht drauf.

Please Help!

markusg · 22.05.2013, 15:11

Hi,
du meinst da kommt, bei otl, ein Fenster, browse for folder?
dann klappe da alles auf, klicke auf windows bzw wind, und los gehts.

Petra-Müller · 22.05.2013, 15:27

Hallo Markus,
danke für die schnelle Antwort. Ich habe es geschafft. Hier die OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/22/2013 7:57:05 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive H: | 931.41 Gb Total Space | 200.41 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- H:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2013/05/15 08:09:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 02:09:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/22 02:08:35 | 004,561,152 | ---- | M] () [Auto] -- H:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/25 18:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/21 09:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- H:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/21 04:11:28 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto] -- H:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/21 04:11:04 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto] -- H:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/08 06:27:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 06:27:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/17 09:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- H:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011/08/03 18:12:46 | 000,164,352 | ---- | M] (HP) [Auto] -- H:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/06/29 10:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto] -- H:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Professional_Datenbank)
SRV - [2011/03/25 05:13:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/03/25 05:11:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/25 05:11:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto] -- H:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/01 08:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 08:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/08 06:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto] -- H:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/06 12:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto] -- H:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/02/22 23:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- H:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/07 05:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- H:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/14 14:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- H:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/11/21 04:11:07 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- H:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/05/08 06:27:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 06:27:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- H:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/09 07:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/05 04:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/30 10:18:57 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011/03/25 05:09:51 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- H:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/02/08 01:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/02/08 01:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/07 06:27:03 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/17 09:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- H:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/11 09:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System] -- H:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/09/23 17:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- H:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/09/17 09:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- H:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/02/19 21:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- H:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [1995/11/07 03:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System] -- H:\Windows\SysWow64\drivers\crlscsi.sys -- (crlscsi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtBzy0F0E0AtDtC0FyB0FtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1561467419
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
 
 
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = about:blank
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=hp&fr=linkury-tb
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 CF 66 89 6A ED CB 01  [binary data]
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKU\Nutzer_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKU\Nutzer_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nutzer_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 02:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
 
O1 HOSTS File: ([2013/04/26 06:08:12 | 000,446,490 | R--- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15358 more lines...
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O3 - HKU\Nutzer_ON_H\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AutoKMS]  File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] H:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] H:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] H:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] H:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] H:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StatusAlerts] H:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [XFastUsb] H:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\Classic_.NET_AppPool_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\DefaultAppPool_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LogMeInRemoteUser_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Nutzer_ON_H..\Run: [AdobeBridge]  File not found
O4 - HKU\Nutzer_ON_H..\Run: [Akamai NetSession Interface] H:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Nutzer_ON_H..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Nutzer_ON_H..\Run: [TBPanel] H:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\UpdatusUser_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Classic_.NET_AppPool_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\DefaultAppPool_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\LogMeInRemoteUser_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Nutzer_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Nutzer_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Nutzer_ON_H Winlogon: Shell - (C:\Users\Nutzer\AppData\Roaming\skype.dat) - H:\Users\Nutzer\AppData\Roaming\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/20 13:10:41 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/05/16 09:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2013/05/16 09:41:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2013/05/16 09:41:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/05/16 09:41:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/05/16 09:41:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2013/05/16 09:41:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/05/16 09:41:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/05/16 09:41:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/05/16 09:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/05/16 09:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2013/05/16 09:41:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/05/16 09:41:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/05/16 09:41:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2013/05/16 09:41:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/05/16 09:41:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/05/16 09:41:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/05/16 09:41:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/05/16 01:29:41 | 000,265,064 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys
[2013/05/16 01:29:40 | 000,144,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\cdd.dll
[2013/05/16 01:29:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll
[2013/05/16 01:29:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shdocvw.dll
[2013/05/16 01:29:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\authui.dll
[2013/05/16 01:29:20 | 000,111,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe
[2013/05/16 01:29:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll
[2013/05/09 06:41:56 | 000,000,000 | ---D | C] -- H:\Users\Nutzer\AppData\Roaming\Hewlett-Packard Company
[2013/05/09 06:40:57 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/05/09 06:40:55 | 000,000,000 | ---D | C] -- H:\Users\Nutzer\AppData\Roaming\HpUpdate
[2013/05/09 06:39:54 | 000,000,000 | ---D | C] -- H:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2013/05/09 06:38:52 | 000,311,296 | ---- | C] (Hewlett-Packard) -- H:\Windows\System32\hpbcoins64.dll
[2013/05/09 06:38:20 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- H:\Windows\System32\hpcpn117.dll
[2013/05/01 05:32:10 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\DVDVideoSoft
[2013/05/01 05:32:10 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\DVDVideoSoft
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/22 12:44:36 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/05/22 12:44:32 | 2133,868,543 | -HS- | M] () -- H:\hiberfil.sys
[2013/05/22 09:48:25 | 000,000,004 | ---- | M] () -- H:\Users\Nutzer\AppData\Roaming\skype.ini
[2013/05/22 09:46:50 | 000,001,106 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 09:33:00 | 000,001,110 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 09:23:00 | 000,001,124 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1522397381-841923373-175786650-1000UA.job
[2013/05/22 09:09:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 01:18:36 | 000,021,856 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 01:18:36 | 000,021,856 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 12:23:00 | 000,001,072 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1522397381-841923373-175786650-1000Core.job
[2013/05/20 13:10:41 | 000,002,218 | ---- | M] () -- H:\Users\Public\Desktop\Google Earth.lnk
[2013/05/20 13:10:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/05/20 12:08:15 | 000,770,774 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/05/20 12:08:15 | 000,713,228 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/05/20 12:08:15 | 000,173,642 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/05/20 12:08:15 | 000,141,560 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/05/16 23:13:48 | 005,264,528 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/05/15 08:09:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 08:09:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/09 06:41:02 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/05/09 06:39:54 | 000,000,205 | ---- | M] () -- H:\Windows\System32\AddPort.ini
[2013/05/01 05:32:18 | 000,001,404 | ---- | M] () -- H:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/01 05:32:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/04/26 06:08:12 | 000,446,490 | R--- | M] () -- H:\Windows\System32\drivers\etc\hosts
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/22 09:38:02 | 000,000,004 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\skype.ini
[2013/05/20 13:10:41 | 000,002,218 | ---- | C] () -- H:\Users\Public\Desktop\Google Earth.lnk
[2013/05/09 06:38:19 | 000,316,928 | ---- | C] () -- H:\Windows\SysWow64\hpcc3117.DLL
[2013/02/27 08:30:35 | 000,000,670 | ---- | C] () -- H:\Windows\hpntwksetup.ini
[2013/02/27 08:19:35 | 000,195,270 | ---- | C] () -- H:\Windows\hppins13.dat
[2013/02/27 08:19:35 | 000,006,760 | ---- | C] () -- H:\Windows\hppmdl13.dat
[2013/01/23 03:53:15 | 000,000,600 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\winscp.rnd
[2013/01/21 10:42:09 | 000,000,000 | ---- | C] () -- H:\Windows\HPMProp.INI
[2012/10/07 07:23:08 | 000,138,368 | ---- | C] () -- H:\Windows\SysWow64\LxDNTvmc100.dll
[2012/10/07 07:23:08 | 000,074,368 | ---- | C] () -- H:\Windows\SysWow64\LxDNTvm100.dll
[2012/10/07 07:23:06 | 000,318,592 | ---- | C] () -- H:\Windows\SysWow64\LxDNT100.dll
[2012/09/14 11:17:04 | 000,000,063 | ---- | C] () -- H:\Windows\wininit.ini
[2012/08/17 02:09:15 | 000,256,000 | ---- | C] () -- H:\Windows\PEV.exe
[2012/08/17 02:09:15 | 000,208,896 | ---- | C] () -- H:\Windows\MBR.exe
[2012/08/17 02:09:15 | 000,098,816 | ---- | C] () -- H:\Windows\sed.exe
[2012/08/17 02:09:15 | 000,080,412 | ---- | C] () -- H:\Windows\grep.exe
[2012/08/17 02:09:15 | 000,068,096 | ---- | C] () -- H:\Windows\zip.exe
[2012/07/09 04:05:43 | 000,384,844 | ---- | C] () -- H:\Users\Nutzer\AppData\Local\funmoods-speeddial.crx
[2012/02/27 04:41:52 | 000,202,240 | ---- | C] () -- H:\Windows\SysWow64\LXPrnUtil10.dll
[2012/02/09 07:44:22 | 000,000,132 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/28 08:11:40 | 000,000,132 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/11 04:30:02 | 000,131,072 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\skype.dat
[2011/12/22 06:04:26 | 000,000,141 | ---- | C] () -- H:\Windows\ODBC.INI
[2011/12/19 16:59:36 | 000,000,132 | ---- | C] () -- H:\Users\Nutzer\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/08/14 13:10:16 | 000,000,161 | ---- | C] () -- H:\Windows\AutoKMS.ini
[2011/07/06 05:43:10 | 000,003,584 | ---- | C] () -- H:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/13 04:03:16 | 000,303,104 | ---- | C] () -- H:\Windows\SysWow64\dnt27VC8.dll
[2011/05/13 04:01:22 | 000,143,360 | ---- | C] () -- H:\Windows\SysWow64\dntvmc27VC8.dll
[2011/05/13 04:01:00 | 000,086,016 | ---- | C] () -- H:\Windows\SysWow64\dntvm27VC8.dll
[2011/04/24 10:54:21 | 001,774,944 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/30 02:00:45 | 000,000,198 | ---- | C] () -- H:\Windows\ODBCINST.ini
[2011/03/29 07:18:43 | 000,000,000 | ---- | C] () -- H:\Windows\longfile.INI
[2011/03/29 07:18:40 | 001,371,436 | R--- | C] () -- H:\Windows\SysWow64\VBAR2132.DLL
[2011/03/29 07:16:40 | 000,039,125 | ---- | C] () -- H:\Windows\iccsigs.dat
[2011/03/29 04:37:55 | 000,008,704 | ---- | C] () -- H:\Windows\SysWow64\BHARegister.dll
[2011/03/28 14:15:09 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2011/03/25 05:13:32 | 000,002,265 | ---- | C] () -- H:\Windows\FF08_Render_Spk_Hp.ini
[2011/03/25 05:13:32 | 000,001,650 | ---- | C] () -- H:\Windows\FF08_Capture.ini
[2011/03/25 05:13:32 | 000,001,540 | ---- | C] () -- H:\Windows\FF08_Render.ini
[2011/03/25 05:13:18 | 000,148,480 | ---- | C] () -- H:\Windows\SysWow64\APOMngr.DLL
[2011/03/25 05:13:18 | 000,073,728 | ---- | C] () -- H:\Windows\SysWow64\CmdRtr.DLL
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2009/09/30 07:05:48 | 000,290,816 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v60.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2008/10/30 13:00:22 | 000,048,640 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v60.dll
[2008/10/30 12:59:24 | 000,025,088 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v60.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v50.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v50.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v50.dll
[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- H:\Windows\SysWow64\W32btstp.dll
[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- H:\Windows\SysWow64\W32btxlt.dll
 
========== LOP Check ==========
 
[2011/03/25 05:02:23 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2011/04/20 08:44:14 | 000,000,000 | ---D | M] -- H:\ProgramData\BTrieve
[2012/07/11 02:42:58 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2011/04/10 13:49:17 | 000,000,000 | ---D | M] -- H:\ProgramData\DeviceVM
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/03/25 05:02:23 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/08/20 05:37:11 | 000,000,000 | ---D | M] -- H:\ProgramData\elsterformular
[2011/03/25 05:02:23 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2011/03/25 05:09:51 | 000,000,000 | ---D | M] -- H:\ProgramData\FNET
[2013/05/22 01:27:37 | 000,000,000 | ---D | M] -- H:\ProgramData\Lexware
[2013/05/22 01:10:27 | 000,000,000 | ---D | M] -- H:\ProgramData\LogMeIn
[2011/03/28 14:17:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2011/06/09 07:00:19 | 000,000,000 | ---D | M] -- H:\ProgramData\PearlMountainSoft
[2011/03/28 14:01:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Pinnacle
[2011/03/28 14:01:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Pinnacle Studio Plus
[2011/03/30 02:59:01 | 000,000,000 | ---D | M] -- H:\ProgramData\Pinnacle Studio Ultimate
[2013/01/31 01:48:57 | 000,000,000 | ---D | M] -- H:\ProgramData\regid.1986-12.com.adobe
[2011/04/24 05:18:03 | 000,000,000 | ---D | M] -- H:\ProgramData\Splashtop
[2011/12/22 06:15:53 | 000,000,000 | ---D | M] -- H:\ProgramData\SQL Anywhere 11
[2012/08/25 10:50:04 | 000,000,000 | ---D | M] -- H:\ProgramData\StarMoney 8.0
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/03/25 05:02:23 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2011/03/28 14:01:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Studio 12
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/01/29 10:28:08 | 000,000,000 | ---D | M] -- H:\ProgramData\tmp
[2011/03/30 10:02:23 | 000,000,000 | ---D | M] -- H:\ProgramData\TomTom
[2012/07/11 02:43:32 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/25 05:02:23 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2012/03/29 04:38:44 | 000,000,000 | -HSD | M] -- H:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/07/11 02:42:58 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/04/10 13:49:49 | 000,000,000 | -H-D | M] -- H:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013/03/13 21:44:42 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

markusg · 22.05.2013, 17:18

Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O20 - HKU\Nutzer_ON_H Winlogon: Shell - (C:\Users\Nutzer\AppData\Roaming\skype.dat) - H:\Users\Nutzer\AppData\Roaming\skype.dat ()
[2013/05/22 09:48:25 | 000,000,004 | ---- | M] () -- H:\Users\Nutzer\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im b

Petra-Müller · 22.05.2013, 17:54

Alles ausgeführt - hat wunderbar geklappt - vielen Dank
Der Upload der moved_files hat geklappt.

Jetzt lasse ich noch Scans mit Antivir und Malwarebites laufen - richtig?

markusg · 22.05.2013, 18:02

hi danke fürs hochladen, und nein, bitte weiter mit:
warum bzw wo wurde otl schon mal eingesetzt?

Petra-Müller · 22.05.2013, 18:16

Ich glaube, im letzten Frühjahr hatte ich auf dem Rechner einen UKash Trojaner.

markusg · 22.05.2013, 18:18

ok.,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Petra-Müller · 22.05.2013, 18:39

Erledigt. Hier das Logfile des Killers:

19:33:54.0026 2688 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:33:54.0307 2688 ============================================================
19:33:54.0307 2688 Current date / time: 2013/05/22 19:33:54.0307
19:33:54.0307 2688 SystemInfo:
19:33:54.0307 2688
19:33:54.0307 2688 OS Version: 6.1.7601 ServicePack: 1.0
19:33:54.0307 2688 Product type: Workstation
19:33:54.0307 2688 ComputerName: I-2600
19:33:54.0307 2688 UserName: Nutzer
19:33:54.0307 2688 Windows directory: C:\Windows
19:33:54.0307 2688 System windows directory: C:\Windows
19:33:54.0307 2688 Running under WOW64
19:33:54.0307 2688 Processor architecture: Intel x64
19:33:54.0307 2688 Number of processors: 8
19:33:54.0307 2688 Page size: 0x1000
19:33:54.0307 2688 Boot type: Normal boot
19:33:54.0307 2688 ============================================================
19:33:59.0236 2688 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:33:59.0283 2688 Drive \Device\Harddisk5\DR8 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:33:59.0283 2688 ============================================================
19:33:59.0283 2688 \Device\Harddisk0\DR0:
19:33:59.0299 2688 MBR partitions:
19:33:59.0299 2688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:33:59.0299 2688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:33:59.0299 2688 \Device\Harddisk5\DR8:
19:33:59.0299 2688 MBR partitions:
19:33:59.0299 2688 \Device\Harddisk5\DR8\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7777E0
19:33:59.0299 2688 ============================================================
19:33:59.0439 2688 C: <-> \Device\Harddisk0\DR0\Partition2
19:33:59.0439 2688 ============================================================
19:33:59.0439 2688 Initialize success
19:33:59.0439 2688 ============================================================
19:34:31.0060 5828 ============================================================
19:34:31.0060 5828 Scan started
19:34:31.0060 5828 Mode: Manual; SigCheck; TDLFS;
19:34:31.0060 5828 ============================================================
19:34:33.0681 5828 ================ Scan system memory ========================
19:34:33.0681 5828 System memory - ok
19:34:33.0681 5828 ================ Scan services =============================
19:34:35.0850 5828 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:34:36.0208 5828 1394ohci - ok
19:34:36.0333 5828 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:34:36.0396 5828 ACPI - ok
19:34:36.0489 5828 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:34:37.0004 5828 AcpiPmi - ok
19:34:37.0534 5828 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:37.0566 5828 AdobeARMservice - ok
19:34:39.0391 5828 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:39.0422 5828 AdobeFlashPlayerUpdateSvc - ok
19:34:39.0625 5828 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:34:39.0765 5828 adp94xx - ok
19:34:39.0843 5828 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:34:40.0015 5828 adpahci - ok
19:34:40.0108 5828 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:34:40.0171 5828 adpu320 - ok
19:34:40.0233 5828 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:34:41.0824 5828 AeLookupSvc - ok
19:34:42.0012 5828 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:34:42.0199 5828 AFD - ok
19:34:42.0292 5828 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:34:42.0339 5828 agp440 - ok
19:34:43.0338 5828 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:34:43.0338 5828 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:34:43.0338 5828 Akamai ( HiddenFile.Multi.Generic ) - warning
19:34:43.0338 5828 Akamai - detected HiddenFile.Multi.Generic (1)
19:34:43.0416 5828 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:34:43.0618 5828 ALG - ok
19:34:43.0696 5828 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:34:43.0774 5828 aliide - ok
19:34:43.0790 5828 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:34:43.0837 5828 amdide - ok
19:34:43.0930 5828 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:34:44.0040 5828 AmdK8 - ok
19:34:44.0071 5828 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:34:44.0196 5828 AmdPPM - ok
19:34:44.0258 5828 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:34:44.0320 5828 amdsata - ok
19:34:44.0414 5828 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:34:44.0476 5828 amdsbs - ok
19:34:44.0508 5828 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:34:44.0601 5828 amdxata - ok
19:34:45.0069 5828 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:34:45.0085 5828 AntiVirSchedulerService - ok
19:34:45.0210 5828 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:34:45.0600 5828 AntiVirService - ok
19:34:46.0052 5828 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:34:46.0146 5828 AppHostSvc - ok
19:34:46.0333 5828 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:34:47.0690 5828 AppID - ok
19:34:47.0799 5828 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:34:47.0862 5828 AppIDSvc - ok
19:34:47.0986 5828 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:34:48.0096 5828 Appinfo - ok
19:34:48.0361 5828 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:34:48.0439 5828 arc - ok
19:34:48.0470 5828 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:34:48.0595 5828 arcsas - ok
19:34:49.0484 5828 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:34:49.0531 5828 aspnet_state - ok
19:34:49.0656 5828 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
19:34:49.0718 5828 AsrAppCharger - ok
19:34:49.0827 5828 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:49.0952 5828 AsyncMac - ok
19:34:49.0983 5828 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:34:49.0999 5828 atapi - ok
19:34:50.0233 5828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:50.0560 5828 AudioEndpointBuilder - ok
19:34:50.0607 5828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:34:50.0638 5828 AudioSrv - ok
19:34:50.0919 5828 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:34:50.0997 5828 avgntflt - ok
19:34:51.0138 5828 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:34:51.0200 5828 avipbb - ok
19:34:51.0231 5828 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:34:51.0278 5828 avkmgr - ok
19:34:51.0372 5828 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:34:51.0918 5828 AxInstSV - ok
19:34:52.0074 5828 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:34:52.0308 5828 b06bdrv - ok
19:34:52.0464 5828 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:34:52.0651 5828 b57nd60a - ok
19:34:52.0822 5828 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:34:52.0932 5828 BDESVC - ok
19:34:53.0010 5828 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:34:53.0103 5828 Beep - ok
19:34:53.0384 5828 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:34:53.0602 5828 BFE - ok
19:34:53.0774 5828 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
19:34:53.0790 5828 bgsvcgen - ok
19:34:53.0977 5828 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:34:54.0242 5828 BITS - ok
19:34:54.0336 5828 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:34:54.0414 5828 blbdrive - ok
19:34:54.0523 5828 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:34:54.0648 5828 bowser - ok
19:34:54.0741 5828 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:34:54.0835 5828 BrFiltLo - ok
19:34:54.0882 5828 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:34:55.0006 5828 BrFiltUp - ok
19:34:55.0178 5828 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:34:55.0256 5828 BridgeMP - ok
19:34:55.0459 5828 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:34:55.0552 5828 Browser - ok
19:34:55.0646 5828 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:34:56.0020 5828 Brserid - ok
19:34:56.0052 5828 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:56.0145 5828 BrSerWdm - ok
19:34:56.0192 5828 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:56.0301 5828 BrUsbMdm - ok
19:34:56.0317 5828 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:56.0395 5828 BrUsbSer - ok
19:34:56.0457 5828 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:34:56.0535 5828 BTHMODEM - ok
19:34:56.0691 5828 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:34:56.0754 5828 bthserv - ok
19:34:56.0925 5828 catchme - ok
19:34:56.0972 5828 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:34:57.0081 5828 cdfs - ok
19:34:57.0237 5828 cdrbsdrv - ok
19:34:57.0346 5828 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:34:57.0378 5828 cdrom - ok
19:34:57.0487 5828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:34:57.0596 5828 CertPropSvc - ok
19:34:57.0674 5828 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:34:57.0736 5828 circlass - ok
19:34:57.0877 5828 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:34:57.0892 5828 CLFS - ok
19:34:58.0267 5828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:58.0298 5828 clr_optimization_v2.0.50727_32 - ok
19:34:58.0548 5828 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:34:58.0548 5828 clr_optimization_v2.0.50727_64 - ok
19:34:58.0984 5828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:59.0016 5828 clr_optimization_v4.0.30319_32 - ok
19:34:59.0062 5828 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:34:59.0078 5828 clr_optimization_v4.0.30319_64 - ok
19:34:59.0125 5828 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:34:59.0203 5828 CmBatt - ok
19:34:59.0296 5828 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:34:59.0343 5828 cmdide - ok
19:34:59.0515 5828 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:34:59.0686 5828 CNG - ok
19:34:59.0733 5828 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:34:59.0780 5828 Compbatt - ok
19:34:59.0842 5828 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:34:59.0967 5828 CompositeBus - ok
19:34:59.0998 5828 COMSysApp - ok
19:35:00.0108 5828 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:35:00.0154 5828 crcdisk - ok
19:35:00.0529 5828 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:35:00.0576 5828 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:35:00.0576 5828 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:35:00.0669 5828 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:35:00.0763 5828 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:35:00.0763 5828 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:35:00.0778 5828 crlscsi - ok
19:35:00.0903 5828 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:01.0075 5828 CryptSvc - ok
19:35:01.0231 5828 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:35:01.0309 5828 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:35:01.0309 5828 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:35:01.0496 5828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:01.0574 5828 DcomLaunch - ok
19:35:01.0683 5828 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:01.0792 5828 defragsvc - ok
19:35:01.0917 5828 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:01.0995 5828 DfsC - ok
19:35:02.0136 5828 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:02.0401 5828 Dhcp - ok
19:35:02.0432 5828 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:02.0494 5828 discache - ok
19:35:02.0635 5828 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:35:02.0666 5828 Disk - ok
19:35:02.0744 5828 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:02.0916 5828 Dnscache - ok
19:35:03.0025 5828 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:03.0228 5828 dot3svc - ok
19:35:03.0306 5828 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:35:03.0352 5828 DPS - ok
19:35:03.0415 5828 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:03.0477 5828 drmkaud - ok
19:35:03.0649 5828 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:03.0898 5828 DXGKrnl - ok
19:35:04.0008 5828 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:04.0101 5828 EapHost - ok
19:35:04.0663 5828 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:35:04.0975 5828 ebdrv - ok
19:35:05.0084 5828 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:35:05.0209 5828 EFS - ok
19:35:05.0583 5828 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:05.0802 5828 ehRecvr - ok
19:35:05.0864 5828 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:05.0926 5828 ehSched - ok
19:35:06.0129 5828 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:35:06.0254 5828 elxstor - ok
19:35:06.0285 5828 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:35:06.0348 5828 ErrDev - ok
19:35:06.0519 5828 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
19:35:06.0582 5828 EtronHub3 - ok
19:35:06.0675 5828 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
19:35:06.0769 5828 EtronXHCI - ok
19:35:06.0909 5828 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:07.0128 5828 EventSystem - ok
19:35:07.0143 5828 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:07.0330 5828 exfat - ok
19:35:07.0580 5828 Fabs - ok
19:35:07.0627 5828 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:07.0767 5828 fastfat - ok
19:35:07.0970 5828 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:35:08.0142 5828 Fax - ok
19:35:08.0188 5828 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:08.0235 5828 fdc - ok
19:35:08.0313 5828 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:08.0391 5828 fdPHost - ok
19:35:08.0454 5828 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:08.0547 5828 FDResPub - ok
19:35:08.0594 5828 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:08.0672 5828 FileInfo - ok
19:35:08.0719 5828 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:08.0797 5828 Filetrace - ok
19:35:09.0280 5828 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:35:09.0390 5828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:35:09.0390 5828 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:35:09.0452 5828 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:35:09.0483 5828 flpydisk - ok
19:35:09.0546 5828 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:09.0639 5828 FltMgr - ok
19:35:09.0795 5828 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
19:35:09.0842 5828 FNETTBOH_305 - ok
19:35:09.0889 5828 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
19:35:09.0920 5828 FNETURPX - ok
19:35:10.0216 5828 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:35:10.0606 5828 FontCache - ok
19:35:10.0731 5828 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:10.0762 5828 FontCache3.0.0.0 - ok
19:35:10.0825 5828 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:10.0856 5828 FsDepends - ok
19:35:10.0965 5828 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:11.0028 5828 Fs_Rec - ok
19:35:11.0121 5828 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:11.0168 5828 fvevol - ok
19:35:11.0230 5828 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:35:11.0277 5828 gagp30kx - ok
19:35:11.0511 5828 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:11.0558 5828 gpsvc - ok
19:35:11.0745 5828 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:11.0745 5828 gupdate - ok
19:35:11.0839 5828 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:11.0854 5828 gupdatem - ok
19:35:11.0886 5828 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:12.0057 5828 hcw85cir - ok
19:35:12.0213 5828 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:12.0400 5828 HdAudAddService - ok
19:35:12.0510 5828 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:12.0572 5828 HDAudBus - ok
19:35:12.0619 5828 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:35:12.0650 5828 HidBatt - ok
19:35:12.0697 5828 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:35:12.0728 5828 HidBth - ok
19:35:12.0822 5828 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:35:12.0868 5828 HidIr - ok
19:35:12.0946 5828 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:35:13.0024 5828 hidserv - ok
19:35:13.0118 5828 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:13.0165 5828 HidUsb - ok
19:35:13.0212 5828 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:13.0321 5828 hkmsvc - ok
19:35:13.0399 5828 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:13.0602 5828 HomeGroupListener - ok
19:35:13.0711 5828 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:13.0836 5828 HomeGroupProvider - ok
19:35:14.0038 5828 [ 86724A200BF1F08A03FB563660FCD928 ] HP DS Service C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
19:35:14.0085 5828 HP DS Service ( UnsignedFile.Multi.Generic ) - warning
19:35:14.0085 5828 HP DS Service - detected UnsignedFile.Multi.Generic (1)
19:35:14.0319 5828 [ 896DA1A34D78FA82F7A98EAD1A4F4B3B ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
19:35:14.0366 5828 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
19:35:14.0366 5828 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
19:35:14.0444 5828 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:35:14.0491 5828 HpSAMD - ok
19:35:14.0740 5828 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:14.0865 5828 HTTP - ok
19:35:14.0943 5828 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:14.0943 5828 hwpolicy - ok
19:35:15.0037 5828 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:15.0084 5828 i8042prt - ok
19:35:15.0193 5828 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:35:15.0302 5828 iaStorV - ok
19:35:15.0598 5828 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:15.0645 5828 idsvc - ok
19:35:15.0676 5828 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:35:15.0723 5828 iirsp - ok
19:35:15.0957 5828 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:16.0207 5828 IKEEXT - ok
19:35:16.0675 5828 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:35:17.0065 5828 IntcAzAudAddService - ok
19:35:17.0127 5828 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:35:17.0174 5828 intelide - ok
19:35:17.0299 5828 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:17.0377 5828 intelppm - ok
19:35:17.0517 5828 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:17.0626 5828 IPBusEnum - ok
19:35:17.0673 5828 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:17.0798 5828 IpFilterDriver - ok
19:35:18.0001 5828 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:35:18.0172 5828 iphlpsvc - ok
19:35:18.0204 5828 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:35:18.0219 5828 IPMIDRV - ok
19:35:18.0250 5828 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:18.0313 5828 IPNAT - ok
19:35:18.0391 5828 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:18.0484 5828 IRENUM - ok
19:35:18.0594 5828 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:35:18.0640 5828 isapnp - ok
19:35:18.0750 5828 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:35:18.0937 5828 iScsiPrt - ok
19:35:19.0015 5828 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:19.0062 5828 kbdclass - ok
19:35:19.0124 5828 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:35:19.0202 5828 kbdhid - ok
19:35:19.0249 5828 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:35:19.0280 5828 KeyIso - ok
19:35:19.0327 5828 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:19.0374 5828 KSecDD - ok
19:35:19.0420 5828 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:19.0452 5828 KSecPkg - ok
19:35:19.0514 5828 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:35:19.0576 5828 ksthunk - ok
19:35:19.0686 5828 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:19.0873 5828 KtmRm - ok
19:35:20.0044 5828 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:35:20.0216 5828 LanmanServer - ok
19:35:20.0341 5828 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:20.0434 5828 LanmanWorkstation - ok
19:35:20.0793 5828 Lexware_Professional_Datenbank - ok
19:35:20.0887 5828 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:20.0965 5828 lltdio - ok
19:35:21.0074 5828 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:21.0246 5828 lltdsvc - ok
19:35:21.0339 5828 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:21.0433 5828 lmhosts - ok
19:35:21.0776 5828 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
19:35:21.0792 5828 LMIGuardianSvc - ok
19:35:21.0870 5828 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
19:35:21.0901 5828 LMIInfo - ok
19:35:21.0994 5828 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
19:35:22.0026 5828 LMIMaint - ok
19:35:22.0104 5828 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
19:35:22.0135 5828 lmimirr - ok
19:35:22.0197 5828 LMIRfsClientNP - ok
19:35:22.0291 5828 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
19:35:22.0322 5828 LMIRfsDriver - ok
19:35:22.0556 5828 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:35:22.0618 5828 LMS - ok
19:35:22.0790 5828 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
19:35:22.0837 5828 LogMeIn - ok
19:35:22.0868 5828 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:35:22.0899 5828 LSI_FC - ok
19:35:22.0962 5828 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:35:23.0071 5828 LSI_SAS - ok
19:35:23.0102 5828 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:35:23.0149 5828 LSI_SAS2 - ok
19:35:23.0211 5828 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:35:23.0258 5828 LSI_SCSI - ok
19:35:23.0289 5828 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:23.0367 5828 luafv - ok
19:35:23.0492 5828 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
19:35:23.0601 5828 MarvinBus - ok
19:35:23.0695 5828 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:23.0788 5828 Mcx2Svc - ok
19:35:23.0820 5828 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:35:23.0882 5828 megasas - ok
19:35:23.0960 5828 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:35:24.0069 5828 MegaSR - ok
19:35:24.0132 5828 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:35:24.0178 5828 MEIx64 - ok
19:35:24.0553 5828 Microsoft SharePoint Workspace Audit Service - ok
19:35:24.0584 5828 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:35:24.0709 5828 MMCSS - ok
19:35:24.0724 5828 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:24.0818 5828 Modem - ok
19:35:24.0927 5828 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:25.0005 5828 monitor - ok
19:35:25.0099 5828 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:25.0177 5828 mouclass - ok
19:35:25.0270 5828 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:25.0348 5828 mouhid - ok
19:35:25.0380 5828 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:25.0442 5828 mountmgr - ok
19:35:25.0629 5828 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:35:25.0645 5828 MozillaMaintenance - ok
19:35:25.0723 5828 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:35:25.0770 5828 mpio - ok
19:35:25.0785 5828 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:25.0863 5828 mpsdrv - ok
19:35:26.0175 5828 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:35:26.0472 5828 MpsSvc - ok
19:35:26.0503 5828 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:26.0628 5828 MRxDAV - ok
19:35:26.0706 5828 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:26.0877 5828 mrxsmb - ok
19:35:26.0986 5828 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:27.0080 5828 mrxsmb10 - ok
19:35:27.0127 5828 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:27.0174 5828 mrxsmb20 - ok
19:35:27.0220 5828 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:35:27.0298 5828 msahci - ok
19:35:27.0330 5828 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:35:27.0376 5828 msdsm - ok
19:35:27.0408 5828 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:27.0454 5828 MSDTC - ok
19:35:27.0501 5828 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:27.0876 5828 Msfs - ok
19:35:28.0078 5828 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:28.0125 5828 mshidkmdf - ok
19:35:28.0156 5828 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:35:28.0219 5828 msisadrv - ok
19:35:28.0281 5828 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:28.0375 5828 MSiSCSI - ok
19:35:28.0375 5828 msiserver - ok
19:35:28.0453 5828 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:28.0531 5828 MSKSSRV - ok
19:35:28.0609 5828 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:28.0702 5828 MSPCLOCK - ok
19:35:28.0749 5828 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:28.0827 5828 MSPQM - ok
19:35:28.0890 5828 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:29.0014 5828 MsRPC - ok
19:35:29.0061 5828 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:29.0092 5828 mssmbios - ok
19:35:29.0155 5828 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:29.0248 5828 MSTEE - ok
19:35:29.0280 5828 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:35:29.0326 5828 MTConfig - ok
19:35:29.0358 5828 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:29.0404 5828 Mup - ok
19:35:29.0545 5828 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:35:29.0607 5828 napagent - ok
19:35:29.0810 5828 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:30.0216 5828 NativeWifiP - ok
19:35:30.0481 5828 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:30.0528 5828 NDIS - ok
19:35:30.0621 5828 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:30.0699 5828 NdisCap - ok
19:35:30.0793 5828 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:30.0871 5828 NdisTapi - ok
19:35:30.0964 5828 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:31.0105 5828 Ndisuio - ok
19:35:31.0136 5828 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:31.0292 5828 NdisWan - ok
19:35:31.0323 5828 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:31.0401 5828 NDProxy - ok
19:35:31.0557 5828 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:35:31.0604 5828 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:35:31.0604 5828 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:35:31.0682 5828 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:31.0807 5828 NetBIOS - ok
19:35:31.0869 5828 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:31.0916 5828 NetBT - ok
19:35:31.0932 5828 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:35:31.0994 5828 Netlogon - ok
19:35:32.0103 5828 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:35:32.0337 5828 Netman - ok
19:35:32.0415 5828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:32.0446 5828 NetMsmqActivator - ok
19:35:32.0462 5828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:32.0478 5828 NetPipeActivator - ok
19:35:32.0587 5828 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:35:32.0712 5828 netprofm - ok
19:35:32.0914 5828 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
19:35:33.0211 5828 netr28ux - ok
19:35:33.0398 5828 [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
19:35:33.0523 5828 netr7364 - ok
19:35:33.0554 5828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:33.0554 5828 NetTcpActivator - ok
19:35:33.0585 5828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:33.0585 5828 NetTcpPortSharing - ok
19:35:33.0679 5828 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:35:33.0710 5828 nfrd960 - ok
19:35:33.0819 5828 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:33.0928 5828 NlaSvc - ok
19:35:33.0960 5828 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:34.0053 5828 Npfs - ok
19:35:34.0147 5828 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:35:34.0240 5828 nsi - ok
19:35:34.0272 5828 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:34.0350 5828 nsiproxy - ok
19:35:34.0615 5828 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:34.0818 5828 Ntfs - ok
19:35:34.0849 5828 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:35:34.0942 5828 Null - ok
19:35:35.0083 5828 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:35:35.0192 5828 NVHDA - ok
19:35:36.0627 5828 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:35:37.0782 5828 nvlddmkm - ok
19:35:37.0891 5828 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:37.0953 5828 nvraid - ok
19:35:38.0016 5828 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:38.0062 5828 nvstor - ok
19:35:38.0296 5828 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc C:\Windows\system32\nvvsvc.exe
19:35:38.0374 5828 NVSvc - ok
19:35:38.0858 5828 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:35:38.0936 5828 nvUpdatusService - ok
19:35:39.0045 5828 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:39.0139 5828 nv_agp - ok
19:35:39.0170 5828 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:35:39.0248 5828 ohci1394 - ok
19:35:39.0576 5828 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:39.0591 5828 ose - ok
19:35:40.0730 5828 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:35:40.0839 5828 osppsvc - ok
19:35:40.0933 5828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:41.0026 5828 p2pimsvc - ok
19:35:41.0167 5828 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:41.0416 5828 p2psvc - ok
19:35:41.0510 5828 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:41.0604 5828 Parport - ok
19:35:41.0666 5828 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:41.0682 5828 partmgr - ok
19:35:41.0728 5828 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:41.0869 5828 PcaSvc - ok
19:35:41.0900 5828 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:35:41.0978 5828 pci - ok
19:35:42.0009 5828 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:42.0087 5828 pciide - ok
19:35:42.0134 5828 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:35:42.0243 5828 pcmcia - ok
19:35:42.0290 5828 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:42.0352 5828 pcw - ok
19:35:42.0446 5828 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:42.0633 5828 PEAUTH - ok
19:35:44.0458 5828 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:35:44.0521 5828 PerfHost - ok
19:35:44.0895 5828 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:35:45.0192 5828 pla - ok
19:35:45.0348 5828 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:45.0597 5828 PlugPlay - ok
19:35:45.0847 5828 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:35:45.0956 5828 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:35:45.0956 5828 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:35:46.0034 5828 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:46.0128 5828 PNRPAutoReg - ok
19:35:46.0206 5828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:46.0221 5828 PNRPsvc - ok
19:35:46.0393 5828 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:46.0564 5828 PolicyAgent - ok
19:35:46.0674 5828 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:35:46.0752 5828 Power - ok
19:35:46.0814 5828 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:46.0908 5828 PptpMiniport - ok
19:35:46.0939 5828 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:35:47.0048 5828 Processor - ok
19:35:47.0126 5828 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:47.0313 5828 ProfSvc - ok
19:35:47.0360 5828 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:47.0391 5828 ProtectedStorage - ok
19:35:47.0516 5828 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:47.0578 5828 Psched - ok
19:35:47.0875 5828 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:35:48.0171 5828 ql2300 - ok
19:35:48.0280 5828 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:35:48.0327 5828 ql40xx - ok
19:35:48.0374 5828 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:35:48.0452 5828 QWAVE - ok
19:35:48.0483 5828 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:48.0546 5828 QWAVEdrv - ok
19:35:48.0608 5828 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:48.0702 5828 RasAcd - ok
19:35:48.0811 5828 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:48.0889 5828 RasAgileVpn - ok
19:35:48.0951 5828 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:49.0045 5828 RasAuto - ok
19:35:49.0092 5828 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:49.0154 5828 Rasl2tp - ok
19:35:49.0341 5828 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:35:49.0560 5828 RasMan - ok
19:35:49.0638 5828 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:49.0747 5828 RasPppoe - ok
19:35:49.0794 5828 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:49.0887 5828 RasSstp - ok
19:35:49.0981 5828 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:50.0074 5828 rdbss - ok
19:35:50.0106 5828 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:35:50.0215 5828 rdpbus - ok
19:35:50.0355 5828 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:50.0371 5828 RDPCDD - ok
19:35:50.0449 5828 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:50.0496 5828 RDPENCDD - ok
19:35:50.0542 5828 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:50.0558 5828 RDPREFMP - ok
19:35:50.0683 5828 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:50.0839 5828 RDPWD - ok
19:35:50.0964 5828 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:51.0057 5828 rdyboost - ok
19:35:51.0135 5828 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:51.0182 5828 RemoteAccess - ok
19:35:51.0229 5828 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:51.0385 5828 RemoteRegistry - ok
19:35:51.0432 5828 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:51.0510 5828 RpcEptMapper - ok
19:35:51.0572 5828 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:35:51.0666 5828 RpcLocator - ok
19:35:51.0790 5828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:51.0822 5828 RpcSs - ok
19:35:51.0915 5828 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:51.0993 5828 rspndr - ok
19:35:52.0149 5828 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:52.0227 5828 RTL8167 - ok
19:35:52.0274 5828 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:35:52.0290 5828 SamSs - ok
19:35:52.0336 5828 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:52.0383 5828 sbp2port - ok
19:35:52.0617 5828 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:35:52.0664 5828 SBSDWSCService - ok
19:35:52.0742 5828 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:52.0820 5828 SCardSvr - ok
19:35:52.0851 5828 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:52.0945 5828 scfilter - ok
19:35:53.0179 5828 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:35:53.0257 5828 Schedule - ok
19:35:53.0319 5828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:53.0366 5828 SCPolicySvc - ok
19:35:53.0460 5828 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:53.0647 5828 SDRSVC - ok
19:35:53.0756 5828 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:53.0819 5828 secdrv - ok
19:35:53.0865 5828 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:35:53.0912 5828 seclogon - ok
19:35:53.0975 5828 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:35:54.0053 5828 SENS - ok
19:35:54.0131 5828 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:54.0255 5828 SensrSvc - ok
19:35:54.0380 5828 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:54.0427 5828 Serenum - ok
19:35:54.0474 5828 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:54.0567 5828 Serial - ok
19:35:54.0661 5828 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:35:54.0755 5828 sermouse - ok
19:35:54.0848 5828 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:54.0957 5828 SessionEnv - ok
19:35:54.0973 5828 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:35:55.0004 5828 sffdisk - ok
19:35:55.0035 5828 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:55.0113 5828 sffp_mmc - ok
19:35:55.0145 5828 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:35:55.0223 5828 sffp_sd - ok
19:35:55.0254 5828 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:35:55.0316 5828 sfloppy - ok
19:35:55.0410 5828 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:35:55.0550 5828 SharedAccess - ok
19:35:55.0722 5828 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:55.0862 5828 ShellHWDetection - ok
19:35:55.0940 5828 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:35:55.0971 5828 SiSRaid2 - ok
19:35:56.0049 5828 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:35:56.0112 5828 SiSRaid4 - ok
19:35:56.0159 5828 SmartViewService - ok
19:35:56.0237 5828 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:56.0315 5828 Smb - ok
19:35:56.0424 5828 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:56.0502 5828 SNMPTRAP - ok
19:35:56.0611 5828 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
19:35:56.0673 5828 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:35:56.0673 5828 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:35:56.0720 5828 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:56.0783 5828 spldr - ok
19:35:56.0876 5828 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:56.0985 5828 Spooler - ok
19:35:57.0781 5828 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:57.0906 5828 sppsvc - ok
19:35:57.0953 5828 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:58.0046 5828 sppuinotify - ok
19:35:58.0140 5828 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:58.0374 5828 srv - ok
19:35:58.0483 5828 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:58.0623 5828 srv2 - ok
19:35:58.0670 5828 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:58.0779 5828 srvnet - ok
19:35:58.0873 5828 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:58.0998 5828 SSDPSRV - ok
19:35:59.0060 5828 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:59.0123 5828 SstpSvc - ok
19:35:59.0559 5828 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
19:35:59.0575 5828 StarMoney 8.0 OnlineUpdate - ok
19:35:59.0934 5828 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:35:59.0965 5828 Stereo Service - ok
19:36:00.0012 5828 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:36:00.0090 5828 stexstor - ok
19:36:00.0230 5828 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:36:00.0417 5828 stisvc - ok
19:36:00.0511 5828 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:36:00.0573 5828 swenum - ok
19:36:00.0932 5828 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:36:01.0010 5828 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:36:01.0010 5828 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:36:01.0197 5828 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:36:01.0260 5828 swprv - ok
19:36:01.0525 5828 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:36:01.0650 5828 SysMain - ok
19:36:01.0665 5828 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:36:01.0759 5828 TabletInputService - ok
19:36:01.0853 5828 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:36:01.0962 5828 TapiSrv - ok
19:36:02.0024 5828 TBPanel - ok
19:36:02.0071 5828 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:36:02.0118 5828 TBS - ok
19:36:02.0445 5828 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:36:02.0913 5828 Tcpip - ok
19:36:03.0163 5828 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:36:03.0179 5828 TCPIP6 - ok
19:36:03.0241 5828 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:36:03.0319 5828 tcpipreg - ok
19:36:03.0381 5828 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:36:03.0537 5828 TDPIPE - ok
19:36:03.0584 5828 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:36:03.0725 5828 TDTCP - ok
19:36:03.0756 5828 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:36:03.0943 5828 tdx - ok
19:36:04.0021 5828 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:36:04.0115 5828 TermDD - ok
19:36:04.0302 5828 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:36:04.0520 5828 TermService - ok
19:36:04.0536 5828 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:36:04.0583 5828 Themes - ok
19:36:04.0661 5828 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:36:04.0723 5828 THREADORDER - ok
19:36:04.0879 5828 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
19:36:04.0879 5828 TomTomHOMEService - ok
19:36:04.0941 5828 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:36:05.0051 5828 TrkWks - ok
19:36:05.0175 5828 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:05.0222 5828 TrustedInstaller - ok
19:36:05.0285 5828 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:05.0394 5828 tssecsrv - ok
19:36:05.0456 5828 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:36:05.0565 5828 TsUsbFlt - ok
19:36:05.0597 5828 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:36:05.0675 5828 TsUsbGD - ok
19:36:05.0784 5828 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:05.0862 5828 tunnel - ok
19:36:05.0877 5828 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:36:05.0924 5828 uagp35 - ok
19:36:05.0987 5828 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:06.0127 5828 udfs - ok
19:36:06.0174 5828 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:06.0299 5828 UI0Detect - ok
19:36:06.0345 5828 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:36:06.0408 5828 uliagpkx - ok
19:36:06.0470 5828 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:36:06.0564 5828 umbus - ok
19:36:06.0611 5828 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:36:06.0704 5828 UmPass - ok
19:36:07.0141 5828 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:36:07.0235 5828 UNS - ok
19:36:07.0391 5828 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:36:07.0609 5828 upnphost - ok
19:36:07.0656 5828 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:07.0734 5828 usbccgp - ok
19:36:07.0827 5828 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:36:07.0905 5828 usbcir - ok
19:36:07.0968 5828 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:36:08.0077 5828 usbehci - ok
19:36:08.0233 5828 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:08.0358 5828 usbhub - ok
19:36:08.0436 5828 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:36:08.0514 5828 usbohci - ok
19:36:08.0545 5828 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:36:08.0639 5828 usbprint - ok
19:36:08.0717 5828 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:08.0904 5828 USBSTOR - ok
19:36:08.0951 5828 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:36:09.0029 5828 usbuhci - ok
19:36:09.0091 5828 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:36:09.0200 5828 UxSms - ok
19:36:09.0247 5828 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:09.0247 5828 VaultSvc - ok
19:36:09.0325 5828 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:36:09.0403 5828 vdrvroot - ok
19:36:09.0543 5828 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:36:09.0668 5828 vds - ok
19:36:09.0731 5828 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:09.0793 5828 vga - ok
19:36:09.0840 5828 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:09.0933 5828 VgaSave - ok
19:36:09.0965 5828 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:36:10.0089 5828 vhdmp - ok
19:36:10.0121 5828 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:36:10.0136 5828 viaide - ok
19:36:10.0183 5828 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:36:10.0214 5828 volmgr - ok
19:36:10.0323 5828 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:10.0386 5828 volmgrx - ok
19:36:10.0464 5828 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:10.0542 5828 volsnap - ok
19:36:10.0589 5828 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:36:10.0651 5828 vsmraid - ok
19:36:10.0932 5828 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:36:11.0041 5828 VSS - ok
19:36:11.0088 5828 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:11.0166 5828 vwifibus - ok
19:36:11.0275 5828 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:11.0337 5828 vwififlt - ok
19:36:11.0400 5828 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:36:11.0993 5828 W32Time - ok
19:36:12.0289 5828 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:12.0445 5828 W3SVC - ok
19:36:12.0507 5828 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:36:12.0601 5828 WacomPen - ok
19:36:12.0710 5828 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:12.0851 5828 WANARP - ok
19:36:12.0897 5828 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:12.0913 5828 Wanarpv6 - ok
19:36:13.0131 5828 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:13.0131 5828 WAS - ok
19:36:13.0412 5828 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:36:13.0584 5828 wbengine - ok
19:36:13.0693 5828 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:13.0771 5828 WbioSrvc - ok
19:36:13.0849 5828 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:13.0927 5828 wcncsvc - ok
19:36:13.0989 5828 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:14.0114 5828 WcsPlugInService - ok
19:36:14.0192 5828 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:36:14.0255 5828 Wd - ok
19:36:14.0442 5828 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:14.0676 5828 Wdf01000 - ok
19:36:14.0691 5828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:15.0362 5828 WdiServiceHost - ok
19:36:15.0378 5828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:15.0393 5828 WdiSystemHost - ok
19:36:15.0518 5828 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:36:15.0690 5828 WebClient - ok
19:36:15.0768 5828 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:15.0861 5828 Wecsvc - ok
19:36:15.0986 5828 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:16.0017 5828 wercplsupport - ok
19:36:16.0142 5828 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:16.0361 5828 WerSvc - ok
19:36:16.0501 5828 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:16.0548 5828 WfpLwf - ok
19:36:16.0626 5828 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:16.0751 5828 WIMMount - ok
19:36:16.0813 5828 WinDefend - ok
19:36:16.0844 5828 WinHttpAutoProxySvc - ok
19:36:17.0187 5828 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:17.0343 5828 Winmgmt - ok
19:36:17.0609 5828 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:17.0858 5828 WinRM - ok
19:36:18.0108 5828 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:18.0326 5828 Wlansvc - ok
19:36:18.0357 5828 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:36:18.0420 5828 WmiAcpi - ok
19:36:18.0498 5828 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:18.0607 5828 wmiApSrv - ok
19:36:18.0716 5828 WMPNetworkSvc - ok
19:36:18.0825 5828 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:18.0919 5828 WPCSvc - ok
19:36:18.0950 5828 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:19.0137 5828 WPDBusEnum - ok
19:36:19.0200 5828 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:19.0247 5828 ws2ifsl - ok
19:36:19.0293 5828 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:36:19.0371 5828 wscsvc - ok
19:36:19.0496 5828 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:36:19.0559 5828 WSDPrintDevice - ok
19:36:19.0559 5828 WSearch - ok
19:36:19.0995 5828 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:36:20.0073 5828 wuauserv - ok
19:36:20.0120 5828 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:20.0245 5828 WudfPf - ok
19:36:20.0370 5828 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:20.0526 5828 WUDFRd - ok
19:36:20.0573 5828 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:20.0666 5828 wudfsvc - ok
19:36:20.0729 5828 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:20.0947 5828 WwanSvc - ok
19:36:20.0947 5828 ================ Scan global ===============================
19:36:21.0009 5828 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:36:21.0134 5828 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:36:21.0197 5828 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:36:21.0306 5828 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:36:21.0431 5828 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:36:21.0462 5828 [Global] - ok
19:36:21.0462 5828 ================ Scan MBR ==================================
19:36:21.0509 5828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:31.0274 5828 \Device\Harddisk0\DR0 - ok
19:36:31.0274 5828 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR8
19:36:31.0368 5828 \Device\Harddisk5\DR8 - ok
19:36:31.0383 5828 ================ Scan VBR ==================================
19:36:31.0415 5828 [ 94246F8C9C302A2F0E11F869A93CB886 ] \Device\Harddisk0\DR0\Partition1
19:36:31.0430 5828 \Device\Harddisk0\DR0\Partition1 - ok
19:36:31.0461 5828 [ D280C5DF9DB7C28243F59F0373E17695 ] \Device\Harddisk0\DR0\Partition2
19:36:31.0555 5828 \Device\Harddisk0\DR0\Partition2 - ok
19:36:31.0555 5828 [ 8B943C7960215DAE615E2E907FF921F3 ] \Device\Harddisk5\DR8\Partition1
19:36:31.0571 5828 \Device\Harddisk5\DR8\Partition1 - ok
19:36:31.0571 5828 ============================================================
19:36:31.0571 5828 Scan finished
19:36:31.0571 5828 ============================================================
19:36:31.0571 4344 Detected object count: 11
19:36:31.0571 4344 Actual detected object count: 11
19:36:44.0971 4344 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 HP DS Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 HP DS Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:44.0971 4344 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:44.0971 4344 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 22.05.2013, 19:26

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Petra-Müller · 22.05.2013, 20:35

hier die Combofix.txt: (keine Probleme beim Scan, keine Probleme beim Neustart)

Code:

ATTFilter

ComboFix 13-05-22.01 - Nutzer 22.05.2013  21:13:47.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.5000 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-22 19:20 . 2013-05-22 19:20	--------	d-----w-	c:\users\Classic .NET AppPool\AppData\Local\temp
2013-05-22 13:32 . 2013-05-22 19:11	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{80B0DFAD-6A62-4143-9655-34D8B4F9727F}\offreg.dll
2013-05-22 05:22 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{80B0DFAD-6A62-4143-9655-34D8B4F9727F}\mpengine.dll
2013-05-16 13:42 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-16 13:42 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-16 13:42 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-16 05:29 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-09 10:41 . 2013-05-09 10:41	--------	d-----w-	c:\users\Nutzer\AppData\Roaming\Hewlett-Packard Company
2013-05-09 10:40 . 2013-05-16 11:28	--------	d-----w-	c:\users\Nutzer\AppData\Roaming\HpUpdate
2013-05-09 10:39 . 2011-09-28 07:44	467456	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp117.DLL
2013-05-09 10:38 . 2011-11-08 17:09	311296	----a-w-	c:\windows\system32\hpbcoins64.dll
2013-05-09 10:38 . 2011-09-28 07:44	311808	----a-w-	c:\windows\system32\hpcpn117.dll
2013-05-09 10:38 . 2011-09-28 07:34	316928	----a-w-	c:\windows\SysWow64\hpcc3117.DLL
2013-05-01 09:32 . 2013-05-01 09:32	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-05-01 09:32 . 2013-05-01 09:32	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-04-24 05:38 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 13:44 . 2011-03-25 09:20	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 12:09 . 2012-05-02 05:18	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 12:09 . 2011-09-02 08:32	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 05:29	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 05:29	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 05:29	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 05:29	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 05:29	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:29	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-04 12:50 . 2012-08-14 02:28	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 05:46	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 05:46	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:46	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 05:46	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 05:46	112640	----a-w-	c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2012-10-10 20:23	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-10-10 20:23	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-02-09 20:43	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2012-10-10 20:23	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-04-12 06:09 . 2013-04-12 06:09	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-12-23 2236416]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Akamai NetSession Interface"="c:\users\Nutzer\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-03-25 4942336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-10-14 304696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\e:\0autocheck autochk /r \??\E:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 crlscsi;crlscsi; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-25 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-25 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-03-25 79360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-03-25 15936]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-08-03 164352]
S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2011-06-29 83248]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-21 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-03-30 31808]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 86798034
*Deregistered* - 86798034
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 12:09]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 08:29]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 08:29]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522397381-841923373-175786650-1000Core.job
- c:\users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 11:13]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522397381-841923373-175786650-1000UA.job
- c:\users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 11:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AutoKMS"="c:\windows\AutoKMS.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=hp&fr=linkury-tb
mStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtBzy0F0E0AtDtC0FyB0FtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1561467419
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a1f62cd4-10ef-4e1a-9543-7468f4c04e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\v5khe5it.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://ssl.kundenserver.de/flora-toskana.de/onlineshop2/organisation/orders.php?osCAdminID=e97a81bece78fade614e463ce803d849|hxxp://www.google.de/|hxxp://www.flora-toskana.de/onlineshop2/index.php
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtBzy0F0E0AtDtC0FyB0FtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1561467419
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtBzy0F0E0AtDtC0FyB0FtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1561467419
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtBzy0F0E0AtDtC0FyB0FtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1561467419&q=
FF - user.js: extensions.funmoods.id - 0025229FEA01F7F2
FF - user.js: extensions.funmoods.instlDay - 15530
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:5:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ddrnw
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  21:23:15
ComboFix-quarantined-files.txt  2013-05-22 19:23
ComboFix2.txt  2012-08-17 06:22
.
Vor Suchlauf: 23 Verzeichnis(se), 215.144.173.568 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 214.784.811.008 Bytes frei
.
- - End Of File - - 5581279ED100F97861806AC6A75B70FB

markusg · 22.05.2013, 23:54

Hi
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Petra-Müller · 23.05.2013, 09:49

Hier das Logfile von Malwarebites:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nutzer :: I-2600 [Administrator]

23.05.2013 07:59:35
mbam-log-2013-05-23 (07-59-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 900018
Laufzeit: 2 Stunde(n), 45 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles.zip (Trojan.SelfDel) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05222013_224423\H_Users\Nutzer\AppData\Roaming\skype.dat (Trojan.SelfDel) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Logfile des Quick Scans von gestern nacht:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.22.07

Windows 7 Service Pack 1 x64 
Internet Explorer 9.0.8112.16421
Nutzer :: I-2600 [Administrator]

22.05.2013 22:56:56
mbam-log-2013-05-22 (22-56-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316817
Laufzeit: 6 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\Nutzer\AppData\Roaming\skype.dat -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 23.05.2013, 10:40

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Petra-Müller · 23.05.2013, 14:05

Hallo,
ich habe die Liste über den Upload Channel hochgeladen.

22.05.2013, 15:11	#2
markusg /// Malware-holic	Weißer Bildschirm nach Start Hi, du meinst da kommt, bei otl, ein Fenster, browse for folder? dann klappe da alles auf, klicke auf windows bzw wind, und los gehts. __________________ __________________

22.05.2013, 18:02	#6
markusg /// Malware-holic	Weißer Bildschirm nach Start hi danke fürs hochladen, und nein, bitte weiter mit: warum bzw wo wurde otl schon mal eingesetzt? __________________ --> Weißer Bildschirm nach Start

Weißer Bildschirm nach Start

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach Start