Netbook ist mit IHAVENET infiziert

noregret · 09.06.2013, 10:44

Hallo Leute, ist ja sehr toll das ihr hier "ehrenamtlich" eure Hilfe anbietet

Ich habe das Problem das ich das Notebook eines Freundes vom IHAVENET bereinigen soll. Ihavenet leitet zb. beim Klick auf Google- Einträge auf eine andere Adresse um.

Nach der Infektion wurde auf dem Computer noch " Malwarebytes Anti-Malware " installiert. Dieses Programm habe ich jedoch vor den Scans immer beendet.

Es war auch Avira installiert, dies habe ich vor den Scans deinstalliert.

Auf dem Computer war eine Virtuelles Laufwerk von Clonecd installiert, das habe ich vor den Scans deinstalliert. Ich habe versucht so gut es geht nach der Anleitung für Hilfesuchende vorzugehen.

Ich habe den Username in den Logs nicht editiert da es ok ist wenn ihn jeder ließt.
Hoffe das ist ok, oder trotzdem verboten?

Hier nun die Logfiles, ich hoffe damit kann man was anfangen!?

Vielen Dank schonmal für die Hilfe!

Inhalt otl.txt:

Code:

ATTFilter

OTL logfile created on: 08.06.2013 04:39:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop\virus
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 64,86% Memory free
3,46 Gb Paging File | 2,77 Gb Available in Paging File | 80,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,79 Gb Total Space | 165,73 Gb Free Space | 75,75% Space Free | Partition Type: NTFS
Drive D: | 496,72 Mb Total Space | 496,35 Mb Free Space | 99,93% Space Free | Partition Type: FAT
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.08 03:53:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\virus\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.07.04 13:37:58 | 000,081,920 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\VSGate.exe
PRC - [2011.07.04 13:35:22 | 000,240,640 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2011.07.04 13:32:18 | 000,335,360 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe
PRC - [2011.07.04 13:30:24 | 000,373,248 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2011.07.04 13:28:22 | 001,321,984 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2011.07.04 13:25:16 | 000,477,696 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe
PRC - [2011.07.04 13:23:56 | 000,392,704 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe
PRC - [2011.05.25 00:03:56 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.05.25 00:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.17 08:17:54 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe
PRC - [2010.11.25 21:28:50 | 000,486,560 | ---- | M] (Atheros Communications) -- C:\Programme\Bluetooth Suite\BtvStack.exe
PRC - [2010.11.25 21:28:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AthBtTray.exe
PRC - [2010.11.25 21:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.30 16:08:36 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll
MOD - [2013.05.30 16:08:34 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll
MOD - [2013.05.30 16:08:32 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll
MOD - [2013.05.30 16:08:30 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll
MOD - [2013.05.30 16:08:26 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll
MOD - [2013.05.30 16:08:24 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll
MOD - [2013.05.30 16:08:21 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll
MOD - [2013.05.30 16:08:19 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll
MOD - [2013.05.30 16:08:15 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll
MOD - [2013.05.30 16:08:10 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll
MOD - [2013.05.30 16:08:00 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll
MOD - [2013.05.30 16:07:58 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll
MOD - [2013.05.30 16:07:53 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll
MOD - [2013.05.30 16:07:50 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll
MOD - [2013.05.30 16:07:49 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll
MOD - [2013.05.30 16:07:45 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll
MOD - [2013.05.30 16:07:44 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll
MOD - [2013.05.30 16:07:41 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll
MOD - [2013.05.30 16:07:40 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll
MOD - [2013.05.30 16:07:34 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.05.30 16:07:32 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.05.30 16:07:30 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll
MOD - [2013.05.30 16:07:29 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.05.30 16:07:26 | 001,204,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f564ae0bcec147d5902965cf0f4367d1\Kies.Common.DeviceService.ni.dll
MOD - [2013.05.30 16:07:20 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll
MOD - [2013.05.30 16:07:15 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.05.30 16:07:11 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll
MOD - [2013.05.30 16:06:49 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.05.30 16:06:48 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.05.30 16:06:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.05.30 16:06:41 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll
MOD - [2013.05.30 16:06:30 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.05.30 16:06:29 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.05.30 16:06:09 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\8f217eeaa66560ba63ae69c4be00ff95\DeviceHost.ni.dll
MOD - [2013.05.30 14:59:57 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll
MOD - [2013.05.30 14:59:53 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll
MOD - [2013.05.30 14:59:49 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll
MOD - [2013.05.30 14:59:47 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll
MOD - [2013.05.30 14:59:32 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll
MOD - [2013.05.30 14:59:20 | 002,176,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\12c6291066c5db8821df6c56c8254037\Kies.ni.exe
MOD - [2013.05.17 01:12:31 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.05.16 02:53:16 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.16 02:52:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.05.16 02:52:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.16 02:52:13 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.16 02:52:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.02.13 21:56:23 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.09 19:20:44 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013.01.09 19:20:00 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.09 19:19:59 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.09 19:19:58 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.09 19:19:03 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.09 19:18:57 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.09 19:16:35 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 19:15:54 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 18:54:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 18:53:38 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 18:52:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.24 12:37:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:12:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2011.07.04 13:37:58 | 000,081,920 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\VSGate.exe -- (VSGate)
SRV - [2011.07.04 13:35:22 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011.07.04 13:32:18 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011.07.04 13:30:24 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011.07.04 13:28:22 | 001,321,984 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011.07.04 13:25:16 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011.07.04 13:23:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2011.05.25 00:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.12.17 08:17:54 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg)
SRV - [2010.11.25 21:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011.10.19 14:01:06 | 000,061,744 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS)
DRV - [2011.05.25 01:25:50 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.24 23:25:22 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.04.21 21:14:40 | 002,171,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.03.30 15:46:38 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.03.17 16:11:40 | 001,284,224 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011.01.25 12:47:44 | 000,068,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.12.01 17:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.11.29 05:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.11.25 21:29:00 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.11.25 21:28:58 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.11.25 21:28:58 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.11.25 21:28:58 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.11.25 21:28:58 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.11.25 21:28:58 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.16 18:01:30 | 000,059,464 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT-USB.SYS -- (RT-USB)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008.11.23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\thdudf.sys -- (thdudf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/german?a=1eynX8MsEWa
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 8C C0 2D CE D3 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.18 20:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2013.06.04 23:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\tbs52j6a.default\extensions
[2013.05.30 08:47:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\tbs52j6a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.06.04 22:06:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\tbs52j6a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 12:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.24 12:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.05.24 12:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.24 12:37:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.24 12:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 12:37:32 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\Ross-Tech\VCDS-DRV\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CBA6B9-27BF-477F-A026-15BA60A5734D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66E9278-7A07-420D-9661-255CADC1320F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 03:55:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\virus
[2013.06.07 17:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.06.05 14:02:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.06.05 02:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.06.04 23:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.06.04 23:14:57 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.06.04 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2013.06.04 21:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.04 21:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.04 21:53:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.04 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.04 03:45:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Anti-Malware
[2013.06.04 03:45:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Programs
[2013.05.30 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.30 13:09:04 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.05.30 13:09:04 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.05.24 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 04:44:16 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 04:44:16 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 04:37:49 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.06.08 04:37:07 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Rbub.job
[2013.06.08 04:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 04:36:53 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 03:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2013.06.08 03:56:00 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.08 03:56:00 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.08 03:56:00 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.08 03:56:00 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.08 03:53:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.07 17:44:52 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.07 17:44:52 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.05 03:13:44 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.04 21:53:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 16:34:24 | 000,172,032 | RHS- | M] () -- C:\Windows\System32\userenvv.dll
[2013.05.30 13:10:45 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.05.16 22:53:22 | 000,268,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.08 03:59:28 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2013.06.07 17:44:52 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.07 17:44:52 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.05 03:13:28 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.04 21:53:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 16:34:24 | 000,172,032 | RHS- | C] () -- C:\Windows\System32\userenvv.dll
[2013.06.03 16:34:24 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Rbub.job
[2013.05.30 13:10:45 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.12 00:08:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.12 00:08:25 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.04.03 23:58:54 | 000,000,060 | ---- | C] () -- C:\Windows\ETKINST.INI
[2012.01.16 21:16:59 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.16 00:43:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2012.01.16 00:43:56 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2012.01.16 00:43:56 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2012.01.15 22:37:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.01.15 22:36:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.15 19:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.15 18:52:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.01.15 18:52:45 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.01.15 18:27:45 | 000,030,895 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2012.01.17 11:03:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3986196179-2135364849-1605121122-1000\$RPJ836A\hs2\N
[2012.01.17 14:38:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3986196179-2135364849-1605121122-1000\$RPJ836A\www\N
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.10 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2013.04.05 21:09:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVSE GmbH
[2012.07.12 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\IrfanView
[2013.03.11 23:56:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C68DE4A3

< End of report >

Inhalt extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 08.06.2013 04:39:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop\virus
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 64,86% Memory free
3,46 Gb Paging File | 2,77 Gb Available in Paging File | 80,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,79 Gb Total Space | 165,73 Gb Free Space | 75,75% Space Free | Partition Type: NTFS
Drive D: | 496,72 Mb Total Space | 496,35 Mb Free Space | 99,93% Space Free | Partition Type: FAT
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057D486E-D7ED-4BD1-B728-1B3D8138A863}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0775341C-0AB3-43CA-92BA-61EC9C2B4F21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A3EB29D-FD57-43F0-AEA5-CC58B8D883DC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0F1541D4-EB7F-4EB9-A80F-CED3CA03EFF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{207B280D-1AAF-4E07-ACD4-545FEDFC47B1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2943E932-CA9C-4307-A24A-A71E258FDBD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{305B3718-5267-4FCC-BF0B-FEE17BC392DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{306D14E1-7D63-461C-B150-4DED95E07ED2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33A27432-7DCD-4663-B9C5-9F18EF785071}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4283F507-B800-46DE-9223-FE80765AB9E8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{45E12DAE-DBB0-4952-990A-A85FF89CE3C3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4AD58A8D-FEA6-46CD-8C3E-924E603448FA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{53F6114A-5BA1-45B6-AF2E-E51CF709E2D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{887AE358-921E-4493-866D-87D9DFBAD9FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A0A7019-BB76-4E02-8396-7CFE5188265A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9531CA4C-BD9A-48BE-A4AD-386B19B14A78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99BE4CB9-63AB-457F-A666-51767EE61856}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B2A27EF-E9D2-4E6A-835E-C95D7D2A03C2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{A375A9BA-BCD6-4A14-B025-4316A5F265C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA422052-0F7D-4F47-9915-2D33E4634728}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C15DBC97-3DE7-405B-B3D5-4C5B9538BDB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C585D4CF-A874-4726-AFF5-C10F2D04E2BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EA4FBECD-760A-44E0-87A3-A1DA37582474}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E123EFE-C32E-4864-B120-6A5DBFBE96E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{152D9115-55C0-4B0B-8F18-A02E563DACDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{158219A0-C0DA-4329-AFEC-269F5749B53F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16A8578A-4C68-460F-B366-A3FFB1D099D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1ACF7CFA-445B-42AB-A929-F4E9CC164CCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{330BA3F6-0231-405D-9692-E079507DB2CF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{37B0E303-3777-45FB-BC04-345757B87705}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{38ECE08B-40DC-47C4-BC78-66A6B38D329F}" = protocol=6 | dir=out | app=system | 
"{46E80CF7-EDF2-4D07-AF4D-7BF5ACF3B377}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88D3BEB8-9C0C-4A91-8A3B-1F2164F67CAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9557849A-047C-48DB-959C-D1450FDECECF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A6A81DAE-D463-4162-861A-8C3CB1F102FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6AAF8DC-D1EE-4ABA-9DD9-EF50081597E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC6892EB-A6C3-4657-91CC-8924558B3C86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B05CA6E8-B5C9-4F93-A5DF-C93F5064659A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7EED29D-750A-44E5-86B8-353061B4568F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C96F323B-971E-49B3-BBB2-FFF510E58EBF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{CE5D49D6-E771-400B-A1FC-485867529E00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E08ABABD-E32E-468D-943C-91B30F4F488D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{E8C50F60-AF66-4966-804D-470A4493D33C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{F99C4B3D-D3ED-4784-B58D-A69680DEE0F5}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"UDP Query User{49821714-F4BD-4992-A5D4-99F593A350D3}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy
"{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All
"{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional
"{24B8FFCE-EECA-FF6B-5958-AC3913C5DC7D}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech
"{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese
"{52167B0C-FB5D-43E7-BEC5-24EE6BEE2BA0}" = DVSE Updater
"{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish
"{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian
"{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.5.1
"{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish
"{87CEDA87-B520-0F6C-0435-186697E523AB}" = ccc-utility
"{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English
"{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center
"{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish
"{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean
"{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard
"{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch
"{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"CB1867DF5BC3B742EB67B8BEA95EB3EBBF693D95" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/18/2011 2.08.14)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"COPARTS Online" = COPARTS Online
"ElsaWin" = ElsaWin
"ETKA7.3_Germany_2011" = ETKA 7.3 Germany 2011
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"IncrediMail" = IncrediMail 2.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VCDS DRV" = VCDS DRV 11.11
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2013 22:30:20 | Computer Name = Christian-PC | Source = IServOle | ID = 17
Description = IServOle(.\IServOle.cpp, 1504): Connection to aktive partner server
 failed. Fehler beim Laden der Typbibliothek/DLL.  
 
Error - 07.06.2013 22:30:21 | Computer Name = Christian-PC | Source = VSGATE | ID = 1
Description = 
 
Error - 07.06.2013 22:30:21 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1
Description = 
 
Error - 07.06.2013 22:37:10 | Computer Name = Christian-PC | Source = LCSVRHIS | ID = 1
Description = 
 
Error - 07.06.2013 22:37:11 | Computer Name = Christian-PC | Source = VSGATE | ID = 1
Description = 
 
Error - 07.06.2013 22:37:15 | Computer Name = Christian-PC | Source = VSGATE | ID = 1
Description = 
 
Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1
Description = 
 
Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = IServOle | ID = 17
Description = IServOle(.\IServOle.cpp, 1504): Connection to aktive partner server
 failed. Fehler beim Laden der Typbibliothek/DLL.  
 
Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = VSGATE | ID = 1
Description = 
 
Error - 08.06.2013 04:21:11 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1
Description = 
 
[ System Events ]
Error - 07.06.2013 22:10:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2013 22:13:21 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 07.06.2013 22:24:49 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2013 22:30:00 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.06.2013 22:36:06 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2013 22:37:12 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.06.2013 04:19:08 | Computer Name = Christian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

Inhalt gmer.log:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-08 15:59:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BPVT-22JJ5T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys


---- Kernel code sections - GMER 2.1 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C56A09 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C901F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8E438000, 0x38E905, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                         section is writeable [0x97E35400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x97ED9620]  C:\Windows\system32\drivers\hardlock.sys                                                         entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x97ED9620]
.protectÿÿÿÿhardlockunknown last code section [0x97ED9400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                         unknown last code section [0x97ED9400, 0x5126, 0xE0000020]

---- Devices - GMER 2.1 ----

AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158335ba64                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158335ba64@00195d259800         0xF0 0xDF 0x00 0xA5 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d81926106d                      
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158335ba64 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158335ba64@00195d259800             0xF0 0xDF 0x00 0xA5 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d81926106d (not active ControlSet)  

---- EOF - GMER 2.1 ----

markusg · 09.06.2013, 10:47

Hi,
wieso hast du Avira deinstaliert?

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.06.03 16:34:24 | 000,172,032 | RHS- | M] () -- C:\Windows\System32\userenvv.dll
[2013.06.03 16:34:24 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Rbub.job
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

danach:
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

noregret · 09.06.2013, 10:53

Das ist ka unglaublich, nach 1 Minute kam schon die Antwort von dir

Kann man an dieses Forum Spenden? Edit: Die Möglichkeit zum Spenden jetzt gefunden.

Danke, ich werde ausführen was du geschrieben hast.
Habe Avira installiert da ich es nicht manuell beenden konnte und für die Scans nach Anleitung hier im Forum alle anderen Virenscanner beendet sein sollen.

markusg · 09.06.2013, 11:05

hi
einfach via Rechtsklick auf den Schirm, deaktivieren, das passt.
danke fürs spenden.

noregret · 09.06.2013, 11:16

Hallo,
ich musste die Datei von OTL leider 2x hochladen da ich sie beim 1. Mal nicht ZIP- komprimiert hatte

Inhalt der OTL Textdatei (aus moved files):

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Windows\System32\userenvv.dll moved successfully.
C:\Windows\Tasks\Rbub.job moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 70469680 bytes
->Temporary Internet Files folder emptied: 282772626 bytes
->Java cache emptied: 56163 bytes
->FireFox cache emptied: 89902097 bytes
->Flash cache emptied: 153612 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: KFZ Diagnose
->Temp folder emptied: 727523 bytes
->Temporary Internet Files folder emptied: 6979364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10828375 bytes
->Flash cache emptied: 629 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 386567258 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 809,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_115744

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Inhalt aus summary-info:

Code:

ATTFilter

System volume information:	 dwHighDateTime = 0x1ccd30e,dwLowDateTime = 0xf53d0f82
System32:			 dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b
dwSerialNumber = 0xec9f8e04

markusg · 09.06.2013, 11:22

sehr gut
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

noregret · 09.06.2013, 11:40

Wie ich das sehe wurden keine schlimmen Objekte gefunden! 13 x unsigned file, medium risk

Inhalt tds LOG:

Code:

ATTFilter

12:35:15.0633 2772  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:35:16.0085 2772  ============================================================
12:35:16.0085 2772  Current date / time: 2013/06/09 12:35:16.0085
12:35:16.0085 2772  SystemInfo:
12:35:16.0085 2772  
12:35:16.0085 2772  OS Version: 6.1.7601 ServicePack: 1.0
12:35:16.0085 2772  Product type: Workstation
12:35:16.0085 2772  ComputerName: CHRISTIAN-PC
12:35:16.0085 2772  UserName: Christian
12:35:16.0085 2772  Windows directory: C:\Windows
12:35:16.0085 2772  System windows directory: C:\Windows
12:35:16.0085 2772  Processor architecture: Intel x86
12:35:16.0085 2772  Number of processors: 2
12:35:16.0085 2772  Page size: 0x1000
12:35:16.0085 2772  Boot type: Normal boot
12:35:16.0085 2772  ============================================================
12:35:18.0019 2772  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:35:18.0019 2772  ============================================================
12:35:18.0019 2772  \Device\Harddisk0\DR0:
12:35:18.0019 2772  MBR partitions:
12:35:18.0019 2772  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
12:35:18.0019 2772  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x1B592800
12:35:18.0019 2772  ============================================================
12:35:18.0051 2772  C: <-> \Device\Harddisk0\DR0\Partition2
12:35:18.0051 2772  ============================================================
12:35:18.0051 2772  Initialize success
12:35:18.0051 2772  ============================================================
12:35:58.0642 2400  ============================================================
12:35:58.0642 2400  Scan started
12:35:58.0642 2400  Mode: Manual; SigCheck; TDLFS; 
12:35:58.0642 2400  ============================================================
12:35:59.0188 2400  ================ Scan system memory ========================
12:35:59.0188 2400  System memory - ok
12:35:59.0188 2400  ================ Scan services =============================
12:35:59.0438 2400  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:35:59.0609 2400  1394ohci - ok
12:35:59.0672 2400  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:35:59.0703 2400  ACPI - ok
12:35:59.0734 2400  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:35:59.0781 2400  AcpiPmi - ok
12:35:59.0968 2400  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:35:59.0999 2400  AdobeARMservice - ok
12:36:00.0077 2400  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:00.0108 2400  AdobeFlashPlayerUpdateSvc - ok
12:36:00.0171 2400  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:36:00.0218 2400  adp94xx - ok
12:36:00.0264 2400  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:36:00.0296 2400  adpahci - ok
12:36:00.0327 2400  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:36:00.0358 2400  adpu320 - ok
12:36:00.0405 2400  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:36:00.0498 2400  AeLookupSvc - ok
12:36:00.0545 2400  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:36:00.0608 2400  AFD - ok
12:36:00.0639 2400  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:36:00.0670 2400  agp440 - ok
12:36:00.0717 2400  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:36:00.0732 2400  aic78xx - ok
12:36:00.0779 2400  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:36:00.0857 2400  ALG - ok
12:36:00.0888 2400  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:36:00.0920 2400  aliide - ok
12:36:00.0966 2400  [ D16B67B26A1096EDF8B57D03513ECFA7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:36:01.0029 2400  AMD External Events Utility - ok
12:36:01.0060 2400  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:36:01.0091 2400  amdagp - ok
12:36:01.0107 2400  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:36:01.0138 2400  amdide - ok
12:36:01.0185 2400  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:36:01.0216 2400  AmdK8 - ok
12:36:01.0481 2400  [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:36:01.0856 2400  amdkmdag - ok
12:36:01.0902 2400  [ 60643C3ABE28015269A62EB3DD4A49F4 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:36:01.0949 2400  amdkmdap - ok
12:36:01.0996 2400  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:36:02.0074 2400  AmdPPM - ok
12:36:02.0136 2400  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:36:02.0168 2400  amdsata - ok
12:36:02.0214 2400  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:36:02.0246 2400  amdsbs - ok
12:36:02.0261 2400  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:36:02.0292 2400  amdxata - ok
12:36:02.0355 2400  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:36:02.0433 2400  AppID - ok
12:36:02.0495 2400  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:36:02.0573 2400  AppIDSvc - ok
12:36:02.0604 2400  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
12:36:02.0651 2400  Appinfo - ok
12:36:02.0698 2400  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:36:02.0760 2400  AppMgmt - ok
12:36:02.0807 2400  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:36:02.0838 2400  arc - ok
12:36:02.0854 2400  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:36:02.0885 2400  arcsas - ok
12:36:02.0932 2400  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:36:02.0994 2400  AsyncMac - ok
12:36:03.0026 2400  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:36:03.0057 2400  atapi - ok
12:36:03.0104 2400  [ 882EDBAFCC227852C9DCA23EA48D2E78 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
12:36:03.0166 2400  AthBTPort - ok
12:36:03.0228 2400  [ CFE2A4535711A08AA724F50083C3EA7F ] AtherosSvc      C:\Program Files\Bluetooth Suite\adminservice.exe
12:36:03.0275 2400  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
12:36:03.0275 2400  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
12:36:03.0369 2400  [ BB8E7DFBAFC81E2FDC2D75B5B3958005 ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:36:03.0494 2400  athr - ok
12:36:03.0572 2400  [ 45FE74599FBA4070E7C7DAC928896474 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:36:03.0634 2400  AtiHDAudioService - ok
12:36:03.0696 2400  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:36:03.0806 2400  AudioEndpointBuilder - ok
12:36:03.0852 2400  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:36:03.0915 2400  Audiosrv - ok
12:36:03.0962 2400  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:36:04.0071 2400  AxInstSV - ok
12:36:04.0118 2400  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:36:04.0196 2400  b06bdrv - ok
12:36:04.0258 2400  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:36:04.0305 2400  b57nd60x - ok
12:36:04.0367 2400  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:36:04.0398 2400  BDESVC - ok
12:36:04.0430 2400  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:36:04.0508 2400  Beep - ok
12:36:04.0570 2400  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:36:04.0648 2400  BFE - ok
12:36:04.0695 2400  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:36:04.0788 2400  BITS - ok
12:36:04.0804 2400  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:36:04.0851 2400  blbdrive - ok
12:36:04.0898 2400  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:36:04.0944 2400  bowser - ok
12:36:04.0991 2400  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:36:05.0022 2400  BrFiltLo - ok
12:36:05.0038 2400  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:36:05.0085 2400  BrFiltUp - ok
12:36:05.0132 2400  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:36:05.0178 2400  Browser - ok
12:36:05.0225 2400  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:36:05.0288 2400  Brserid - ok
12:36:05.0319 2400  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:36:05.0350 2400  BrSerWdm - ok
12:36:05.0381 2400  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:36:05.0428 2400  BrUsbMdm - ok
12:36:05.0444 2400  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:36:05.0490 2400  BrUsbSer - ok
12:36:05.0537 2400  [ D57BC943ED4EF85A51165F408E4C15A7 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
12:36:05.0615 2400  BTATH_A2DP - ok
12:36:05.0646 2400  [ F60E0C722442EA91F0C253B7814D8192 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
12:36:05.0693 2400  BTATH_BUS - ok
12:36:05.0740 2400  [ F31E369DB8258B28E3DCF66705AEA9E9 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:36:05.0771 2400  BTATH_HCRP - ok
12:36:05.0787 2400  [ 6651798266FDE23159D961463A63A77D ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:36:05.0834 2400  BTATH_LWFLT - ok
12:36:05.0865 2400  [ 08EF5298DF80BC136523BCD2ED8B9C37 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
12:36:05.0927 2400  BTATH_RCP - ok
12:36:06.0021 2400  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:36:06.0099 2400  BthEnum - ok
12:36:06.0114 2400  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:36:06.0146 2400  BTHMODEM - ok
12:36:06.0192 2400  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:36:06.0239 2400  BthPan - ok
12:36:06.0270 2400  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:36:06.0348 2400  BTHPORT - ok
12:36:06.0395 2400  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:36:06.0504 2400  bthserv - ok
12:36:06.0551 2400  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:36:06.0598 2400  BTHUSB - ok
12:36:06.0629 2400  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:36:06.0707 2400  cdfs - ok
12:36:06.0738 2400  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:36:06.0785 2400  cdrom - ok
12:36:06.0848 2400  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:36:06.0926 2400  CertPropSvc - ok
12:36:06.0957 2400  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:36:06.0988 2400  circlass - ok
12:36:07.0050 2400  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:36:07.0097 2400  CLFS - ok
12:36:07.0175 2400  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:07.0206 2400  clr_optimization_v2.0.50727_32 - ok
12:36:07.0300 2400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:36:07.0331 2400  clr_optimization_v4.0.30319_32 - ok
12:36:07.0362 2400  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:36:07.0394 2400  CmBatt - ok
12:36:07.0440 2400  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:36:07.0456 2400  cmdide - ok
12:36:07.0503 2400  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:36:07.0565 2400  CNG - ok
12:36:07.0643 2400  [ EC51045DF9BEED090A5A900BD018FCD0 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
12:36:07.0737 2400  CnxtHdAudService - ok
12:36:07.0784 2400  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:36:07.0815 2400  Compbatt - ok
12:36:07.0862 2400  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:36:07.0908 2400  CompositeBus - ok
12:36:07.0924 2400  COMSysApp - ok
12:36:07.0955 2400  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:36:07.0986 2400  crcdisk - ok
12:36:08.0049 2400  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:36:08.0096 2400  CryptSvc - ok
12:36:08.0127 2400  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
12:36:08.0174 2400  CSC - ok
12:36:08.0236 2400  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
12:36:08.0283 2400  CscService - ok
12:36:08.0330 2400  [ A4E503CE89CD1287892CB6AB58BBE75C ] CxAudMsg        C:\Windows\system32\CxAudMsg32.exe
12:36:08.0361 2400  CxAudMsg - ok
12:36:08.0392 2400  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:36:08.0486 2400  DcomLaunch - ok
12:36:08.0532 2400  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:36:08.0610 2400  defragsvc - ok
12:36:08.0642 2400  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:36:08.0720 2400  DfsC - ok
12:36:08.0798 2400  [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:36:08.0829 2400  dg_ssudbus - ok
12:36:08.0876 2400  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:36:08.0938 2400  Dhcp - ok
12:36:09.0000 2400  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:36:09.0078 2400  discache - ok
12:36:09.0110 2400  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:36:09.0141 2400  Disk - ok
12:36:09.0172 2400  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:36:09.0234 2400  Dnscache - ok
12:36:09.0281 2400  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:36:09.0359 2400  dot3svc - ok
12:36:09.0390 2400  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:36:09.0484 2400  DPS - ok
12:36:09.0624 2400  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:36:09.0734 2400  drmkaud - ok
12:36:09.0905 2400  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:36:09.0983 2400  DXGKrnl - ok
12:36:10.0030 2400  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:36:10.0108 2400  EapHost - ok
12:36:10.0233 2400  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:36:10.0404 2400  ebdrv - ok
12:36:10.0451 2400  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:36:10.0482 2400  EFS - ok
12:36:10.0560 2400  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:36:10.0685 2400  ehRecvr - ok
12:36:10.0716 2400  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:36:10.0779 2400  ehSched - ok
12:36:10.0841 2400  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:36:10.0888 2400  elxstor - ok
12:36:10.0919 2400  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:36:10.0966 2400  ErrDev - ok
12:36:11.0028 2400  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:36:11.0091 2400  EventSystem - ok
12:36:11.0138 2400  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:36:11.0216 2400  exfat - ok
12:36:11.0247 2400  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:36:11.0325 2400  fastfat - ok
12:36:11.0372 2400  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:36:11.0450 2400  Fax - ok
12:36:11.0496 2400  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:36:11.0543 2400  fdc - ok
12:36:11.0606 2400  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:36:11.0668 2400  fdPHost - ok
12:36:11.0699 2400  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:36:11.0777 2400  FDResPub - ok
12:36:11.0793 2400  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:36:11.0824 2400  FileInfo - ok
12:36:11.0855 2400  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:36:11.0933 2400  Filetrace - ok
12:36:11.0949 2400  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:36:11.0996 2400  flpydisk - ok
12:36:12.0058 2400  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:36:12.0089 2400  FltMgr - ok
12:36:12.0183 2400  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
12:36:12.0276 2400  FontCache - ok
12:36:12.0339 2400  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:12.0370 2400  FontCache3.0.0.0 - ok
12:36:12.0417 2400  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:36:12.0432 2400  FsDepends - ok
12:36:12.0495 2400  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
12:36:12.0526 2400  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:36:12.0526 2400  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:36:12.0588 2400  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
12:36:12.0620 2400  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
12:36:12.0620 2400  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
12:36:12.0666 2400  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:36:12.0682 2400  Fs_Rec - ok
12:36:12.0744 2400  [ 55B99D22A9F3884ED14B587C901FA0DB ] FTDIBUS         C:\Windows\system32\drivers\ai-usb.sys
12:36:12.0791 2400  FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
12:36:12.0791 2400  FTDIBUS - detected UnsignedFile.Multi.Generic (1)
12:36:12.0838 2400  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:36:12.0869 2400  fvevol - ok
12:36:12.0916 2400  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:36:12.0947 2400  gagp30kx - ok
12:36:12.0994 2400  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:36:13.0088 2400  gpsvc - ok
12:36:13.0166 2400  [ D95554949082FD29A04D351B58396718 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
12:36:13.0228 2400  Hardlock - ok
12:36:13.0275 2400  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:36:13.0337 2400  hcw85cir - ok
12:36:13.0384 2400  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:36:13.0446 2400  HdAudAddService - ok
12:36:13.0493 2400  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:36:13.0540 2400  HDAudBus - ok
12:36:13.0556 2400  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:36:13.0602 2400  HidBatt - ok
12:36:13.0634 2400  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:36:13.0680 2400  HidBth - ok
12:36:13.0727 2400  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:36:13.0774 2400  HidIr - ok
12:36:13.0805 2400  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:36:13.0883 2400  hidserv - ok
12:36:13.0946 2400  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:36:13.0992 2400  HidUsb - ok
12:36:14.0024 2400  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:36:14.0102 2400  hkmsvc - ok
12:36:14.0148 2400  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:36:14.0211 2400  HomeGroupListener - ok
12:36:14.0242 2400  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:36:14.0289 2400  HomeGroupProvider - ok
12:36:14.0320 2400  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:36:14.0351 2400  HpSAMD - ok
12:36:14.0398 2400  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:36:14.0476 2400  HTTP - ok
12:36:14.0507 2400  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:36:14.0523 2400  hwpolicy - ok
12:36:14.0570 2400  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:36:14.0616 2400  i8042prt - ok
12:36:14.0648 2400  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:36:14.0694 2400  iaStorV - ok
12:36:14.0788 2400  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:14.0866 2400  idsvc - ok
12:36:14.0928 2400  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:36:14.0960 2400  iirsp - ok
12:36:15.0022 2400  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:36:15.0116 2400  IKEEXT - ok
12:36:15.0147 2400  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:36:15.0178 2400  intelide - ok
12:36:15.0209 2400  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:36:15.0256 2400  intelppm - ok
12:36:15.0287 2400  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:36:15.0350 2400  IPBusEnum - ok
12:36:15.0396 2400  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:36:15.0474 2400  IpFilterDriver - ok
12:36:15.0521 2400  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:36:15.0584 2400  iphlpsvc - ok
12:36:15.0630 2400  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:36:15.0677 2400  IPMIDRV - ok
12:36:15.0693 2400  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:36:15.0771 2400  IPNAT - ok
12:36:15.0786 2400  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:36:15.0833 2400  IRENUM - ok
12:36:15.0864 2400  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:36:15.0896 2400  isapnp - ok
12:36:15.0927 2400  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:36:15.0958 2400  iScsiPrt - ok
12:36:15.0974 2400  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:36:16.0005 2400  kbdclass - ok
12:36:16.0052 2400  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:36:16.0083 2400  kbdhid - ok
12:36:16.0114 2400  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:36:16.0130 2400  KeyIso - ok
12:36:16.0176 2400  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:36:16.0208 2400  KSecDD - ok
12:36:16.0239 2400  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:36:16.0270 2400  KSecPkg - ok
12:36:16.0317 2400  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:36:16.0410 2400  KtmRm - ok
12:36:16.0457 2400  [ F3E1024A2FD8C62AF7BD4DAB147D3256 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
12:36:16.0473 2400  L1C - ok
12:36:16.0504 2400  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:36:16.0582 2400  LanmanServer - ok
12:36:16.0613 2400  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:36:16.0660 2400  LanmanWorkstation - ok
12:36:16.0800 2400  [ 2F5A3B202E772285E8F413B5138024E7 ] LcSvrAdm        C:\ElsaWin\bin\LcSvrAdm.exe
12:36:16.0847 2400  LcSvrAdm ( UnsignedFile.Multi.Generic ) - warning
12:36:16.0847 2400  LcSvrAdm - detected UnsignedFile.Multi.Generic (1)
12:36:16.0941 2400  [ B0020F2D5CA4DA6D59522F22F84D4CE8 ] LcSvrAuf        C:\ElsaWin\bin\LcSvrAuf.exe
12:36:17.0019 2400  LcSvrAuf ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0019 2400  LcSvrAuf - detected UnsignedFile.Multi.Generic (1)
12:36:17.0066 2400  [ 292CB3C3D00C7E4A17CCDD5920FAA2BF ] LcSvrDba        C:\ElsaWin\bin\LcSvrDba.exe
12:36:17.0112 2400  LcSvrDba ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0112 2400  LcSvrDba - detected UnsignedFile.Multi.Generic (1)
12:36:17.0144 2400  [ 1A634A6E80A436B53623757A4DF9165A ] LcSvrHis        C:\ElsaWin\bin\LcSvrHis.exe
12:36:17.0175 2400  LcSvrHis ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0175 2400  LcSvrHis - detected UnsignedFile.Multi.Generic (1)
12:36:17.0268 2400  [ B8A3F27CD1527F509DA4C3E0E843299E ] LcSvrPAS        C:\ElsaWin\bin\LcSvrPas.exe
12:36:17.0300 2400  LcSvrPAS ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0300 2400  LcSvrPAS - detected UnsignedFile.Multi.Generic (1)
12:36:17.0346 2400  [ 7B50D309BCE57162A5E4383FC003E477 ] LcSvrSaz        C:\ElsaWin\bin\LcSvrSaz.exe
12:36:17.0393 2400  LcSvrSaz ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0393 2400  LcSvrSaz - detected UnsignedFile.Multi.Generic (1)
12:36:17.0440 2400  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:36:17.0518 2400  lltdio - ok
12:36:17.0549 2400  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:36:17.0627 2400  lltdsvc - ok
12:36:17.0658 2400  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:36:17.0736 2400  lmhosts - ok
12:36:17.0783 2400  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:36:17.0799 2400  LSI_FC - ok
12:36:17.0830 2400  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:36:17.0846 2400  LSI_SAS - ok
12:36:17.0877 2400  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:36:17.0908 2400  LSI_SAS2 - ok
12:36:17.0939 2400  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:36:17.0970 2400  LSI_SCSI - ok
12:36:18.0002 2400  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:36:18.0080 2400  luafv - ok
12:36:18.0158 2400  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:36:18.0173 2400  MBAMProtector - ok
12:36:18.0267 2400  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:36:18.0314 2400  MBAMScheduler - ok
12:36:18.0360 2400  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:36:18.0407 2400  MBAMService - ok
12:36:18.0423 2400  mcdbus - ok
12:36:18.0470 2400  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:36:18.0501 2400  Mcx2Svc - ok
12:36:18.0548 2400  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:36:18.0563 2400  megasas - ok
12:36:18.0610 2400  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:36:18.0641 2400  MegaSR - ok
12:36:18.0672 2400  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:36:18.0735 2400  MMCSS - ok
12:36:18.0766 2400  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:36:18.0844 2400  Modem - ok
12:36:18.0875 2400  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:36:18.0922 2400  monitor - ok
12:36:18.0953 2400  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:36:18.0984 2400  mouclass - ok
12:36:19.0016 2400  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:36:19.0062 2400  mouhid - ok
12:36:19.0094 2400  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:36:19.0125 2400  mountmgr - ok
12:36:19.0218 2400  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:36:19.0250 2400  MozillaMaintenance - ok
12:36:19.0281 2400  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:36:19.0312 2400  mpio - ok
12:36:19.0343 2400  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:36:19.0421 2400  mpsdrv - ok
12:36:19.0484 2400  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:36:19.0562 2400  MpsSvc - ok
12:36:19.0608 2400  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:36:19.0686 2400  MRxDAV - ok
12:36:19.0733 2400  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:19.0764 2400  mrxsmb - ok
12:36:19.0796 2400  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:19.0842 2400  mrxsmb10 - ok
12:36:19.0874 2400  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:19.0905 2400  mrxsmb20 - ok
12:36:19.0952 2400  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:36:19.0967 2400  msahci - ok
12:36:20.0014 2400  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:36:20.0030 2400  msdsm - ok
12:36:20.0076 2400  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:36:20.0123 2400  MSDTC - ok
12:36:20.0186 2400  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:36:20.0232 2400  Msfs - ok
12:36:20.0264 2400  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:36:20.0342 2400  mshidkmdf - ok
12:36:20.0373 2400  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:36:20.0388 2400  msisadrv - ok
12:36:20.0451 2400  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:36:20.0513 2400  MSiSCSI - ok
12:36:20.0529 2400  msiserver - ok
12:36:20.0576 2400  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:36:20.0638 2400  MSKSSRV - ok
12:36:20.0669 2400  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:20.0732 2400  MSPCLOCK - ok
12:36:20.0763 2400  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:36:20.0841 2400  MSPQM - ok
12:36:20.0872 2400  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:36:20.0903 2400  MsRPC - ok
12:36:20.0934 2400  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:36:20.0966 2400  mssmbios - ok
12:36:20.0981 2400  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:36:21.0044 2400  MSTEE - ok
12:36:21.0075 2400  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:36:21.0106 2400  MTConfig - ok
12:36:21.0122 2400  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:36:21.0153 2400  Mup - ok
12:36:21.0200 2400  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:36:21.0278 2400  napagent - ok
12:36:21.0324 2400  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:36:21.0387 2400  NativeWifiP - ok
12:36:21.0449 2400  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:36:21.0496 2400  NDIS - ok
12:36:21.0512 2400  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:36:21.0590 2400  NdisCap - ok
12:36:21.0605 2400  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:36:21.0683 2400  NdisTapi - ok
12:36:21.0746 2400  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:36:21.0824 2400  Ndisuio - ok
12:36:21.0855 2400  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:36:21.0933 2400  NdisWan - ok
12:36:21.0995 2400  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:36:22.0073 2400  NDProxy - ok
12:36:22.0104 2400  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:36:22.0182 2400  NetBIOS - ok
12:36:22.0214 2400  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:36:22.0307 2400  NetBT - ok
12:36:22.0323 2400  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:36:22.0354 2400  Netlogon - ok
12:36:22.0401 2400  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:36:22.0479 2400  Netman - ok
12:36:22.0510 2400  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:36:22.0588 2400  netprofm - ok
12:36:22.0635 2400  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:22.0682 2400  NetTcpPortSharing - ok
12:36:22.0728 2400  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:36:22.0760 2400  nfrd960 - ok
12:36:22.0806 2400  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:36:22.0853 2400  NlaSvc - ok
12:36:22.0884 2400  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:36:22.0962 2400  Npfs - ok
12:36:23.0009 2400  [ F8E396F5E703D7A8F37D90F59C776268 ] NSHE            C:\Windows\system32\Drivers\NSHE.SYS
12:36:23.0056 2400  NSHE ( UnsignedFile.Multi.Generic ) - warning
12:36:23.0056 2400  NSHE - detected UnsignedFile.Multi.Generic (1)
12:36:23.0087 2400  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:36:23.0150 2400  nsi - ok
12:36:23.0181 2400  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:36:23.0243 2400  nsiproxy - ok
12:36:23.0321 2400  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:36:23.0415 2400  Ntfs - ok
12:36:23.0430 2400  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:36:23.0493 2400  Null - ok
12:36:23.0555 2400  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:36:23.0571 2400  nvraid - ok
12:36:23.0618 2400  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:36:23.0649 2400  nvstor - ok
12:36:23.0664 2400  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:36:23.0696 2400  nv_agp - ok
12:36:23.0727 2400  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:36:23.0774 2400  ohci1394 - ok
12:36:23.0820 2400  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:36:23.0883 2400  p2pimsvc - ok
12:36:23.0914 2400  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:36:24.0008 2400  p2psvc - ok
12:36:24.0070 2400  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:36:24.0117 2400  Parport - ok
12:36:24.0179 2400  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:36:24.0195 2400  partmgr - ok
12:36:24.0226 2400  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:36:24.0273 2400  Parvdm - ok
12:36:24.0304 2400  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:36:24.0351 2400  PcaSvc - ok
12:36:24.0382 2400  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:36:24.0413 2400  pci - ok
12:36:24.0444 2400  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:36:24.0460 2400  pciide - ok
12:36:24.0491 2400  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:36:24.0522 2400  pcmcia - ok
12:36:24.0554 2400  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:36:24.0569 2400  pcw - ok
12:36:24.0632 2400  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:36:24.0741 2400  PEAUTH - ok
12:36:24.0803 2400  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:36:24.0881 2400  PeerDistSvc - ok
12:36:25.0006 2400  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:36:25.0146 2400  pla - ok
12:36:25.0193 2400  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:36:25.0240 2400  PlugPlay - ok
12:36:25.0271 2400  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:36:25.0318 2400  PNRPAutoReg - ok
12:36:25.0349 2400  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:36:25.0380 2400  PNRPsvc - ok
12:36:25.0412 2400  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:36:25.0490 2400  PolicyAgent - ok
12:36:25.0521 2400  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:36:25.0599 2400  Power - ok
12:36:25.0646 2400  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:36:25.0739 2400  PptpMiniport - ok
12:36:25.0770 2400  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:36:25.0802 2400  Processor - ok
12:36:25.0848 2400  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:36:25.0926 2400  ProfSvc - ok
12:36:25.0958 2400  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:36:25.0973 2400  ProtectedStorage - ok
12:36:26.0004 2400  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:36:26.0067 2400  Psched - ok
12:36:26.0129 2400  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:36:26.0238 2400  ql2300 - ok
12:36:26.0270 2400  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:36:26.0301 2400  ql40xx - ok
12:36:26.0348 2400  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:36:26.0410 2400  QWAVE - ok
12:36:26.0426 2400  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:36:26.0457 2400  QWAVEdrv - ok
12:36:26.0488 2400  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:36:26.0550 2400  RasAcd - ok
12:36:26.0597 2400  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:36:26.0660 2400  RasAgileVpn - ok
12:36:26.0675 2400  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:36:26.0753 2400  RasAuto - ok
12:36:26.0784 2400  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:36:26.0847 2400  Rasl2tp - ok
12:36:26.0894 2400  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:36:26.0972 2400  RasMan - ok
12:36:27.0003 2400  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:36:27.0065 2400  RasPppoe - ok
12:36:27.0096 2400  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:36:27.0174 2400  RasSstp - ok
12:36:27.0221 2400  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:36:27.0315 2400  rdbss - ok
12:36:27.0346 2400  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:36:27.0393 2400  rdpbus - ok
12:36:27.0440 2400  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:36:27.0502 2400  RDPCDD - ok
12:36:27.0549 2400  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:36:27.0596 2400  RDPDR - ok
12:36:27.0627 2400  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:36:27.0689 2400  RDPENCDD - ok
12:36:27.0705 2400  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:36:27.0767 2400  RDPREFMP - ok
12:36:27.0830 2400  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:36:27.0876 2400  RdpVideoMiniport - ok
12:36:27.0923 2400  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:36:28.0001 2400  RDPWD - ok
12:36:28.0048 2400  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:36:28.0079 2400  rdyboost - ok
12:36:28.0095 2400  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:36:28.0173 2400  RemoteAccess - ok
12:36:28.0204 2400  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:36:28.0298 2400  RemoteRegistry - ok
12:36:28.0344 2400  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:36:28.0391 2400  RFCOMM - ok
12:36:28.0438 2400  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:36:28.0500 2400  RpcEptMapper - ok
12:36:28.0563 2400  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:36:28.0625 2400  RpcLocator - ok
12:36:28.0656 2400  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:36:28.0734 2400  RpcSs - ok
12:36:28.0781 2400  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:36:28.0859 2400  rspndr - ok
12:36:28.0937 2400  [ C5ACB4D2CA623F678257B0844BD1AC8A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:36:28.0968 2400  RSUSBSTOR - ok
12:36:29.0015 2400  [ F1813D9E031B0E2E090AC6489FFD1007 ] RT-USB          C:\Windows\system32\drivers\RT-USB.SYS
12:36:29.0046 2400  RT-USB - ok
12:36:29.0078 2400  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:36:29.0124 2400  s3cap - ok
12:36:29.0156 2400  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:36:29.0171 2400  SamSs - ok
12:36:29.0218 2400  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:36:29.0249 2400  sbp2port - ok
12:36:29.0296 2400  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:36:29.0374 2400  SCardSvr - ok
12:36:29.0405 2400  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:36:29.0483 2400  scfilter - ok
12:36:29.0546 2400  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:36:29.0670 2400  Schedule - ok
12:36:29.0702 2400  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:36:29.0764 2400  SCPolicySvc - ok
12:36:29.0811 2400  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:36:29.0873 2400  SDRSVC - ok
12:36:29.0920 2400  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:36:29.0998 2400  secdrv - ok
12:36:30.0045 2400  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:36:30.0123 2400  seclogon - ok
12:36:30.0154 2400  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:36:30.0232 2400  SENS - ok
12:36:30.0263 2400  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:36:30.0341 2400  SensrSvc - ok
12:36:30.0357 2400  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:36:30.0404 2400  Serenum - ok
12:36:30.0435 2400  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:36:30.0482 2400  Serial - ok
12:36:30.0513 2400  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:36:30.0544 2400  sermouse - ok
12:36:30.0606 2400  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:36:30.0684 2400  SessionEnv - ok
12:36:30.0731 2400  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:36:30.0762 2400  sffdisk - ok
12:36:30.0794 2400  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:36:30.0840 2400  sffp_mmc - ok
12:36:30.0872 2400  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:36:30.0934 2400  sffp_sd - ok
12:36:30.0965 2400  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:36:30.0996 2400  sfloppy - ok
12:36:31.0043 2400  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:36:31.0137 2400  SharedAccess - ok
12:36:31.0168 2400  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:36:31.0262 2400  ShellHWDetection - ok
12:36:31.0293 2400  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:36:31.0324 2400  sisagp - ok
12:36:31.0355 2400  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:36:31.0386 2400  SiSRaid2 - ok
12:36:31.0418 2400  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:36:31.0449 2400  SiSRaid4 - ok
12:36:31.0480 2400  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:36:31.0558 2400  Smb - ok
12:36:31.0620 2400  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:36:31.0667 2400  SNMPTRAP - ok
12:36:31.0714 2400  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:36:31.0730 2400  spldr - ok
12:36:31.0792 2400  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:36:31.0854 2400  Spooler - ok
12:36:31.0964 2400  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:36:32.0104 2400  sppsvc - ok
12:36:32.0151 2400  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:36:32.0229 2400  sppuinotify - ok
12:36:32.0276 2400  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:36:32.0322 2400  srv - ok
12:36:32.0354 2400  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:36:32.0385 2400  srv2 - ok
12:36:32.0432 2400  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:36:32.0463 2400  srvnet - ok
12:36:32.0494 2400  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:36:32.0588 2400  SSDPSRV - ok
12:36:32.0619 2400  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:36:32.0697 2400  SstpSvc - ok
12:36:32.0775 2400  [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:36:32.0806 2400  ssudmdm - ok
12:36:32.0837 2400  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:36:32.0853 2400  stexstor - ok
12:36:32.0915 2400  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:36:32.0993 2400  StiSvc - ok
12:36:33.0009 2400  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:36:33.0040 2400  storflt - ok
12:36:33.0071 2400  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:36:33.0102 2400  storvsc - ok
12:36:33.0134 2400  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:36:33.0149 2400  swenum - ok
12:36:33.0196 2400  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:36:33.0290 2400  swprv - ok
12:36:33.0336 2400  Synth3dVsc - ok
12:36:33.0430 2400  [ 2838469A286318ECDD4604D82AF557D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:36:33.0524 2400  SynTP - ok
12:36:33.0586 2400  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:36:33.0664 2400  SysMain - ok
12:36:33.0711 2400  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:36:33.0773 2400  TabletInputService - ok
12:36:33.0820 2400  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:36:33.0898 2400  TapiSrv - ok
12:36:33.0929 2400  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:36:34.0007 2400  TBS - ok
12:36:34.0085 2400  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:36:34.0194 2400  Tcpip - ok
12:36:34.0257 2400  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:36:34.0319 2400  TCPIP6 - ok
12:36:34.0382 2400  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:36:34.0397 2400  tcpipreg - ok
12:36:34.0444 2400  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:36:34.0506 2400  TDPIPE - ok
12:36:34.0538 2400  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:36:34.0584 2400  TDTCP - ok
12:36:34.0616 2400  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:36:34.0678 2400  tdx - ok
12:36:34.0725 2400  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:36:34.0740 2400  TermDD - ok
12:36:34.0803 2400  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:36:34.0865 2400  TermService - ok
12:36:34.0896 2400  [ 9D4BBD6E27B5562AEA8295DE7134E386 ] thdudf          C:\Windows\system32\DRIVERS\thdudf.sys
12:36:34.0912 2400  thdudf ( UnsignedFile.Multi.Generic ) - warning
12:36:34.0912 2400  thdudf - detected UnsignedFile.Multi.Generic (1)
12:36:34.0943 2400  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:36:34.0990 2400  Themes - ok
12:36:35.0021 2400  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:36:35.0084 2400  THREADORDER - ok
12:36:35.0130 2400  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:36:35.0208 2400  TrkWks - ok
12:36:35.0271 2400  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:36:35.0349 2400  TrustedInstaller - ok
12:36:35.0380 2400  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:36:35.0442 2400  tssecsrv - ok
12:36:35.0474 2400  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:36:35.0536 2400  TsUsbFlt - ok
12:36:35.0552 2400  tsusbhub - ok
12:36:35.0614 2400  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:36:35.0676 2400  tunnel - ok
12:36:35.0739 2400  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:36:35.0770 2400  uagp35 - ok
12:36:35.0801 2400  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:36:35.0879 2400  udfs - ok
12:36:35.0942 2400  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:36:35.0988 2400  UI0Detect - ok
12:36:36.0051 2400  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:36:36.0082 2400  uliagpkx - ok
12:36:36.0129 2400  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
12:36:36.0160 2400  umbus - ok
12:36:36.0176 2400  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:36:36.0222 2400  UmPass - ok
12:36:36.0269 2400  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:36:36.0316 2400  UmRdpService - ok
12:36:36.0363 2400  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:36:36.0425 2400  upnphost - ok
12:36:36.0441 2400  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:36:36.0472 2400  usbccgp - ok
12:36:36.0503 2400  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:36:36.0534 2400  usbcir - ok
12:36:36.0566 2400  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:36:36.0612 2400  usbehci - ok
12:36:36.0644 2400  [ 56E89C8E05A987A49FFA595428FB9767 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
12:36:36.0675 2400  usbfilter - ok
12:36:36.0722 2400  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:36:36.0753 2400  usbhub - ok
12:36:36.0768 2400  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:36:36.0815 2400  usbohci - ok
12:36:36.0878 2400  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:36:36.0924 2400  usbprint - ok
12:36:36.0971 2400  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:36:37.0002 2400  usbscan - ok
12:36:37.0049 2400  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
12:36:37.0112 2400  usbser - ok
12:36:37.0143 2400  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:36:37.0190 2400  USBSTOR - ok
12:36:37.0221 2400  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:36:37.0252 2400  usbuhci - ok
12:36:37.0299 2400  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:36:37.0346 2400  usbvideo - ok
12:36:37.0392 2400  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:36:37.0455 2400  UxSms - ok
12:36:37.0502 2400  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:36:37.0517 2400  VaultSvc - ok
12:36:37.0580 2400  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
12:36:37.0658 2400  VClone - ok
12:36:37.0689 2400  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:36:37.0704 2400  vdrvroot - ok
12:36:37.0767 2400  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:36:37.0860 2400  vds - ok
12:36:37.0892 2400  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:36:37.0923 2400  vga - ok
12:36:37.0970 2400  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:36:38.0048 2400  VgaSave - ok
12:36:38.0063 2400  VGPU - ok
12:36:38.0110 2400  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:36:38.0141 2400  vhdmp - ok
12:36:38.0172 2400  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:36:38.0204 2400  viaagp - ok
12:36:38.0235 2400  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:36:38.0266 2400  ViaC7 - ok
12:36:38.0282 2400  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:36:38.0313 2400  viaide - ok
12:36:38.0344 2400  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:36:38.0375 2400  vmbus - ok
12:36:38.0391 2400  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:36:38.0422 2400  VMBusHID - ok
12:36:38.0453 2400  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:36:38.0484 2400  volmgr - ok
12:36:38.0500 2400  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:36:38.0547 2400  volmgrx - ok
12:36:38.0578 2400  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:36:38.0609 2400  volsnap - ok
12:36:38.0672 2400  [ DFCCE776E721854F368046C5A6454A84 ] VSGate          C:\ElsaWin\bin\VSgate.exe
12:36:38.0687 2400  VSGate ( UnsignedFile.Multi.Generic ) - warning
12:36:38.0687 2400  VSGate - detected UnsignedFile.Multi.Generic (1)
12:36:38.0734 2400  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:36:38.0765 2400  vsmraid - ok
12:36:38.0828 2400  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:36:38.0952 2400  VSS - ok
12:36:38.0984 2400  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:36:39.0015 2400  vwifibus - ok
12:36:39.0030 2400  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:36:39.0093 2400  vwififlt - ok
12:36:39.0140 2400  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:36:39.0171 2400  vwifimp - ok
12:36:39.0218 2400  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:36:39.0296 2400  W32Time - ok
12:36:39.0327 2400  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:36:39.0358 2400  WacomPen - ok
12:36:39.0389 2400  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:36:39.0452 2400  WANARP - ok
12:36:39.0467 2400  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:36:39.0530 2400  Wanarpv6 - ok
12:36:39.0592 2400  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:36:39.0717 2400  wbengine - ok
12:36:39.0748 2400  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:36:39.0795 2400  WbioSrvc - ok
12:36:39.0842 2400  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:36:39.0904 2400  wcncsvc - ok
12:36:39.0935 2400  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:36:39.0966 2400  WcsPlugInService - ok
12:36:40.0013 2400  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:36:40.0044 2400  Wd - ok
12:36:40.0107 2400  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:36:40.0154 2400  Wdf01000 - ok
12:36:40.0185 2400  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:36:40.0294 2400  WdiServiceHost - ok
12:36:40.0310 2400  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:36:40.0341 2400  WdiSystemHost - ok
12:36:40.0388 2400  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:36:40.0434 2400  WebClient - ok
12:36:40.0466 2400  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:36:40.0544 2400  Wecsvc - ok
12:36:40.0575 2400  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:36:40.0637 2400  wercplsupport - ok
12:36:40.0700 2400  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:36:40.0778 2400  WerSvc - ok
12:36:40.0824 2400  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:36:40.0902 2400  WfpLwf - ok
12:36:40.0934 2400  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:36:40.0949 2400  WIMMount - ok
12:36:41.0043 2400  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:36:41.0105 2400  WinDefend - ok
12:36:41.0136 2400  WinHttpAutoProxySvc - ok
12:36:41.0230 2400  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:36:41.0324 2400  Winmgmt - ok
12:36:41.0386 2400  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:36:41.0495 2400  WinRM - ok
12:36:41.0573 2400  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:36:41.0620 2400  WinUsb - ok
12:36:41.0667 2400  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:36:41.0760 2400  Wlansvc - ok
12:36:41.0792 2400  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:36:41.0838 2400  WmiAcpi - ok
12:36:41.0870 2400  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:36:41.0932 2400  wmiApSrv - ok
12:36:42.0026 2400  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:36:42.0119 2400  WMPNetworkSvc - ok
12:36:42.0150 2400  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:36:42.0213 2400  WPCSvc - ok
12:36:42.0244 2400  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:36:42.0275 2400  WPDBusEnum - ok
12:36:42.0322 2400  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:36:42.0400 2400  ws2ifsl - ok
12:36:42.0431 2400  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:36:42.0494 2400  wscsvc - ok
12:36:42.0494 2400  WSearch - ok
12:36:42.0603 2400  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:36:42.0696 2400  wuauserv - ok
12:36:42.0743 2400  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:36:42.0806 2400  WudfPf - ok
12:36:42.0837 2400  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:36:42.0884 2400  WUDFRd - ok
12:36:42.0930 2400  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:36:42.0962 2400  wudfsvc - ok
12:36:43.0008 2400  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:36:43.0071 2400  WwanSvc - ok
12:36:43.0149 2400  ================ Scan global ===============================
12:36:43.0211 2400  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:36:43.0258 2400  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:36:43.0336 2400  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:36:43.0367 2400  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:36:43.0398 2400  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:36:43.0414 2400  [Global] - ok
12:36:43.0414 2400  ================ Scan MBR ==================================
12:36:43.0430 2400  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:36:44.0054 2400  \Device\Harddisk0\DR0 - ok
12:36:44.0054 2400  ================ Scan VBR ==================================
12:36:44.0054 2400  [ 178F042E6AAF0D91DB295501D65EBABA ] \Device\Harddisk0\DR0\Partition1
12:36:44.0069 2400  \Device\Harddisk0\DR0\Partition1 - ok
12:36:44.0100 2400  [ 8D634DA21BB0563BDEB4A19B98B0BCF1 ] \Device\Harddisk0\DR0\Partition2
12:36:44.0100 2400  \Device\Harddisk0\DR0\Partition2 - ok
12:36:44.0100 2400  ============================================================
12:36:44.0100 2400  Scan finished
12:36:44.0100 2400  ============================================================
12:36:44.0132 2260  Detected object count: 13
12:36:44.0132 2260  Actual detected object count: 13
12:37:29.0356 2260  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0356 2260  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0356 2260  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0356 2260  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0356 2260  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0356 2260  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0372 2260  FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0372 2260  FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0372 2260  LcSvrAdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0372 2260  LcSvrAdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0372 2260  LcSvrAuf ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0372 2260  LcSvrAuf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0372 2260  LcSvrDba ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0372 2260  LcSvrDba ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0387 2260  LcSvrHis ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0387 2260  LcSvrHis ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0387 2260  LcSvrPAS ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0387 2260  LcSvrPAS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0387 2260  LcSvrSaz ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0387 2260  LcSvrSaz ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0387 2260  NSHE ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0387 2260  NSHE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0403 2260  thdudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0403 2260  thdudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:29.0403 2260  VSGate ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:29.0403 2260  VSGate ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:26.0568 1808  Deinitialize success

markusg · 09.06.2013, 17:29

passt.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

noregret · 10.06.2013, 12:09

Leider funktioniert combofix nicht auf dem Rechner.
Dateien werden extrahiert, danach läuft ein blauer und roter Ladebalken durch (Backup registry) und nichts weiter passiert. Es ist auch keine combofix.txt zu finden danach.

Edit: Im Abgesicherten Modus läuft der scan nun

markusg · 10.06.2013, 12:37

ok danach wieder in den normalen Modus starten, und log posten

noregret · 10.06.2013, 15:33

Combofix.txt:

Code:

ATTFilter

ComboFix 13-06-08.02 - Christian 10.06.2013  13:33:25.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1771.1264 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-10 bis 2013-06-10  ))))))))))))))))))))))))))))))
.
.
2013-06-10 11:43 . 2013-06-10 11:43	--------	d-----w-	c:\users\KFZ Diagnose\AppData\Local\temp
2013-06-10 11:43 . 2013-06-10 11:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-09 23:28 . 2013-06-10 11:43	--------	d-----w-	c:\users\Christian\AppData\Local\temp
2013-06-09 09:57 . 2013-06-09 10:08	--------	d-----w-	C:\_OTL
2013-06-05 00:47 . 2013-06-05 00:52	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-06-04 21:30 . 2013-06-04 21:30	--------	d-----w-	c:\programdata\Sophos
2013-06-04 19:53 . 2013-06-04 19:53	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2013-06-04 19:53 . 2013-06-04 19:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-04 19:53 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-04 19:53 . 2013-06-04 19:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-06-04 01:45 . 2013-06-04 01:45	--------	d-----w-	c:\users\Christian\AppData\Local\Programs
2013-05-30 11:09 . 2013-04-03 07:58	83864	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-05-30 11:09 . 2013-04-03 07:58	181912	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-05-15 13:37 . 2013-04-01 05:10	77144	----a-w-	c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-05-15 13:37 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 13:37 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 13:37 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 13:37 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:37 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:37 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 13:37 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 13:37 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 21:12 . 2012-05-27 08:17	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 21:12 . 2012-01-18 18:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 11:17 . 2013-04-28 21:26	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 04:45 . 2013-05-15 13:37	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:37	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-05-01 11:03	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-22 01:06 . 2013-03-22 01:06	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 01:06 . 2013-03-22 01:06	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-03-22 01:06 . 2013-03-22 01:06	158720	----a-w-	c:\windows\system32\msls31.dll
2013-03-22 01:06 . 2013-03-22 01:06	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-03-22 01:06 . 2013-03-22 01:06	138752	----a-w-	c:\windows\system32\wextract.exe
2013-03-22 01:06 . 2013-03-22 01:06	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 01:06 . 2013-03-22 01:06	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-03-22 01:06 . 2013-03-22 01:06	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-22 01:06 . 2013-03-22 01:06	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-03-22 01:06 . 2013-03-22 01:06	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-22 01:06 . 2013-03-22 01:06	12800	----a-w-	c:\windows\system32\mshta.exe
2013-03-22 01:06 . 2013-03-22 01:06	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-22 01:06 . 2013-03-22 01:06	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-22 01:06 . 2013-03-22 01:06	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-03-22 01:06 . 2013-03-22 01:06	361984	----a-w-	c:\windows\system32\html.iec
2013-03-22 01:06 . 2013-03-22 01:06	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-22 01:06 . 2013-03-22 01:06	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-20 21:54 . 2013-03-20 21:55	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 21:54 . 2012-08-15 20:34	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-20 21:54 . 2012-01-15 21:45	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-19 05:04 . 2013-04-10 20:13	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 20:13	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 20:12	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 20:12	69632	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-09-02 366576]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-30 844168]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2010-11-25 486560]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2010-11-25 302240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-01-13 2049320]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-04 162856]
.
c:\users\KFZ Diagnose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ross-Tech VCDS DRV Updater.lnk - c:\ross-tech\VCDS-DRV\VCDS.exe [2013-1-2 1279128]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ross-Tech VCDS DRV Updater.lnk - c:\ross-tech\VCDS-DRV\VCDS.exe [2013-1-2 1279128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 176128]
R2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2010-11-25 56480]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-17 190592]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-02-05 233472]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [2011-07-04 240640]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [2011-07-04 392704]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2011-07-04 335360]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2011-07-04 477696]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2011-07-04 373248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSgate.exe [2011-07-04 81920]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-25 34976]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-25 258720]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-25 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-25 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-25 141088]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-01-25 68720]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [2011-07-04 1321984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 197224]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2010-06-16 59464]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-25 24736]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 35968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/german?a=1eynX8MsEWa
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\tbs52j6a.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-04 22:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\tbs52j6a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10  13:47:18
ComboFix-quarantined-files.txt  2013-06-10 11:47
ComboFix2.txt  2013-06-09 23:28
.
Vor Suchlauf: 19 Verzeichnis(se), 185.052.086.272 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 184.997.167.104 Bytes frei
.
- - End Of File - - 44E8264107F02BD36F79F5E8F54EFCD9
A36C5E4F47E84449FF07ED3517B43A31

markusg · 10.06.2013, 18:09

bitte den Inhalt der
ComboFix-quarantined-files.txt
posten, liegt in c:\qoobox

noregret · 10.06.2013, 19:58

Inhalt:

Code:

ATTFilter

2013-06-09 23:28:11 . 2013-06-09 23:28:11              904 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-25_escape.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              928 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-24_flashusbdriver.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              924 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-22_WiBro_WiMAX.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              912 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-21_Searsburg.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              916 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-20_NXP_Driver.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              916 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-19_VIA_driver.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              948 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-18_Zinia_Serial_Driver.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              924 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-17_EMP_Chipset2.reg.dat
2013-06-09 23:28:11 . 2013-06-09 23:28:11              920 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-16_Shrewsbury.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              936 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-11_HSP_Plus_Default.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              884 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-09_Hsp.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              916 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-08_EMPChipset.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              896 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-07_Schorl.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              904 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-06_Spencer.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              892 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-05_Sloan.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              916 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-04_semseyite.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              924 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-03_Swallowtail.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              908 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-02_Siberian.reg.dat
2013-06-09 23:28:10 . 2013-06-09 23:28:10              908 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-01_Simmental.reg.dat
2013-06-09 23:28:09 . 2013-06-09 23:28:09              536 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Hardlock Gerätetreiber.reg.dat
2013-06-09 23:28:09 . 2013-06-09 23:28:09              406 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-ElsaWin.reg.dat
2013-06-09 23:27:15 . 2013-06-09 23:27:15              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{990AF1C2-5A27-4460-8149-ECC6BC122AF3}.reg.dat
2013-06-09 23:27:10 . 2013-06-09 23:27:10              118 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{990af1c2-5a27-4460-8149-ecc6bc122af3}.reg.dat
2013-06-09 23:20:38 . 2013-06-10 11:40:37           17,088 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-09 23:13:19 . 2013-06-10 11:33:24              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-06-09 23:09:20 . 2013-06-10 11:33:25              164 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-01-16 18:44:21 . 1996-11-06 12:05:10          302,592 ----a-w-  C:\Qoobox\Quarantine\C\Windows\unin0407.exe.vir
2012-01-15 22:43:56 . 2002-07-26 16:02:06          153,088 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\UNWISE.EXE.vir

markusg · 10.06.2013, 21:07

ok.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

noregret · 12.06.2013, 20:39

Code:

ATTFilter

Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.01.2012		10.0.45.2 Notwendig


Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.05.2013	6,00MB	11.7.700.202 Notwendig


Adobe Reader XI (11.0.03) - Deutsch	Adobe Systems Incorporated	16.05.2013	134MB	11.0.03 Notwendig


Adobe SVG Viewer 3.0		15.01.2012		 3.0 Notwendig


Atheros Communications Inc.(R) AR81Family Gigabit/Fast unbekannt 

 
Ethernet Driver	Atheros Communications Inc.	15.01.2012		1.0.0.39 Notwendig


Atheros Driver Installation Program	Atheros	15.01.2012		9.0 unnötig


ATI Catalyst Install Manager	ATI Technologies, Inc.	15.01.2012	16,6MB	3.0.829.0 unnötig


Bluetooth Win7 Suite	Atheros Communications	15.01.2012	56,8MB	7.2.0.45 unnötig


CCleaner	Piriform	24.05.2013		4.02 unnötig


Conexant HD Audio	Conexant	15.01.2012		8.54.6.0 unnötig


COPARTS Online	DVSE GmbH	05.04.2013		1.0.0.63 Notwendig 


DVSE Updater	DVSE GmbH	05.04.2013		1.5.0.23257 Notwendig


ETKA 7.3 Germany 2011		16.01.2012 Notwendig

		
Free Audio Converter version 5.0.4.1228	DVDVideoSoft Ltd.	03.02.2012	57,3MB unnötig

	
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	27.07.2012	70,7MB	22.0.334.0 unnötig


HP Deskjet 1000 J110 series Hilfe	Hewlett Packard	27.07.2012	11,2MB	140.0.65.65 unnötig


HP Update	Hewlett-Packard	27.07.2012	2,96MB	5.002.005.003 unnötig


IncrediMail 2.0	IncrediMail Ltd.	16.08.2012		6.2.9.5229 unnötig


IrfanView (remove only)	Irfan Skiljan	12.07.2012	1,50MB	4.32 unnötig


Java 7 Update 17	Oracle	20.03.2013	129MB	7.0.170 unbekannt 


Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	04.06.2013	19,2MB	1.75.0.1300 unnötig
 

Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	05.01.2013	38,8MB	4.0.30320 unbekannt 


Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	05.01.2013	2,93MB	4.0.30320 unbekannt 


Microsoft Office Excel Viewer	Microsoft Corporation	20.12.2012	71,0MB	12.0.6219.1000 unbekannt 


Microsoft PowerPoint Viewer	Microsoft Corporation	19.08.2012	148MB	14.0.4763.1000 unbekannt 


Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.01.2012	348KB	8.0.59193 unbekannt 


Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	01.05.2012	596KB	9.0.30729.4148 unbekannt 


Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.01.2012	11,1MB	10.0.40219 unbekannt 


Mozilla Firefox 21.0 (x86 de)	Mozilla	25.05.2013	44,5MB	21.0 Notwendig


Mozilla Maintenance Service	Mozilla	25.05.2013	333KB	21.0
MyFreeCodec		30.05.2013	 unnötig
	

PDF24 Creator 5.5.1	PDF24.org	07.06.2013	40,3MB unnötig	


Photo Notifier and Animation Creator	IncrediMail Ltd.	16.08.2012		1.0.0.1009 unnötig


Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	15.01.2012		6.1.7600.30127 unnötig


Samsung Kies	Samsung Electronics Co., Ltd.	23.01.2012	204MB	2.1.1.11124_17 Notwendig


SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	10.06.2013	43,3MB	1.5.23.0 Notwendig


Synaptics Pointing Device Driver	Synaptics Incorporated	02.06.2012	46,4MB	15.2.9.0 Notwendig


VCDS DRV 11.11	Ross-Tech, LLC	15.01.2012		DRV 11.11  Notwendig


VLC media player 1.1.11	VideoLAN	15.01.2012		1.1.11 Notwendig


Windows-Treiberpaket - Auto-Intern USB-Treiber (03/18/2011 2.08.14)	Auto-Intern	24.01.2012		03/18/2011 2.08.14 unbekannt 


Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)	FTDI	09.09.2012		10/22/2009 2.06.00 unnötig


Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)	FTDI	09.09.2012		10/22/2009 2.06.00 unnötig


Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)	Ross-Tech	15.01.2012		06/16/2010 2.06.02 Notwendig


WinRAR 4.01 (32-Bit)	win.rar GmbH	15.01.2012		4.01.0 Notwendig

10.06.2013, 12:37	#10
markusg /// Malware-holic	Netbook ist mit IHAVENET infiziert ok danach wieder in den normalen Modus starten, und log posten __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Netbook ist mit IHAVENET infiziert

Log-Analyse und Auswertung: Netbook ist mit IHAVENET infiziert