BKA Trojaner, Abgesicherter Modus funktioniert eingeschränkt

Benwick · 09.07.2013, 00:55

Hi Community,

ich hatte gehofft, dass ich das immer hilfreiche Trojaner Board nicht mehr so häufig um Hilfe bitten muss. Seit ich den Laptop vor 2 Jahren bekam, hatte ich auch keine gravierenden Probleme mit Verseuchung. Doch heute Nacht kam es zum doofen BKA Trojaner... Damals als er schon einmal herumging, habe ich meine Freunde noch ausgelacht, jetzt ist mir das lachen vergangen. Ich nutzte heute nur kurz seit langer zeit den Internet Explorer. Kaum hatte ich ihn geöffnet kam eine Meldung zum JAVA Player, die aber nicht wirklich echt aussah. Ich drückte auf "Abbrechen" und ein paar Surfminuten später war der PC dank der KA Meldung gesperrt. Beim Einloggen komm ich nun nur noch auf einen schwarzen Bildschirm, Abgesichterter Modus funktioniert ebenfalls nicht. Der abgesicherte Modus mit Eingabeaufforderung funktioniert aber.

Wie ich auch sehe geht der Trojaner wieder enorm herum und viele haben Probleme damit. Deshalb erhoffe ich auch von euch wie immer große Hilfe bei der Bereinigung. Ist eine Bereinigung dieses Trojaners möglich oder nur eine Neuinstallation?
Zur zeit bin ich auf Ubuntu eingeloggt, was ich auf der 2. Partition installiert habe.
Es handelt sich bei dem laptop um ein Windows 7 Home premium 64-Bit System.

Vielen Dank und viele Grüße
Benwick

markusg · 09.07.2013, 01:16

Hi,
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Benwick · 09.07.2013, 02:25

Das ist das Log. Er behauptet allerdings, dass ein verzeichnis "WPDNSE" im Temp Ordner "unreadable" wäre.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013
Ran by SYSTEM on 09-07-2013 03:15:43
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x]
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKU\******\...\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\******\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AJ480VF05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2573416 2012-10-16] (Hewlett-Packard Co.)
HKU\******\...\Winlogon: [Shell] explorer.exe,C:\Users\******\AppData\Roaming\skype.dat [52736 2011-11-16] () <==== ATTENTION 
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 HPSLPSVC; C:\Users\******\AppData\Local\Temp\7zS57E4\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-11-09] (DT Soft Ltd)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-22] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-20] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-20] (Windows (R) 2003 DDK 3790 provider)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-26] (SafeNet, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S1 Aspi32; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 3D07F9C090C7A1D76D624972A5384471
C:\Windows\System32\DRIVERS\atikmpag.sys 99AB7E4B24C80155DC4296F657FAF3C7
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 3D68A1EEF77307142636AF5127990BCB
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\avgntflt.sys 26E38B5A58C6C55FAFBC563EEDDB0867
C:\Windows\System32\DRIVERS\avipbb.sys 9D1F00BEFF84CBBF46D7F052BC7E0565
C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 438021C3F32F30E227D0F5DFD118B7B1
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys A5F72BB0D024E7E463344105BE613AE4
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 0ADF714079AE174A39D69036143E4C50
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 92EB844D90615CB266F84C3202B8786E
C:\Windows\system32\drivers\mbam.sys 92EB844D90615CB266F84C3202B8786E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 33328FA8A580885AB0065BE6DB266E9F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\SysWOW64\drivers\rtport.sys 4CA0DBA9E224473D664C25E411F5A3BD
C:\Windows\SysWOW64\drivers\rtport.sys 4CA0DBA9E224473D664C25E411F5A3BD
C:\Windows\system32\Drivers\SABI.sys 62DB6CC4B0818F1B5F3441241B098F12
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Sentinel64.sys 84AC127242DD3CCDE02F9A4673214B1F
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Tpkd.sys 8DD33A57339ADAE34CDB12994ACBC50F
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys B355581A9DA34C92E2DBAFA410D2F829
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys B0A8C5BC95689A130F9E05492341833D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacommousefilter.sys E04D43C7D1641E95D35CAE6086C7E350
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomvhid.sys EC1CEB237E365330C1FCFC4876AA0AC0
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys E1E858AEF2ED420CBB7605D3ECCEC69A

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 03:05 - 2013-07-09 03:05 - 00000000 ____D C:\FRST
2013-07-08 15:02 - 2013-07-08 15:06 - 00000004 ____A C:\Users\******\AppData\Roaming\skype.ini
2013-07-04 03:24 - 2013-07-04 03:24 - 00202456 ____A C:\Users\******\Downloads\Bachelorarbeit_Vorlage_Fakultaet-Medien(1).dotx
2013-07-03 05:08 - 2013-07-03 05:08 - 45475825 ____A C:\Users\******\Downloads\videotraining-videofile-22594.mp4
2013-07-01 04:04 - 2013-07-01 04:04 - 57525143 ____A C:\Users\******\Downloads\Sample.psd.zip
2013-07-01 04:03 - 2013-07-01 04:04 - 64957291 ____A C:\Users\******\Downloads\man.psd.zip
2013-06-28 06:03 - 2013-06-28 06:03 - 00000624 ____A C:\Windows\PFRO.log
2013-06-27 15:41 - 2013-06-27 15:41 - 00000112 ____A C:\Users\******\Desktop\mofa.txt
2013-06-25 13:11 - 2012-11-06 10:09 - 62715153 ____A C:\Users\******\Downloads\tshirt_mock_up.psd
2013-06-25 13:11 - 2012-10-28 14:33 - 65691697 ____A C:\Users\******\Downloads\bag_mock_up.psd
2013-06-25 10:21 - 2013-06-25 13:10 - 501376684 ____A C:\Users\******\Downloads\3357570-corporate-and-brand-identity-mockup.zip
2013-06-25 07:13 - 2013-06-26 01:38 - 02366016 ____A C:\Users\******\Downloads\SMM001.rar.part
2013-06-25 07:13 - 2013-06-25 07:13 - 00000000 ____A C:\Users\******\Downloads\SMM001.rar
2013-06-25 07:12 - 2013-06-25 07:12 - 01051961 ____A C:\Users\******\Downloads\poster_mockup_template_by_pixelentity.zip
2013-06-25 07:09 - 2013-06-25 07:10 - 23290472 ____A C:\Users\******\Downloads\gfxmaster-2571862-corporatebusiness-stationery-mockupgfx.rar
2013-06-25 07:04 - 2013-06-25 07:11 - 19183594 ____A C:\Users\******\Downloads\C8_business-brand-corporate-identity.rar
2013-06-25 06:55 - 2013-06-25 06:55 - 00456158 ____A C:\Users\******\Downloads\Corporate-Identity-Mockup.zip
2013-06-25 06:47 - 2013-06-25 06:47 - 14849282 ____A C:\Users\******\Downloads\iPhone-5-Front-View-Mock-Up.zip
2013-06-25 06:46 - 2013-06-25 06:46 - 51341372 ____A C:\Users\******\Downloads\Realistic-Business-Card-Mock-Up1.zip
2013-06-25 06:46 - 2013-06-25 06:46 - 21956963 ____A C:\Users\******\Downloads\Gold-Stamping-Logo-Mock-Up.zip
2013-06-25 06:45 - 2013-06-25 06:46 - 10760796 ____A C:\Users\******\Downloads\Branding-Identity-Mock-Up-Vol2.zip
2013-06-25 06:42 - 2013-06-25 06:42 - 11205050 ____A C:\Users\******\Downloads\Stack-Business-Card-Mock-Up.zip
2013-06-25 06:42 - 2013-06-25 06:42 - 08405655 ____A C:\Users\******\Downloads\DVD-Envelope-Mock-Up.zip
2013-06-25 06:41 - 2013-06-25 06:41 - 06218088 ____A C:\Users\******\Downloads\Branding-Identity-Mock-Up.zip
2013-06-25 06:40 - 2013-06-25 06:40 - 02680394 ____A C:\Users\******\Downloads\iPhone5-iOS7-Mockup.zip
2013-06-25 06:38 - 2013-06-25 06:39 - 08790650 ____A C:\Users\******\Downloads\Thunderbolt-Display-big.psd.zip
2013-06-25 06:38 - 2013-06-25 06:38 - 08852367 ____A C:\Users\******\Downloads\MacBook-air-big.psd.zip
2013-06-25 06:38 - 2013-06-25 06:38 - 00429686 ____A C:\Users\******\Downloads\Smartphones.psd
2013-06-25 06:37 - 2013-06-25 06:37 - 09464766 ____A C:\Users\******\Downloads\simple-card.psd
2013-06-25 06:37 - 2013-06-25 06:37 - 00296074 ____A C:\Users\******\Downloads\all-devices.psd
2013-06-25 06:36 - 2013-06-25 06:38 - 09688752 ____A C:\Users\******\Downloads\Display_psd.psd.zip
2013-06-25 06:35 - 2013-06-25 06:35 - 00543180 ____A C:\Users\******\Downloads\Mockup.psd
2013-06-25 06:34 - 2013-06-25 06:34 - 01336591 ____A C:\Users\******\Downloads\iPad-Flat-Mockup-PIXEDEN.zip
2013-06-25 06:34 - 2013-06-25 06:34 - 00634154 ____A C:\Users\******\Downloads\Flat-Browsers-Set-PIXEDEN.zip
2013-06-25 06:34 - 2013-06-25 06:34 - 00546580 ____A C:\Users\******\Downloads\iMac-and-Macbook-Flat-Mockup-PIXEDEN.zip
2013-06-25 06:28 - 2013-06-25 06:28 - 14479304 ____A C:\Users\******\Downloads\motion_template_by_begha_by_begha-d6absfa.zip
2013-06-25 06:28 - 2013-06-25 06:28 - 09761690 ____A C:\Users\******\Downloads\iPad-White-Angle.psd
2013-06-25 06:27 - 2013-06-25 06:27 - 07306406 ____A C:\Users\******\Downloads\iphone-mockup-white.psd
2013-06-25 01:09 - 2013-06-25 01:09 - 00001205 ____A C:\Users\******\Downloads\download-downloadfile-26830.zip
2013-06-17 10:07 - 2013-06-19 01:05 - 00000188 ____A C:\Users\******\Desktop\hurricane.txt
2013-06-17 07:34 - 2013-06-17 07:34 - 41805696 ____A C:\Users\******\Downloads\videotraining-videofile-23068.mp4
2013-06-15 05:24 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 05:24 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 05:24 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 05:24 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 05:24 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 05:24 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 05:24 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 05:24 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 05:24 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 05:24 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 05:24 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 05:24 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 07:37 - 2013-06-14 07:37 - 29996308 ____A C:\Users\******\Desktop\01 Backstreet Boys - Everybody VMAs.wav
2013-06-12 16:13 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 16:13 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 16:13 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 16:13 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 16:13 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 16:13 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 16:13 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 16:13 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\Program Files\iPod
2013-06-12 09:06 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:06 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:06 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:06 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:06 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:06 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:06 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:06 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:06 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:06 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:06 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:06 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:06 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:06 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:06 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:06 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:06 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:06 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:06 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 12:04 - 2013-06-11 12:04 - 00328401 ____A C:\Users\******\Downloads\gniffel.zip
2013-06-10 05:23 - 2013-06-10 05:23 - 25782688 ____A C:\Users\******\Downloads\im_wunderschoenen_Monat_Mai.wav

==================== One Month Modified Files and Folders =======

2013-07-09 03:05 - 2013-07-09 03:05 - 00000000 ____D C:\FRST
2013-07-08 15:39 - 2013-03-22 17:31 - 00022800 ____A C:\Windows\setupact.log
2013-07-08 15:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 15:06 - 2013-07-08 15:02 - 00000004 ____A C:\Users\******\AppData\Roaming\skype.ini
2013-07-08 15:06 - 2011-06-22 10:14 - 00000000 ____D C:\Users\******\.rainlendar2
2013-07-08 15:05 - 2012-03-30 16:59 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 15:02 - 2012-03-30 16:59 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 14:38 - 2013-02-28 12:33 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000UA.job
2013-07-08 14:37 - 2010-11-24 11:40 - 00654400 ____A C:\Windows\System32\perfh007.dat
2013-07-08 14:37 - 2010-11-24 11:40 - 00130240 ____A C:\Windows\System32\perfc007.dat
2013-07-08 14:37 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 14:32 - 2010-11-23 18:09 - 01053054 ____A C:\Windows\WindowsUpdate.log
2013-07-08 14:31 - 2012-09-19 05:58 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 12:39 - 2013-02-28 12:33 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000Core.job
2013-07-07 15:11 - 2011-09-29 04:35 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2013-07-07 13:43 - 2011-10-10 13:12 - 00000000 ____D C:\Users\******\AppData\Local\Last.fm
2013-07-06 06:52 - 2013-03-10 07:34 - 00000000 ____D C:\Users\******\Documents\Youcam
2013-07-04 22:30 - 2009-07-13 20:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:30 - 2009-07-13 20:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:24 - 2013-03-09 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 22:24 - 2012-04-24 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 22:23 - 2011-10-16 13:10 - 00000000 ___RD C:\Users\******\Dropbox
2013-07-04 22:23 - 2011-10-16 13:08 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2013-07-04 03:24 - 2013-07-04 03:24 - 00202456 ____A C:\Users\******\Downloads\Bachelorarbeit_Vorlage_Fakultaet-Medien(1).dotx
2013-07-03 15:37 - 2012-09-24 00:03 - 00000090 ____A C:\Users\******\Documents\Powers.log
2013-07-03 05:08 - 2013-07-03 05:08 - 45475825 ____A C:\Users\******\Downloads\videotraining-videofile-22594.mp4
2013-07-01 04:04 - 2013-07-01 04:04 - 57525143 ____A C:\Users\******\Downloads\Sample.psd.zip
2013-07-01 04:04 - 2013-07-01 04:03 - 64957291 ____A C:\Users\******\Downloads\man.psd.zip
2013-06-28 06:03 - 2013-06-28 06:03 - 00000624 ____A C:\Windows\PFRO.log
2013-06-27 15:41 - 2013-06-27 15:41 - 00000112 ____A C:\Users\******\Desktop\mofa.txt
2013-06-26 01:38 - 2013-06-25 07:13 - 02366016 ____A C:\Users\******\Downloads\SMM001.rar.part
2013-06-25 07:13 - 2013-06-25 07:13 - 00000000 ____A C:\Users\******\Downloads\SMM001.rar
2013-06-25 07:12 - 2013-06-25 07:12 - 01051961 ____A C:\Users\******\Downloads\poster_mockup_template_by_pixelentity.zip
2013-06-25 07:11 - 2013-06-25 07:04 - 19183594 ____A C:\Users\******\Downloads\C8_business-brand-corporate-identity.rar
2013-06-25 07:10 - 2013-06-25 07:09 - 23290472 ____A C:\Users\******\Downloads\gfxmaster-2571862-corporatebusiness-stationery-mockupgfx.rar
2013-06-25 06:55 - 2013-06-25 06:55 - 00456158 ____A C:\Users\******\Downloads\Corporate-Identity-Mockup.zip
2013-06-25 06:47 - 2013-06-25 06:47 - 14849282 ____A C:\Users\******\Downloads\iPhone-5-Front-View-Mock-Up.zip
2013-06-25 06:46 - 2013-06-25 06:46 - 51341372 ____A C:\Users\******\Downloads\Realistic-Business-Card-Mock-Up1.zip
2013-06-25 06:46 - 2013-06-25 06:46 - 21956963 ____A C:\Users\******\Downloads\Gold-Stamping-Logo-Mock-Up.zip
2013-06-25 06:46 - 2013-06-25 06:45 - 10760796 ____A C:\Users\******\Downloads\Branding-Identity-Mock-Up-Vol2.zip
2013-06-25 06:42 - 2013-06-25 06:42 - 11205050 ____A C:\Users\******\Downloads\Stack-Business-Card-Mock-Up.zip
2013-06-25 06:42 - 2013-06-25 06:42 - 08405655 ____A C:\Users\******\Downloads\DVD-Envelope-Mock-Up.zip
2013-06-25 06:41 - 2013-06-25 06:41 - 06218088 ____A C:\Users\******\Downloads\Branding-Identity-Mock-Up.zip
2013-06-25 06:40 - 2013-06-25 06:40 - 02680394 ____A C:\Users\******\Downloads\iPhone5-iOS7-Mockup.zip
2013-06-25 06:39 - 2013-06-25 06:38 - 08790650 ____A C:\Users\******\Downloads\Thunderbolt-Display-big.psd.zip
2013-06-25 06:38 - 2013-06-25 06:38 - 08852367 ____A C:\Users\******\Downloads\MacBook-air-big.psd.zip
2013-06-25 06:38 - 2013-06-25 06:38 - 00429686 ____A C:\Users\******\Downloads\Smartphones.psd
2013-06-25 06:38 - 2013-06-25 06:36 - 09688752 ____A C:\Users\******\Downloads\Display_psd.psd.zip
2013-06-25 06:37 - 2013-06-25 06:37 - 09464766 ____A C:\Users\******\Downloads\simple-card.psd
2013-06-25 06:37 - 2013-06-25 06:37 - 00296074 ____A C:\Users\******\Downloads\all-devices.psd
2013-06-25 06:35 - 2013-06-25 06:35 - 00543180 ____A C:\Users\******\Downloads\Mockup.psd
2013-06-25 06:34 - 2013-06-25 06:34 - 01336591 ____A C:\Users\******\Downloads\iPad-Flat-Mockup-PIXEDEN.zip
2013-06-25 06:34 - 2013-06-25 06:34 - 00634154 ____A C:\Users\******\Downloads\Flat-Browsers-Set-PIXEDEN.zip
2013-06-25 06:34 - 2013-06-25 06:34 - 00546580 ____A C:\Users\******\Downloads\iMac-and-Macbook-Flat-Mockup-PIXEDEN.zip
2013-06-25 06:28 - 2013-06-25 06:28 - 14479304 ____A C:\Users\******\Downloads\motion_template_by_begha_by_begha-d6absfa.zip
2013-06-25 06:28 - 2013-06-25 06:28 - 09761690 ____A C:\Users\******\Downloads\iPad-White-Angle.psd
2013-06-25 06:27 - 2013-06-25 06:27 - 07306406 ____A C:\Users\******\Downloads\iphone-mockup-white.psd
2013-06-25 01:09 - 2013-06-25 01:09 - 00001205 ____A C:\Users\******\Downloads\download-downloadfile-26830.zip
2013-06-19 01:05 - 2013-06-17 10:07 - 00000188 ____A C:\Users\******\Desktop\hurricane.txt
2013-06-17 07:34 - 2013-06-17 07:34 - 41805696 ____A C:\Users\******\Downloads\videotraining-videofile-23068.mp4
2013-06-14 07:38 - 2011-06-25 05:17 - 00000000 ____D C:\Users\******\AppData\Roaming\Audacity
2013-06-14 07:37 - 2013-06-14 07:37 - 29996308 ____A C:\Users\******\Desktop\01 Backstreet Boys - Everybody VMAs.wav
2013-06-14 02:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-13 03:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 16:14 - 2011-06-17 09:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 15:48 - 2013-06-12 15:48 - 00000000 ____D C:\Program Files\iPod
2013-06-12 15:48 - 2011-08-06 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-12 15:44 - 2012-12-01 17:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-12 05:31 - 2012-09-19 05:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 05:31 - 2012-09-19 05:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 12:04 - 2013-06-11 12:04 - 00328401 ____A C:\Users\******\Downloads\gniffel.zip
2013-06-10 05:23 - 2013-06-10 05:23 - 25782688 ____A C:\Users\******\Downloads\im_wunderschoenen_Monat_Mai.wav

Files to move or delete:
====================
C:\Users\******\AppData\Roaming\skype.dat
C:\Users\******\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-15 05:24:37
Restore point made on: 2013-06-24 10:06:13
Restore point made on: 2013-06-28 06:09:36
Restore point made on: 2013-07-02 01:20:58

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {2089195e-f805-11df-95c5-002454b0048b}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {2089195e-f805-11df-95c5-002454b0048b}
nx                      OptIn
numproc                 4

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\20891960-f805-11df-95c5-002454b0048b\Winre.wim,{20891961-f805-11df-95c5-002454b0048b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\20891960-f805-11df-95c5-002454b0048b\Winre.wim,{20891961-f805-11df-95c5-002454b0048b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {2089195e-f805-11df-95c5-002454b0048b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {20891961-f805-11df-95c5-002454b0048b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\20891960-f805-11df-95c5-002454b0048b\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3946.16 MB
Available physical RAM: 3277.8 MB
Total Pagefile: 3944.31 MB
Available Pagefile: 3269.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:246 GB) (Free:81.53 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:175.25 GB) (Free:8.76 GB) NTFS (Disk=0 Partition=4)
Drive f: (RECOVERY) (Fixed) (Total:20 GB) (Free:2.64 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive h: (Spaceloop) (Removable) (Total:29.79 GB) (Free:19.11 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 02FC8BF3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=30 GB) - (Type=06)


LastRegBack: 2013-07-03 03:33

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

markusg · 09.07.2013, 10:28

Hi,
drann denken bitte, *** durch Nutzernamen zu ersetzen.
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\******\...\Winlogon: [Shell] explorer.exe,C:\Users\******\AppData\Roaming\skype.dat [52736 2011-11-16] () <==== ATTENTION 
C:\Users\******\AppData\Roaming\skype.dat
C:\Users\******\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Navigiere bitte zu:
C:\FRST\Quarantine
Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen.
http://upload.trojaner-board.de

Benwick · 09.07.2013, 11:23

so habe nun die gepackte Datei hochgeladen. hier ist das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2013
Ran by SYSTEM at 2013-07-09 12:17:13 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKU\Thomas\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Thomas\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Thomas\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

markusg · 09.07.2013, 11:31

Sehr gut, danke fürs hochladen.
Normaler Modus sollte laufen? Dann:
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Benwick · 09.07.2013, 12:18

Code:

ATTFilter

13:05:17.0805 4584  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:05:18.0039 4584  ============================================================
13:05:18.0039 4584  Current date / time: 2013/07/09 13:05:18.0039
13:05:18.0039 4584  SystemInfo:
13:05:18.0039 4584  
13:05:18.0039 4584  OS Version: 6.1.7601 ServicePack: 1.0
13:05:18.0039 4584  Product type: Workstation
13:05:18.0039 4584  ComputerName: BIGT
13:05:18.0039 4584  UserName: ******
13:05:18.0039 4584  Windows directory: C:\Windows
13:05:18.0039 4584  System windows directory: C:\Windows
13:05:18.0039 4584  Running under WOW64
13:05:18.0039 4584  Processor architecture: Intel x64
13:05:18.0039 4584  Number of processors: 4
13:05:18.0039 4584  Page size: 0x1000
13:05:18.0039 4584  Boot type: Normal boot
13:05:18.0039 4584  ============================================================
13:05:20.0191 4584  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:05:20.0207 4584  Drive \Device\Harddisk1\DR1 - Size: 0x773FFC000 (29.81 Gb), SectorSize: 0x200, Cylinders: 0xF33, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:05:20.0207 4584  ============================================================
13:05:20.0207 4584  \Device\Harddisk0\DR0:
13:05:20.0223 4584  MBR partitions:
13:05:20.0223 4584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
13:05:20.0223 4584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1EC00000
13:05:20.0254 4584  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21433000, BlocksNum 0x15E7E800
13:05:20.0363 4584  \Device\Harddisk1\DR1:
13:05:20.0363 4584  MBR partitions:
13:05:20.0363 4584  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3B9CF34
13:05:20.0363 4584  ============================================================
13:05:20.0410 4584  C: <-> \Device\Harddisk0\DR0\Partition2
13:05:20.0472 4584  D: <-> \Device\Harddisk0\DR0\Partition3
13:05:20.0472 4584  ============================================================
13:05:20.0472 4584  Initialize success
13:05:20.0472 4584  ============================================================
13:05:31.0111 0420  ============================================================
13:05:31.0111 0420  Scan started
13:05:31.0111 0420  Mode: Manual; SigCheck; TDLFS; 
13:05:31.0111 0420  ============================================================
13:05:31.0299 0420  ================ Scan system memory ========================
13:05:31.0299 0420  System memory - ok
13:05:31.0299 0420  ================ Scan services =============================
13:05:31.0501 0420  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:05:31.0689 0420  1394ohci - ok
13:05:31.0735 0420  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:05:31.0767 0420  ACPI - ok
13:05:31.0813 0420  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:05:31.0923 0420  AcpiPmi - ok
13:05:32.0250 0420  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:05:32.0281 0420  AdobeFlashPlayerUpdateSvc - ok
13:05:32.0344 0420  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:05:32.0391 0420  adp94xx - ok
13:05:32.0422 0420  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:05:32.0453 0420  adpahci - ok
13:05:32.0453 0420  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:05:32.0469 0420  adpu320 - ok
13:05:32.0500 0420  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:05:32.0656 0420  AeLookupSvc - ok
13:05:32.0703 0420  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:05:32.0781 0420  AFD - ok
13:05:32.0827 0420  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:05:32.0859 0420  agp440 - ok
13:05:32.0890 0420  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:05:32.0952 0420  ALG - ok
13:05:33.0030 0420  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:05:33.0046 0420  aliide - ok
13:05:33.0108 0420  [ 94E1920E0E45ABAF0E09CCCCBE99733C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:05:33.0202 0420  AMD External Events Utility - ok
13:05:33.0249 0420  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:05:33.0280 0420  amdide - ok
13:05:33.0311 0420  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:05:33.0389 0420  AmdK8 - ok
13:05:33.0529 0420  [ 3D07F9C090C7A1D76D624972A5384471 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:05:33.0795 0420  amdkmdag - ok
13:05:33.0826 0420  [ 99AB7E4B24C80155DC4296F657FAF3C7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:05:33.0873 0420  amdkmdap - ok
13:05:33.0888 0420  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:05:33.0919 0420  AmdPPM - ok
13:05:33.0951 0420  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:05:33.0966 0420  amdsata - ok
13:05:33.0997 0420  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:05:34.0013 0420  amdsbs - ok
13:05:34.0029 0420  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:05:34.0044 0420  amdxata - ok
13:05:34.0169 0420  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:05:34.0185 0420  AntiVirSchedulerService - ok
13:05:34.0216 0420  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:05:34.0231 0420  AntiVirService - ok
13:05:34.0278 0420  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:05:34.0434 0420  AppID - ok
13:05:34.0481 0420  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:05:34.0543 0420  AppIDSvc - ok
13:05:34.0606 0420  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
13:05:34.0653 0420  Appinfo - ok
13:05:34.0731 0420  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:05:34.0746 0420  Apple Mobile Device - ok
13:05:34.0809 0420  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:05:34.0840 0420  arc - ok
13:05:34.0855 0420  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:05:34.0871 0420  arcsas - ok
13:05:34.0902 0420  Aspi32 - ok
13:05:34.0918 0420  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:05:35.0011 0420  AsyncMac - ok
13:05:35.0074 0420  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:05:35.0089 0420  atapi - ok
13:05:35.0183 0420  [ 3D68A1EEF77307142636AF5127990BCB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:05:35.0292 0420  athr - ok
13:05:35.0355 0420  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
13:05:35.0417 0420  AtiHdmiService - ok
13:05:35.0464 0420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:05:35.0542 0420  AudioEndpointBuilder - ok
13:05:35.0557 0420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:05:35.0589 0420  AudioSrv - ok
13:05:35.0667 0420  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:05:35.0760 0420  avgntflt - ok
13:05:35.0791 0420  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:05:35.0823 0420  avipbb - ok
13:05:35.0854 0420  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:05:35.0885 0420  avkmgr - ok
13:05:35.0932 0420  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:05:36.0025 0420  AxInstSV - ok
13:05:36.0072 0420  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:05:36.0119 0420  b06bdrv - ok
13:05:36.0150 0420  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:05:36.0197 0420  b57nd60a - ok
13:05:36.0228 0420  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:05:36.0275 0420  BDESVC - ok
13:05:36.0306 0420  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:05:36.0384 0420  Beep - ok
13:05:36.0447 0420  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:05:36.0540 0420  BFE - ok
13:05:36.0571 0420  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
13:05:36.0665 0420  BITS - ok
13:05:36.0681 0420  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:05:36.0712 0420  blbdrive - ok
13:05:36.0790 0420  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:05:36.0821 0420  Bonjour Service - ok
13:05:36.0868 0420  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:05:36.0930 0420  bowser - ok
13:05:36.0946 0420  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:05:37.0055 0420  BrFiltLo - ok
13:05:37.0086 0420  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:05:37.0102 0420  BrFiltUp - ok
13:05:37.0149 0420  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:05:37.0227 0420  BridgeMP - ok
13:05:37.0273 0420  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:05:37.0320 0420  Browser - ok
13:05:37.0351 0420  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:05:37.0414 0420  Brserid - ok
13:05:37.0414 0420  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:05:37.0461 0420  BrSerWdm - ok
13:05:37.0492 0420  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:05:37.0523 0420  BrUsbMdm - ok
13:05:37.0554 0420  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:05:37.0585 0420  BrUsbSer - ok
13:05:37.0617 0420  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:05:37.0726 0420  BthEnum - ok
13:05:37.0757 0420  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:05:37.0788 0420  BTHMODEM - ok
13:05:37.0819 0420  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:05:37.0866 0420  BthPan - ok
13:05:37.0897 0420  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:05:37.0975 0420  BTHPORT - ok
13:05:38.0022 0420  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:05:38.0100 0420  bthserv - ok
13:05:38.0131 0420  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:05:38.0178 0420  BTHUSB - ok
13:05:38.0209 0420  catchme - ok
13:05:38.0241 0420  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:05:38.0303 0420  cdfs - ok
13:05:38.0365 0420  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:05:38.0412 0420  cdrom - ok
13:05:38.0475 0420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:05:38.0553 0420  CertPropSvc - ok
13:05:38.0599 0420  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:05:38.0631 0420  circlass - ok
13:05:38.0677 0420  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:05:38.0693 0420  CLFS - ok
13:05:38.0755 0420  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:05:38.0787 0420  clr_optimization_v2.0.50727_32 - ok
13:05:38.0849 0420  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:05:38.0880 0420  clr_optimization_v2.0.50727_64 - ok
13:05:38.0958 0420  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:05:39.0021 0420  clr_optimization_v4.0.30319_32 - ok
13:05:39.0052 0420  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:05:39.0067 0420  clr_optimization_v4.0.30319_64 - ok
13:05:39.0083 0420  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:05:39.0114 0420  CmBatt - ok
13:05:39.0130 0420  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:05:39.0145 0420  cmdide - ok
13:05:39.0192 0420  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
13:05:39.0239 0420  CNG - ok
13:05:39.0270 0420  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:05:39.0286 0420  Compbatt - ok
13:05:39.0348 0420  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:05:39.0411 0420  CompositeBus - ok
13:05:39.0426 0420  COMSysApp - ok
13:05:39.0457 0420  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:05:39.0457 0420  crcdisk - ok
13:05:39.0504 0420  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:05:39.0551 0420  CryptSvc - ok
13:05:39.0598 0420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:05:39.0691 0420  DcomLaunch - ok
13:05:39.0723 0420  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:05:39.0785 0420  defragsvc - ok
13:05:39.0832 0420  de_serv - ok
13:05:39.0879 0420  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:05:39.0957 0420  DfsC - ok
13:05:40.0003 0420  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:05:40.0050 0420  Dhcp - ok
13:05:40.0066 0420  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:05:40.0144 0420  discache - ok
13:05:40.0175 0420  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:05:40.0191 0420  Disk - ok
13:05:40.0237 0420  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:05:40.0300 0420  Dnscache - ok
13:05:40.0347 0420  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:05:40.0440 0420  dot3svc - ok
13:05:40.0471 0420  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:05:40.0549 0420  DPS - ok
13:05:40.0596 0420  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:05:40.0612 0420  drmkaud - ok
13:05:40.0659 0420  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:05:40.0674 0420  dtsoftbus01 - ok
13:05:40.0737 0420  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:05:40.0783 0420  DXGKrnl - ok
13:05:40.0799 0420  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:05:40.0861 0420  EapHost - ok
13:05:40.0955 0420  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:05:41.0111 0420  ebdrv - ok
13:05:41.0158 0420  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:05:41.0205 0420  EFS - ok
13:05:41.0283 0420  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:05:41.0361 0420  ehRecvr - ok
13:05:41.0392 0420  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:05:41.0423 0420  ehSched - ok
13:05:41.0485 0420  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:05:41.0517 0420  elxstor - ok
13:05:41.0548 0420  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:05:41.0563 0420  ErrDev - ok
13:05:41.0610 0420  [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
13:05:41.0657 0420  ETD - ok
13:05:41.0688 0420  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:05:41.0751 0420  EventSystem - ok
13:05:41.0766 0420  ewusbnet - ok
13:05:41.0797 0420  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:05:41.0844 0420  exfat - ok
13:05:41.0907 0420  Fabs - ok
13:05:41.0938 0420  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:05:42.0000 0420  fastfat - ok
13:05:42.0063 0420  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:05:42.0125 0420  Fax - ok
13:05:42.0156 0420  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:05:42.0187 0420  fdc - ok
13:05:42.0234 0420  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:05:42.0297 0420  fdPHost - ok
13:05:42.0312 0420  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:05:42.0359 0420  FDResPub - ok
13:05:42.0390 0420  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:05:42.0406 0420  FileInfo - ok
13:05:42.0421 0420  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:05:42.0484 0420  Filetrace - ok
13:05:42.0593 0420  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:05:42.0733 0420  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:05:42.0733 0420  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:05:42.0765 0420  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:05:42.0796 0420  flpydisk - ok
13:05:42.0827 0420  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:05:42.0874 0420  FltMgr - ok
13:05:42.0952 0420  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:05:43.0030 0420  FontCache - ok
13:05:43.0077 0420  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:05:43.0108 0420  FontCache3.0.0.0 - ok
13:05:43.0139 0420  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:05:43.0155 0420  FsDepends - ok
13:05:43.0201 0420  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:05:43.0233 0420  Fs_Rec - ok
13:05:43.0279 0420  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:05:43.0311 0420  fvevol - ok
13:05:43.0342 0420  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:05:43.0357 0420  gagp30kx - ok
13:05:43.0420 0420  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:05:43.0435 0420  GEARAspiWDM - ok
13:05:43.0482 0420  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
13:05:43.0498 0420  gfibto - ok
13:05:43.0545 0420  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:05:43.0638 0420  gpsvc - ok
13:05:43.0747 0420  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:43.0763 0420  gupdate - ok
13:05:43.0763 0420  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:43.0779 0420  gupdatem - ok
13:05:43.0825 0420  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:05:43.0857 0420  gusvc - ok
13:05:43.0888 0420  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:05:43.0935 0420  hcw85cir - ok
13:05:43.0997 0420  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:05:44.0044 0420  HdAudAddService - ok
13:05:44.0075 0420  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:05:44.0091 0420  HDAudBus - ok
13:05:44.0122 0420  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:05:44.0169 0420  HidBatt - ok
13:05:44.0184 0420  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:05:44.0215 0420  HidBth - ok
13:05:44.0247 0420  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:05:44.0278 0420  HidIr - ok
13:05:44.0293 0420  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
13:05:44.0356 0420  hidserv - ok
13:05:44.0418 0420  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:05:44.0449 0420  HidUsb - ok
13:05:44.0496 0420  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:05:44.0574 0420  hkmsvc - ok
13:05:44.0605 0420  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:05:44.0668 0420  HomeGroupListener - ok
13:05:44.0715 0420  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:05:44.0761 0420  HomeGroupProvider - ok
13:05:44.0808 0420  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:05:44.0824 0420  HpSAMD - ok
13:05:45.0042 0420  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Users\******\AppData\Local\Temp\7zS57E4\hpslpsvc64.dll
13:05:45.0089 0420  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:05:45.0089 0420  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:05:45.0151 0420  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:05:45.0229 0420  HTTP - ok
13:05:45.0261 0420  hwdatacard - ok
13:05:45.0292 0420  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:05:45.0307 0420  hwpolicy - ok
13:05:45.0307 0420  hwusbdev - ok
13:05:45.0354 0420  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:05:45.0385 0420  i8042prt - ok
13:05:45.0432 0420  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:05:45.0448 0420  iaStor - ok
13:05:45.0495 0420  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:05:45.0510 0420  iaStorV - ok
13:05:45.0588 0420  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:05:45.0651 0420  idsvc - ok
13:05:45.0807 0420  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:05:46.0041 0420  igfx - ok
13:05:46.0087 0420  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:05:46.0103 0420  iirsp - ok
13:05:46.0150 0420  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:05:46.0228 0420  IKEEXT - ok
13:05:46.0290 0420  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
13:05:46.0353 0420  Impcd - ok
13:05:46.0431 0420  [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:05:46.0493 0420  IntcAzAudAddService - ok
13:05:46.0571 0420  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:05:46.0587 0420  intelide - ok
13:05:46.0618 0420  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:05:46.0649 0420  intelppm - ok
13:05:46.0696 0420  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:05:46.0743 0420  IPBusEnum - ok
13:05:46.0789 0420  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:05:46.0867 0420  IpFilterDriver - ok
13:05:46.0899 0420  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:05:46.0961 0420  iphlpsvc - ok
13:05:46.0992 0420  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:05:47.0023 0420  IPMIDRV - ok
13:05:47.0055 0420  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:05:47.0133 0420  IPNAT - ok
13:05:47.0226 0420  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:05:47.0273 0420  iPod Service - ok
13:05:47.0320 0420  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:05:47.0351 0420  IRENUM - ok
13:05:47.0382 0420  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:05:47.0413 0420  isapnp - ok
13:05:47.0445 0420  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:05:47.0491 0420  iScsiPrt - ok
13:05:47.0507 0420  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:05:47.0523 0420  kbdclass - ok
13:05:47.0554 0420  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:05:47.0585 0420  kbdhid - ok
13:05:47.0601 0420  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:05:47.0616 0420  KeyIso - ok
13:05:47.0647 0420  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:05:47.0679 0420  KSecDD - ok
13:05:47.0710 0420  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:05:47.0725 0420  KSecPkg - ok
13:05:47.0741 0420  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:05:47.0788 0420  ksthunk - ok
13:05:47.0819 0420  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:05:47.0866 0420  KtmRm - ok
13:05:47.0928 0420  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:05:47.0991 0420  LanmanServer - ok
13:05:48.0037 0420  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:05:48.0084 0420  LanmanWorkstation - ok
13:05:48.0131 0420  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:05:48.0178 0420  lltdio - ok
13:05:48.0209 0420  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:05:48.0271 0420  lltdsvc - ok
13:05:48.0287 0420  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:05:48.0318 0420  lmhosts - ok
13:05:48.0365 0420  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:05:48.0381 0420  LSI_FC - ok
13:05:48.0396 0420  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:05:48.0412 0420  LSI_SAS - ok
13:05:48.0427 0420  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:05:48.0443 0420  LSI_SAS2 - ok
13:05:48.0459 0420  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:05:48.0474 0420  LSI_SCSI - ok
13:05:48.0490 0420  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:05:48.0537 0420  luafv - ok
13:05:48.0615 0420  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:05:48.0630 0420  MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
13:05:48.0630 0420  MBAMProtector - detected UnsignedFile.Multi.Generic (1)
13:05:48.0724 0420  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:05:48.0771 0420  MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
13:05:48.0771 0420  MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
13:05:48.0849 0420  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:05:48.0911 0420  MBAMService ( UnsignedFile.Multi.Generic ) - warning
13:05:48.0911 0420  MBAMService - detected UnsignedFile.Multi.Generic (1)
13:05:48.0942 0420  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:05:48.0973 0420  Mcx2Svc - ok
13:05:48.0989 0420  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:05:49.0005 0420  megasas - ok
13:05:49.0036 0420  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:05:49.0067 0420  MegaSR - ok
13:05:49.0129 0420  Microsoft SharePoint Workspace Audit Service - ok
13:05:49.0161 0420  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:05:49.0223 0420  MMCSS - ok
13:05:49.0239 0420  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:05:49.0285 0420  Modem - ok
13:05:49.0317 0420  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:05:49.0348 0420  monitor - ok
13:05:49.0395 0420  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:05:49.0410 0420  mouclass - ok
13:05:49.0426 0420  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:05:49.0473 0420  mouhid - ok
13:05:49.0519 0420  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:05:49.0535 0420  mountmgr - ok
13:05:49.0597 0420  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:05:49.0629 0420  MozillaMaintenance - ok
13:05:49.0644 0420  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:05:49.0660 0420  mpio - ok
13:05:49.0691 0420  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:05:49.0769 0420  mpsdrv - ok
13:05:49.0816 0420  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:05:49.0894 0420  MpsSvc - ok
13:05:49.0925 0420  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:05:49.0987 0420  MRxDAV - ok
13:05:50.0019 0420  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:50.0081 0420  mrxsmb - ok
13:05:50.0112 0420  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:50.0143 0420  mrxsmb10 - ok
13:05:50.0159 0420  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:50.0190 0420  mrxsmb20 - ok
13:05:50.0237 0420  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:05:50.0253 0420  msahci - ok
13:05:50.0299 0420  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:05:50.0331 0420  msdsm - ok
13:05:50.0346 0420  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:05:50.0377 0420  MSDTC - ok
13:05:50.0409 0420  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:05:50.0455 0420  Msfs - ok
13:05:50.0471 0420  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:05:50.0502 0420  mshidkmdf - ok
13:05:50.0533 0420  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:05:50.0565 0420  msisadrv - ok
13:05:50.0596 0420  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:05:50.0658 0420  MSiSCSI - ok
13:05:50.0658 0420  msiserver - ok
13:05:50.0689 0420  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:05:50.0721 0420  MSKSSRV - ok
13:05:50.0736 0420  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:50.0783 0420  MSPCLOCK - ok
13:05:50.0799 0420  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:05:50.0845 0420  MSPQM - ok
13:05:50.0877 0420  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:05:50.0908 0420  MsRPC - ok
13:05:50.0955 0420  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:05:50.0955 0420  mssmbios - ok
13:05:50.0986 0420  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:05:51.0064 0420  MSTEE - ok
13:05:51.0079 0420  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:05:51.0111 0420  MTConfig - ok
13:05:51.0126 0420  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:05:51.0142 0420  Mup - ok
13:05:51.0189 0420  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:05:51.0220 0420  napagent - ok
13:05:51.0267 0420  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:05:51.0313 0420  NativeWifiP - ok
13:05:51.0391 0420  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
13:05:51.0423 0420  NAUpdate - ok
13:05:51.0454 0420  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:05:51.0469 0420  NDIS - ok
13:05:51.0501 0420  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:51.0547 0420  NdisCap - ok
13:05:51.0594 0420  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:51.0657 0420  NdisTapi - ok
13:05:51.0703 0420  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:51.0766 0420  Ndisuio - ok
13:05:51.0797 0420  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:51.0844 0420  NdisWan - ok
13:05:51.0891 0420  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:05:51.0937 0420  NDProxy - ok
13:05:52.0000 0420  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:05:52.0078 0420  NetBIOS - ok
13:05:52.0125 0420  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:05:52.0171 0420  NetBT - ok
13:05:52.0187 0420  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:05:52.0203 0420  Netlogon - ok
13:05:52.0234 0420  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:05:52.0281 0420  Netman - ok
13:05:52.0312 0420  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:05:52.0374 0420  netprofm - ok
13:05:52.0405 0420  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:05:52.0421 0420  NetTcpPortSharing - ok
13:05:52.0452 0420  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:05:52.0468 0420  nfrd960 - ok
13:05:52.0515 0420  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:05:52.0546 0420  NlaSvc - ok
13:05:52.0577 0420  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:05:52.0608 0420  Npfs - ok
13:05:52.0639 0420  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:05:52.0671 0420  nsi - ok
13:05:52.0686 0420  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:05:52.0749 0420  nsiproxy - ok
13:05:52.0811 0420  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:05:52.0873 0420  Ntfs - ok
13:05:52.0889 0420  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:05:52.0967 0420  Null - ok
13:05:53.0076 0420  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:05:53.0107 0420  nvraid - ok
13:05:53.0139 0420  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:05:53.0170 0420  nvstor - ok
13:05:53.0217 0420  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:05:53.0248 0420  nv_agp - ok
13:05:53.0263 0420  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:05:53.0310 0420  ohci1394 - ok
13:05:53.0357 0420  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:53.0388 0420  ose - ok
13:05:53.0544 0420  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:05:53.0794 0420  osppsvc - ok
13:05:53.0841 0420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:05:53.0887 0420  p2pimsvc - ok
13:05:53.0903 0420  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:05:53.0950 0420  p2psvc - ok
13:05:54.0075 0420  [ F7BAC457D6AE2F7E18FA69C8180A7843 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
13:05:54.0153 0420  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
13:05:54.0153 0420  PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
13:05:54.0184 0420  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:05:54.0199 0420  Parport - ok
13:05:54.0246 0420  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:05:54.0262 0420  partmgr - ok
13:05:54.0277 0420  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:05:54.0309 0420  PcaSvc - ok
13:05:54.0340 0420  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:05:54.0355 0420  pci - ok
13:05:54.0371 0420  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:05:54.0387 0420  pciide - ok
13:05:54.0418 0420  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:05:54.0433 0420  pcmcia - ok
13:05:54.0449 0420  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:05:54.0465 0420  pcw - ok
13:05:54.0480 0420  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:05:54.0543 0420  PEAUTH - ok
13:05:54.0605 0420  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:05:54.0636 0420  PerfHost - ok
13:05:54.0699 0420  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:05:54.0777 0420  pla - ok
13:05:54.0808 0420  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:05:54.0855 0420  PlugPlay - ok
13:05:54.0886 0420  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:05:54.0917 0420  PNRPAutoReg - ok
13:05:54.0933 0420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:05:54.0948 0420  PNRPsvc - ok
13:05:54.0995 0420  [ 33328FA8A580885AB0065BE6DB266E9F ] Point64         C:\Windows\system32\DRIVERS\point64.sys
13:05:55.0011 0420  Point64 - ok
13:05:55.0057 0420  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:05:55.0120 0420  PolicyAgent - ok
13:05:55.0151 0420  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:05:55.0198 0420  Power - ok
13:05:55.0245 0420  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:05:55.0291 0420  PptpMiniport - ok
13:05:55.0307 0420  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:05:55.0354 0420  Processor - ok
13:05:55.0385 0420  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:05:55.0447 0420  ProfSvc - ok
13:05:55.0463 0420  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:55.0479 0420  ProtectedStorage - ok
13:05:55.0525 0420  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:05:55.0603 0420  Psched - ok
13:05:55.0681 0420  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
13:05:55.0697 0420  PSI - ok
13:05:55.0759 0420  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:05:55.0775 0420  PxHlpa64 - ok
13:05:55.0837 0420  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:05:55.0884 0420  ql2300 - ok
13:05:55.0915 0420  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:05:55.0931 0420  ql40xx - ok
13:05:55.0947 0420  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:05:55.0978 0420  QWAVE - ok
13:05:55.0993 0420  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:05:56.0025 0420  QWAVEdrv - ok
13:05:56.0040 0420  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:05:56.0071 0420  RasAcd - ok
13:05:56.0103 0420  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:05:56.0134 0420  RasAgileVpn - ok
13:05:56.0149 0420  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:05:56.0196 0420  RasAuto - ok
13:05:56.0227 0420  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:56.0305 0420  Rasl2tp - ok
13:05:56.0368 0420  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:05:56.0430 0420  RasMan - ok
13:05:56.0461 0420  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:56.0539 0420  RasPppoe - ok
13:05:56.0555 0420  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:05:56.0617 0420  RasSstp - ok
13:05:56.0664 0420  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:05:56.0727 0420  rdbss - ok
13:05:56.0742 0420  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:05:56.0773 0420  rdpbus - ok
13:05:56.0805 0420  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:56.0836 0420  RDPCDD - ok
13:05:56.0867 0420  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:05:56.0945 0420  RDPENCDD - ok
13:05:56.0961 0420  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:05:56.0992 0420  RDPREFMP - ok
13:05:57.0039 0420  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:05:57.0085 0420  RdpVideoMiniport - ok
13:05:57.0101 0420  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:05:57.0163 0420  RDPWD - ok
13:05:57.0226 0420  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:05:57.0257 0420  rdyboost - ok
13:05:57.0288 0420  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:05:57.0335 0420  RemoteAccess - ok
13:05:57.0366 0420  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:05:57.0429 0420  RemoteRegistry - ok
13:05:57.0460 0420  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:05:57.0491 0420  RFCOMM - ok
13:05:57.0507 0420  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:05:57.0553 0420  RpcEptMapper - ok
13:05:57.0569 0420  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:05:57.0600 0420  RpcLocator - ok
13:05:57.0663 0420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:05:57.0709 0420  RpcSs - ok
13:05:57.0741 0420  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:05:57.0787 0420  rspndr - ok
13:05:57.0803 0420  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:05:57.0819 0420  RTL8167 - ok
13:05:57.0881 0420  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\Windows\SysWOW64\drivers\rtport.sys
13:05:57.0912 0420  rtport - ok
13:05:57.0928 0420  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
13:05:57.0959 0420  SABI - ok
13:05:57.0975 0420  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:05:57.0990 0420  SamSs - ok
13:05:58.0021 0420  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:05:58.0053 0420  sbp2port - ok
13:05:58.0068 0420  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:05:58.0146 0420  SCardSvr - ok
13:05:58.0193 0420  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:05:58.0271 0420  scfilter - ok
13:05:58.0333 0420  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:05:58.0411 0420  Schedule - ok
13:05:58.0443 0420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:05:58.0505 0420  SCPolicySvc - ok
13:05:58.0505 0420  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:05:58.0552 0420  SDRSVC - ok
13:05:58.0661 0420  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:05:58.0708 0420  SDUpdateService - ok
13:05:58.0739 0420  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:05:58.0786 0420  secdrv - ok
13:05:58.0833 0420  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:05:58.0911 0420  seclogon - ok
13:05:58.0989 0420  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
13:05:59.0051 0420  Secunia PSI Agent - ok
13:05:59.0082 0420  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
13:05:59.0113 0420  Secunia Update Agent - ok
13:05:59.0160 0420  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
13:05:59.0223 0420  SENS - ok
13:05:59.0254 0420  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:05:59.0285 0420  SensrSvc - ok
13:05:59.0332 0420  [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
13:05:59.0363 0420  Sentinel64 - ok
13:05:59.0410 0420  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:05:59.0441 0420  Serenum - ok
13:05:59.0472 0420  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:05:59.0503 0420  Serial - ok
13:05:59.0566 0420  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:05:59.0597 0420  sermouse - ok
13:05:59.0628 0420  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:05:59.0706 0420  SessionEnv - ok
13:05:59.0737 0420  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:05:59.0784 0420  sffdisk - ok
13:05:59.0800 0420  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:05:59.0831 0420  sffp_mmc - ok
13:05:59.0831 0420  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:05:59.0862 0420  sffp_sd - ok
13:05:59.0909 0420  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:05:59.0925 0420  sfloppy - ok
13:05:59.0971 0420  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:06:00.0034 0420  SharedAccess - ok
13:06:00.0065 0420  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:06:00.0112 0420  ShellHWDetection - ok
13:06:00.0143 0420  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:06:00.0159 0420  SiSRaid2 - ok
13:06:00.0190 0420  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:06:00.0205 0420  SiSRaid4 - ok
13:06:00.0252 0420  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:06:00.0330 0420  SkypeUpdate - ok
13:06:00.0361 0420  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:06:00.0408 0420  Smb - ok
13:06:00.0455 0420  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:06:00.0486 0420  SNMPTRAP - ok
13:06:00.0517 0420  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:06:00.0533 0420  spldr - ok
13:06:00.0580 0420  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:06:00.0611 0420  Spooler - ok
13:06:00.0720 0420  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:06:00.0845 0420  sppsvc - ok
13:06:00.0876 0420  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:06:00.0923 0420  sppuinotify - ok
13:06:00.0970 0420  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:06:01.0001 0420  srv - ok
13:06:01.0032 0420  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:06:01.0063 0420  srv2 - ok
13:06:01.0110 0420  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:06:01.0157 0420  srvnet - ok
13:06:01.0188 0420  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:06:01.0266 0420  SSDPSRV - ok
13:06:01.0282 0420  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:06:01.0313 0420  SstpSvc - ok
13:06:01.0329 0420  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:06:01.0344 0420  stexstor - ok
13:06:01.0407 0420  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:06:01.0438 0420  StillCam - ok
13:06:01.0500 0420  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:06:01.0531 0420  stisvc - ok
13:06:01.0578 0420  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:06:01.0594 0420  swenum - ok
13:06:01.0812 0420  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:06:01.0875 0420  swprv - ok
13:06:01.0937 0420  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:06:01.0999 0420  SysMain - ok
13:06:02.0031 0420  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:06:02.0046 0420  TabletInputService - ok
13:06:02.0280 0420  [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
13:06:02.0561 0420  TabletServicePen - ok
13:06:02.0670 0420  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:06:02.0717 0420  TapiSrv - ok
13:06:02.0733 0420  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:06:02.0811 0420  TBS - ok
13:06:02.0905 0420  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:06:02.0968 0420  Tcpip - ok
13:06:02.0999 0420  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:06:03.0046 0420  TCPIP6 - ok
13:06:03.0092 0420  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:06:03.0124 0420  tcpipreg - ok
13:06:03.0170 0420  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:06:03.0202 0420  TDPIPE - ok
13:06:03.0233 0420  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:06:03.0280 0420  TDTCP - ok
13:06:03.0326 0420  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:06:03.0420 0420  tdx - ok
13:06:03.0451 0420  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:06:03.0467 0420  TermDD - ok
13:06:03.0498 0420  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:06:03.0576 0420  TermService - ok
13:06:03.0607 0420  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:06:03.0654 0420  Themes - ok
13:06:03.0685 0420  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:06:03.0716 0420  THREADORDER - ok
13:06:03.0779 0420  [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
13:06:03.0826 0420  TouchServicePen - ok
13:06:03.0857 0420  [ 8DD33A57339ADAE34CDB12994ACBC50F ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
13:06:03.0872 0420  Tpkd - ok
13:06:03.0888 0420  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:06:03.0935 0420  TrkWks - ok
13:06:03.0997 0420  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:06:04.0075 0420  TrustedInstaller - ok
13:06:04.0106 0420  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:06:04.0184 0420  tssecsrv - ok
13:06:04.0216 0420  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:06:04.0247 0420  TsUsbFlt - ok
13:06:04.0309 0420  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:06:04.0372 0420  tunnel - ok
13:06:04.0418 0420  [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
13:06:04.0418 0420  TurboB - ok
13:06:04.0465 0420  [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:06:04.0481 0420  TurboBoost - ok
13:06:04.0512 0420  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:06:04.0528 0420  uagp35 - ok
13:06:04.0559 0420  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:06:04.0621 0420  udfs - ok
13:06:04.0652 0420  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:06:04.0699 0420  UI0Detect - ok
13:06:04.0746 0420  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:06:04.0777 0420  uliagpkx - ok
13:06:04.0824 0420  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
13:06:04.0855 0420  umbus - ok
13:06:04.0886 0420  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:06:04.0902 0420  UmPass - ok
13:06:04.0933 0420  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:06:04.0996 0420  upnphost - ok
13:06:05.0027 0420  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:06:05.0074 0420  USBAAPL64 - ok
13:06:05.0120 0420  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:06:05.0167 0420  usbaudio - ok
13:06:05.0183 0420  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:06:05.0245 0420  usbccgp - ok
13:06:05.0292 0420  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:06:05.0339 0420  usbcir - ok
13:06:05.0386 0420  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:06:05.0432 0420  usbehci - ok
13:06:05.0464 0420  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:06:05.0510 0420  usbhub - ok
13:06:05.0526 0420  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:06:05.0573 0420  usbohci - ok
13:06:05.0620 0420  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:06:05.0666 0420  usbprint - ok
13:06:05.0698 0420  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:06:05.0713 0420  usbscan - ok
13:06:05.0729 0420  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:06:05.0776 0420  USBSTOR - ok
13:06:05.0791 0420  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:06:05.0838 0420  usbuhci - ok
13:06:05.0885 0420  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:06:05.0932 0420  usbvideo - ok
13:06:05.0963 0420  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:06:06.0010 0420  UxSms - ok
13:06:06.0041 0420  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:06:06.0041 0420  VaultSvc - ok
13:06:06.0103 0420  [ B0A8C5BC95689A130F9E05492341833D ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:06:06.0134 0420  VBoxNetAdp - ok
13:06:06.0134 0420  VBoxNetFlt - ok
13:06:06.0181 0420  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:06:06.0212 0420  vdrvroot - ok
13:06:06.0259 0420  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:06:06.0353 0420  vds - ok
13:06:06.0384 0420  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:06:06.0400 0420  vga - ok
13:06:06.0415 0420  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:06:06.0509 0420  VgaSave - ok
13:06:06.0540 0420  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:06:06.0587 0420  vhdmp - ok
13:06:06.0587 0420  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:06:06.0602 0420  viaide - ok
13:06:06.0618 0420  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:06:06.0634 0420  volmgr - ok
13:06:06.0680 0420  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:06:06.0712 0420  volmgrx - ok
13:06:06.0727 0420  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:06:06.0758 0420  volsnap - ok
13:06:06.0790 0420  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:06:06.0821 0420  vsmraid - ok
13:06:06.0899 0420  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:06:06.0992 0420  VSS - ok
13:06:06.0992 0420  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:06:07.0024 0420  vwifibus - ok
13:06:07.0055 0420  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:06:07.0086 0420  vwififlt - ok
13:06:07.0133 0420  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:06:07.0195 0420  W32Time - ok
13:06:07.0242 0420  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
13:06:07.0258 0420  wacommousefilter - ok
13:06:07.0258 0420  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:06:07.0289 0420  WacomPen - ok
13:06:07.0351 0420  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
13:06:07.0382 0420  wacomvhid - ok
13:06:07.0429 0420  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:06:07.0507 0420  WANARP - ok
13:06:07.0507 0420  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:06:07.0538 0420  Wanarpv6 - ok
13:06:07.0601 0420  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:06:07.0679 0420  wbengine - ok
13:06:07.0694 0420  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:06:07.0741 0420  WbioSrvc - ok
13:06:07.0788 0420  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:06:07.0850 0420  wcncsvc - ok
13:06:07.0866 0420  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:06:07.0897 0420  WcsPlugInService - ok
13:06:07.0928 0420  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:06:07.0944 0420  Wd - ok
13:06:07.0975 0420  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:06:08.0006 0420  Wdf01000 - ok
13:06:08.0022 0420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:06:08.0147 0420  WdiServiceHost - ok
13:06:08.0147 0420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:06:08.0162 0420  WdiSystemHost - ok
13:06:08.0240 0420  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:06:08.0303 0420  WebClient - ok
13:06:08.0334 0420  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:06:08.0412 0420  Wecsvc - ok
13:06:08.0428 0420  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:06:08.0474 0420  wercplsupport - ok
13:06:08.0490 0420  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:06:08.0537 0420  WerSvc - ok
13:06:08.0584 0420  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:06:08.0630 0420  WfpLwf - ok
13:06:08.0646 0420  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:06:08.0662 0420  WIMMount - ok
13:06:08.0677 0420  WinDefend - ok
13:06:08.0693 0420  WinHttpAutoProxySvc - ok
13:06:08.0755 0420  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:06:08.0818 0420  Winmgmt - ok
13:06:08.0896 0420  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:06:08.0989 0420  WinRM - ok
13:06:09.0067 0420  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:06:09.0098 0420  WinUsb - ok
13:06:09.0145 0420  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:06:09.0192 0420  Wlansvc - ok
13:06:09.0223 0420  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:06:09.0254 0420  wlcrasvc - ok
13:06:09.0364 0420  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:06:09.0410 0420  wlidsvc - ok
13:06:09.0442 0420  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:06:09.0488 0420  WmiAcpi - ok
13:06:09.0504 0420  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:06:09.0551 0420  wmiApSrv - ok
13:06:09.0566 0420  WMPNetworkSvc - ok
13:06:09.0598 0420  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:06:09.0629 0420  WPCSvc - ok
13:06:09.0660 0420  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:06:09.0691 0420  WPDBusEnum - ok
13:06:09.0722 0420  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:06:09.0785 0420  ws2ifsl - ok
13:06:09.0800 0420  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
13:06:09.0816 0420  wscsvc - ok
13:06:09.0816 0420  WSearch - ok
13:06:09.0910 0420  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:06:09.0988 0420  wuauserv - ok
13:06:10.0019 0420  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:06:10.0066 0420  WudfPf - ok
13:06:10.0112 0420  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:06:10.0144 0420  WUDFRd - ok
13:06:10.0190 0420  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:06:10.0222 0420  wudfsvc - ok
13:06:10.0268 0420  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:06:10.0331 0420  WwanSvc - ok
13:06:10.0378 0420  [ E1E858AEF2ED420CBB7605D3ECCEC69A ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
13:06:10.0409 0420  yukonw7 - ok
13:06:10.0424 0420  ================ Scan global ===============================
13:06:10.0456 0420  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:06:10.0487 0420  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:06:10.0502 0420  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:06:10.0534 0420  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:06:10.0565 0420  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:06:10.0565 0420  [Global] - ok
13:06:10.0565 0420  ================ Scan MBR ==================================
13:06:10.0580 0420  [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
13:06:10.0736 0420  \Device\Harddisk0\DR0 - ok
13:06:10.0736 0420  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
13:06:20.0923 0420  \Device\Harddisk1\DR1 - ok
13:06:20.0923 0420  ================ Scan VBR ==================================
13:06:20.0939 0420  [ 98FA392A7F5F4A5EAE8D5AA6861452C8 ] \Device\Harddisk0\DR0\Partition1
13:06:20.0939 0420  \Device\Harddisk0\DR0\Partition1 - ok
13:06:20.0970 0420  [ 5D03D53EE8858B2C412D5F791E558890 ] \Device\Harddisk0\DR0\Partition2
13:06:20.0970 0420  \Device\Harddisk0\DR0\Partition2 - ok
13:06:20.0970 0420  [ 9F640D1C3D5CF895788E7628DCE2E51E ] \Device\Harddisk0\DR0\Partition3
13:06:20.0970 0420  \Device\Harddisk0\DR0\Partition3 - ok
13:06:20.0986 0420  [ E22DFB7C4B69F52639EBDA2C29D5FD29 ] \Device\Harddisk1\DR1\Partition1
13:06:20.0986 0420  \Device\Harddisk1\DR1\Partition1 - ok
13:06:20.0986 0420  ============================================================
13:06:20.0986 0420  Scan finished
13:06:20.0986 0420  ============================================================
13:06:21.0001 3016  Detected object count: 6
13:06:21.0001 3016  Actual detected object count: 6
13:06:54.0853 3016  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0853 3016  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:06:54.0853 3016  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0853 3016  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:06:54.0853 3016  MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0853 3016  MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:06:54.0853 3016  MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0853 3016  MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:06:54.0853 3016  MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0853 3016  MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:06:54.0869 3016  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:54.0869 3016  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:07:03.0886 4120  Deinitialize success

markusg · 09.07.2013, 12:23

Hi,
1. poste alle bisher erstellten Malwarebytes Logs mit Funden.
http://www.trojaner-board.de/125889-...en-posten.html

2.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Benwick · 09.07.2013, 13:09

Von Malewarebytes habe ich keine Logs mit Funden. Soll ich einen neuen Scan durchführen?

Hier das CombofixLog. nach dem neustart kam die Fehlermeldung und ich habe neu gestartet. Im log sieht es so aus, als wäre nicht alles durchgeführt worden, oder?

Code:

ATTFilter

ComboFix 13-07-09.01 - ****** 09.07.2013  13:42:56.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3946.2618 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\******\AppData\Local\Temp\7zS57E4\HPSLPSVC64.DLL
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 11:55 . 2013-02-19 03:57	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0895F068-A5DF-46DA-B448-3E8D02BB30F3}\mpengine.dll
2013-07-09 11:53 . 2013-07-09 11:53	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-07-09 11:53 . 2013-07-09 11:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-09 11:05 . 2013-07-09 10:22	--------	d-----w-	C:\FRST
2013-07-05 06:27 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A5B6739-298D-47A2-8C5E-C5F875F8BDB9}\mpengine.dll
2013-06-13 00:13 . 2013-05-17 01:25	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\program files\iTunes
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\program files\iPod
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 00:14 . 2011-06-17 17:23	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 13:31 . 2012-09-19 13:58	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:31 . 2012-09-19 13:58	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 01:07 . 2010-06-24 02:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 12:33 . 2007-04-27 08:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2013-05-02 00:06 . 2011-06-17 15:39	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 07:27	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:27	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:27	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:27	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:27	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:27	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:43	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-12 09:41 . 2013-04-27 10:51	237840	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-04-12 09:41 . 2013-04-12 09:41	131856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-04-12 09:40 . 2013-04-27 10:50	120080	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Kryptografiedienst Fehler !!
.
Supplementary scan did not complete!
.
.
.

markusg · 09.07.2013, 13:16

Ja, sieht so aus, kannnst du CF noch mal laufen lassen?

Benwick · 09.07.2013, 13:44

Hier noch einmal

Code:

ATTFilter

ComboFix 13-07-09.01 - ****** 09.07.2013  14:20:58.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3946.2569 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 12:31 . 2013-07-09 12:31	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-07-09 12:31 . 2013-07-09 12:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-09 11:05 . 2013-07-09 10:22	--------	d-----w-	C:\FRST
2013-07-05 06:27 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A5B6739-298D-47A2-8C5E-C5F875F8BDB9}\mpengine.dll
2013-07-02 16:08 . 2013-07-02 16:08	--------	d-----w-	c:\users\******\AppData\Roaming\PlagFinder
2013-07-02 16:06 . 2013-07-02 16:06	870682	----a-w-	c:\windows\PlagiarismFinder 2.1 Uninstaller.exe
2013-06-13 00:13 . 2013-05-17 01:25	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\program files\iTunes
2013-06-12 23:48 . 2013-06-12 23:48	--------	d-----w-	c:\program files\iPod
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-12 23:44 . 2013-06-12 23:44	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 00:14 . 2011-06-17 17:23	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 13:31 . 2012-09-19 13:58	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:31 . 2012-09-19 13:58	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 01:07 . 2010-06-24 02:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 12:33 . 2007-04-27 08:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2013-05-02 00:06 . 2011-06-17 15:39	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 07:27	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:27	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:27	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:27	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:27	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:27	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:43	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-12 09:41 . 2013-04-27 10:51	237840	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-04-12 09:41 . 2013-04-12 09:41	131856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-04-12 09:40 . 2013-04-27 10:50	120080	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 3666944]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AJ480VF05PJ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
R4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 13:31]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 00:59]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.benwick.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ga61upru.default\
FF - ExtSQL: !HIDDEN! 2013-01-27 14:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09  14:33:57
ComboFix-quarantined-files.txt  2013-07-09 12:33
ComboFix2.txt  2013-07-09 11:58
.
Vor Suchlauf: 18 Verzeichnis(se), 90.454.966.272 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 89.983.946.752 Bytes frei
.
- - End Of File - - 1C1C16258D97C2394ABB3DB7C8F58ABD
D41D8CD98F00B204E9800998ECF8427E

markusg · 09.07.2013, 13:55

Passt nun.
Bist du so gut, updatest Malwarebytes, machst einen komplett Scan, danach Funde löschen, Log posten.

2.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Benwick · 09.07.2013, 16:14

Erstmal das Malwarebytes Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
******:: BIGT [Administrator]

09.07.2013 15:04:57
mbam-log-2013-07-09 (15-04-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 626603
Laufzeit: 2 Stunde(n), 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\FRST\Quarantine.zip (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\skype.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und CCleaner

Code:

ATTFilter

7-Zip 9.20 (x64 edition)	Igor Pavlov	27.08.2012	4,53MB	9.20.00.0 notwendig
Ableton Live 8	Ableton	13.07.2012	1,50GB	8.0.0.0 unnötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.06.2013	6,00MB	11.7.700.224 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.06.2013	6,00MB	11.7.700.224 notwendig
Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	16.05.2013	122MB	10.1.7 notwendig
Ahnenblatt 2.70	Dirk Boettcher	11.11.2011	10,9MB	2.70.0.0 notwendig
Apple Application Support	Apple Inc.	13.06.2013	64,6MB	2.3.4 unbekannt (gehört wohl zu iTunes)
Apple Mobile Device Support	Apple Inc.	03.04.2013	25,2MB	6.1.0.13 unbekannt
Apple Software Update	Apple Inc.	17.06.2011	2,25MB	2.1.3.127 notwendig
Atheros Client Installation Program	Atheros	24.11.2010		1.0.5.0621 unbekannt
ATI Catalyst Install Manager	ATI Technologies, Inc.	24.11.2010	22,3MB	3.0.782.0 unbekannt
Audacity 1.3.13 (Unicode)	Audacity Team	22.06.2011	40,1MB	notwendig
Avira Free Antivirus	Avira	04.07.2013	108MB	12.1.9.2400 notwendig
Bamboo	Wacom Technology Corp.	29.08.2012		5.2.5-5 notwendig
Bamboo Dock	Wacom Co., Ltd.	29.08.2012		4.0 notwendig
BatteryLifeExtender	Samsung	24.11.2010	31,5MB	1.0.5 unbekannt
Biet-O-Matic v2.14.8	BOM Development Team	24.07.2011		Biet-O-Matic v2.14.8 notwendig
Bigasoft MOV Converter 3.3.30.4176	Bigasoft Corporation	10.06.2012 unnötig		
Bonjour	Apple Inc.	19.10.2011	2,00MB	3.0.0.10 unbekannt
Broadcom 802.11 Network Adapter	Broadcom Corporation	24.11.2010		5.60.48.44 notwendig
CCleaner	Piriform	19.06.2013		4.03 notwendig
CD Art Display 2.0.1	CD Art Display	25.03.2012 unnötig		
CINEMA 4D Demo 13.017	MAXON Computer GmbH	31.05.2012	2,60GB	13.017 unnötig
CyberLink YouCam	CyberLink Corp.	17.06.2011	77,2MB	2.0.3911 notwendig
DAEMON Tools Lite	DT Soft Ltd	09.11.2011		4.41.3.0173 notwendig
DivX-Setup	DivX, LLC	24.09.2011		2.6.0.34 notwendig
Dropbox	Dropbox, Inc.	03.06.2013		2.0.22 notwendig
DVD Shrink 3.2	DVD Shrink	04.11.2011 unnötig		
Easy Content Share	Samsung Electronics Co., LTD	24.11.2010	12,4MB	1.0.0.13 Unbekannt
Easy Display Manager	Samsung Electronics Co., Ltd.	24.11.2010		3.2Unbekannt
Easy Network Manager	Samsung	24.11.2010	34,9MB	4.3.3 Unbekannt
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	24.11.2010		2.1.0.11 Unbekannt
EasyBatteryManager	Samsung	24.11.2010		4.0.0.4 Unbekannt
EasyFileShare	Samsung	24.11.2010	29,4MB	1.0.3 Unbekannt
ETDWare PS/2-x64 7.0.7.0_WHQL	ELAN Microelectronics Corp.	24.11.2010		7.0.7.0 Unbekannt
EVEREST Home Edition v2.20	Lavalys Inc	05.11.2011		2.20 notwendig
Facebook Video Calling 1.2.0.287	Skype Limited	28.02.2013	4,76MB	1.2.287 unnötig
FIFA 2004		12.11.2011 notwendig		
FileZilla Client 3.5.3	FileZilla Project	22.07.2012	16,5MB	3.5.3 notwendig
Firebird SQL Server - MAGIX Edition	MAGIX AG	02.05.2013	11,5MB	2.1.31.0 Unbekannt
Free Studio version 5.9.0.1212	DVDVideoSoft Ltd.	27.01.2013	561MB	5.9.0.1212 notwendig
Free Video to DVD Converter version 1.6.22.804	DVDVideoSoft Limited.	30.10.2011	44,0MB	notwendig
GanttProject		09.11.2011 unnötig		
GetDataBack for FAT	Runtime Software	05.09.2012		4.22.000 notwendig
Google Earth	Google	24.03.2013	173MB	7.0.3.8542 notwendig
Google SketchUp 8	Google, Inc.	19.01.2012	73,2MB	3.0.11762 notwendig
grafstat4	DrSoft	19.06.2011		4.24 unnötig
Guitar Pro 5.2	Arobas Music	17.06.2011 notwendig		
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	12.03.2013	116MB	28.0.1315.0 notwendig
HP Deskjet 3050A J611 series Hilfe	Hewlett Packard	12.03.2013	8,77MB	140.0.2.2 notwedngi
HP Update	Hewlett-Packard	12.03.2013	3,98MB	5.003.003.001 notwendig
ICQ7.5	ICQ	19.07.2011		7.5 unnötig
Intel(R) Rapid Storage Technology	Intel Corporation	09.07.2013		9.6.3.1001 Unbekannt
Intel(R) Turbo Boost Technology Driver	Intel Corporation	24.11.2010		01.02.00.1002Unbekannt
IrfanView (remove only)	Irfan Skiljan	15.12.2012	2,00MB	4.35 notwendig
iTunes	Apple Inc.	13.06.2013	187MB	11.0.4.4 notwendig
Java 7 Update 17	Oracle	22.03.2013	130MB	7.0.170 notwendig 
Java 7 Update 17 (64-bit)	Oracle	22.03.2013	128MB	7.0.170 notwendig
Java(TM) SE Runtime Environment 6 Update 6	##ID_STRING_COMPANY_NAME##	12.05.2013	27,0MB	1.6.0.60 notwendig
JavaFX 2.1.1	Oracle Corporation	18.06.2012	20,8MB	2.1.1 notwendig
JDownloader 0.9	AppWork GmbH	12.04.2012		0.9 notwendig
KeePass Password Safe 2.19	Dominik Reichl	16.08.2012	5,76MB notwendig	
Last.fm Scrobbler 2.1.35	Last.fm	09.03.2013	47,7MB	notwendig
LEGO Insel 2		18.11.2011 notwendig		
License Support	PACE Anti-Piracy, Inc.	12.05.2013	4,32MB	1.1.0.0929 Unbekannt
MAGIX Content und Soundpools	MAGIX AG	02.05.2013		1.0.0.0 unnötig
MAGIX Music Maker Silver	MAGIX AG	02.05.2013		19.0.2.44 unnötig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	09.07.2013	19,2MB	1.75.0.1300 notwendig
Marvell Miniport Driver	Marvell	05.11.2011		11.45.1.3 Unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	22.06.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	22.06.2011	2,93MB	4.0.30319
Microsoft IntelliPoint 8.1	Microsoft	19.06.2011		8.15.406.0
Microsoft Office Professional Plus 2010	Microsoft Corporation	06.08.2011		14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	14.03.2013	50,6MB	5.1.20125.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	24.11.2010	1,69MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	250KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	29.11.2011	298KB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	12.03.2012	708KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	30.01.2012	246KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	24.11.2010	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	29.11.2011	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	17.06.2011	592KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	29.11.2011	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	29.11.2011	15,0MB	10.0.40219
Microsoft WSE 3.0 Runtime	Microsoft Corp.	12.12.2011	942KB	3.0.5305.0
Mozilla Firefox 22.0 (x86 de)	Mozilla	05.07.2013	46,7MB	22.0 notwendig
Mozilla Maintenance Service	Mozilla	05.07.2013	333KB	22.0 Unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	02.05.2013	1,47MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694)	Microsoft Corporation	03.05.2013	1,54MB	4.30.2117.0
Nero Burning ROM 11	Nero AG	29.11.2011	265MB	11.0.10400 notwendig
Nero Suite		19.06.2011 notwendig		
PDFCreator	Frank Heindörfer, Philip Chinery	31.08.2012		1.5.0 notwendig
PDFTK Builder 3.5.3		31.08.2012 notwendig		
Picasa 3	Google, Inc.	22.03.2013 notwendig		3.9
PosteRazor	Alessandro Portale	09.02.2013		1.5 unnötig
Project64 1.6	Project64	20.06.2011	3,46MB	1.6 notwendig
QuickTime	Apple Inc.	13.06.2013	74,6MB	7.74.80.86 notwendig
Rainlendar2 (remove only)		22.06.2011 notwendig		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	24.11.2010		6.0.1.6083 Unbekannt
REALTEK Wireless LAN Software	REALTEK Semiconductor Corp.	24.11.2010		0133.09.1202 Unbekannt
Revo Uninstaller 1.94	VS Revo Group	19.09.2012		1.94 unnötig
Samsung Recovery Solution 4	Samsung	24.11.2010		4.0.0.6 Unbekannt
Samsung Support Center	Samsung	24.11.2010	45,8MB	1.0.2 Unbekannt
Samsung Update Plus	Samsung Electronics Co., Ltd.	24.11.2010		2.0 Unbekannt
Samsung_MonSetup	Samsung	30.01.2012		1.00.0000 Unbekannt
Secunia PSI (3.0.0.4001)	Secunia	10.10.2012	5,81MB	3.0.0.4001 notwendig
Sentinel Protection Installer 7.4.0	SafeNet, Inc.	12.05.2013	1,15MB	7.4.0 Unbekannt
Skype™ 5.10	Skype Technologies S.A.	06.09.2012	19,4MB	5.10.116 notwendig
Sweepi 5.4.00	YooApplications	19.06.2011		5.4.00 unnötig
TKKG11		08.05.2013 notwendig		
Tony Hawk's Pro Skater 3®	Activision Publishing, Inc.	09.11.2011		1.0 notwendig
TweakNow RegCleaner 2012	TweakNow.com	19.09.2012	23,8MB	7.2.1 unnötig
User Guide		24.11.2010		1.0
Visual C++ 64-bit Redistributables	PACE Anti-Piracy, Inc.	12.05.2013	15,8MB	1.1.0.0929 Unbekannt
Visual C++ Redistributables	PACE Anti-Piracy, Inc.	12.05.2013	20,1MB	1.1.0.0929 Unbekannt
VLC media player 2.0.5	VideoLAN	21.01.2013		2.0.5 notwendig 
VOB2MPG v3	BadgerIT	20.06.2011	9,44MB	3.2.2000 notwendig
WebTablet FB Plugin	Wacom Technology Corp.	29.08.2012		2.0.0.1 notwendig
WebTablet IE Plugin	Wacom Technology Corp.	29.08.2012		1.1.0.12 notwendig
WebTablet Netscape Plugin	Wacom Technology Corp.	29.08.2012		1.1.0.10 notwendig
Windows Live Essentials	Microsoft Corporation	24.11.2010		15.4.3502.0922 unbekannt
WinRAR 4.01 (64-Bit)	win.rar GmbH	19.06.2011		4.01.0 notwendig
XMind	XMind Ltd.	05.10.2011		3.2.1 unnötig
Xvid Video Codec	Xvid Team	01.11.2011		1.3.2 notwendig
Zattoo4 4.0.5	Zattoo Inc.	14.07.2011		4.0.5 unnötig
Überwachungstool für die Intel® Turbo-Boost-Technik	Intel	17.06.2011	2,15MB	1.0.400.4 notwendig

markusg · 09.07.2013, 16:22

Hi,
1.
deinstaliere:
Ableton
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Bigasoft
CD Art Display
CINEMA
DVD Shrink
Facebook
GanttProject
grafstat4
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
MAGIX : alle
PosteRazor
Revo : würd ich behalten, kann manchmal nützlich sein, bei fehlerhaften Deinstalationen, ist aber natürlich deine Sache :-)
Secunia : wenn du es schon hast, nutze es halt auch immer, ich sehe trotz alle dem veraltete Software, schon das aktualisieren hätte die Infektion verhindert.

deinstaliere:
Sweepi
TweakNow : weg damit, und verzichte in Zukunft auf Regcleaner!
Windows Live : alle von dir nicht verwendeten.
XMind
Zattoo4
2.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

dann neustarten.
3.
Lade Hitmanpro:
HitmanPro - Download - Filepony
Doppelklicken, Scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.

Benwick · 09.07.2013, 17:52

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 09/07/2013 um 18:43:35 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ****** - BIGT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\******\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ga61upru.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Ordner Gelöscht : C:\Users\******\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\******\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\******\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ga61upru.default\adawaretb
Ordner Gelöscht : C:\Users\******\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ga61upru.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S3].txt - [2928 octets] - [09/07/2013 18:43:35]

########## EOF - C:\AdwCleaner[S3].txt - [2988 octets] ##########