Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   "Data Restore" entfernt - Rechner komplett sauber? (https://www.trojaner-board.de/112584-data-restore-entfernt-rechner-komplett-sauber.html)

Vererena 29.03.2012 15:40
"Data Restore" entfernt - Rechner komplett sauber?
 
Hallo!

Am Dienstag habe ich mir den "Data Restore" Trojaner eingefangen.
Ich war sehr froh als ich die Anleitung zum Entfernen des Plagegeistes auf eurem Board entdeckt habe.

Der Anleitung bin ich gefolgt. Beim ersten Mal tauchten nach dem Neustart erneut die Fake-Meldungen des "Data Restore" auf. Daraufhin habe ich das ganze noch mal durchgespielt, so dass alle Fehlmeldungen verschwanden und auch die Ordner wieder sichtbar waren. Der Rootkit-Scan war übrigens immer negativ.
Ich habe seitdem den Malwarebytes-Anti-Malware-Scanner mehrmals ausgeführt, wobei auch keine infizierten Objekte mehr gefunden wurden.

Nun bin ich aber unsicher ob der Rechner tatsächlich "komplett sauber" ist und wäre euch daher sehr dankbar wenn ihr einen Blick auf meine Logs werfen würdet.
Ihr findet die Logs im Anhang. Vom Anti-Malware-Scanner findet ihr den ersten Log mit dem positiven Befund vom 27.03. und einen aktuellen, negativen von heute.

Ich hoffe, dass ich alles richtig verstanden habe und die richtigen Logfiles geladen sind. Vielen lieben Dank für eure Hilfe !!

cosinus 29.03.2012 22:14
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Vererena 30.03.2012 12:56
Danke für die fixe Antwort!

Ich habe Malwarebytes erstmalig nach dem Trojaner-Fund installiert und ausgeführt. Daher gibt es 8 Logs vom 27.03., als die Probleme auftraten und welche vom 28.03. und gestern. Ich werde sie trotzdem mal im Anhang hochladen.

Davor habe ich nur die Freeware von Antivir benutzt, die ich jetzt nach dem Trojaner deinstalliert und durch avast! ersetzt habe.

cosinus 30.03.2012 15:39
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Vererena 30.03.2012 21:05
Danke für den Tipp!

Der Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e7155bfd6c2e1d4cbb776f26a76407af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 07:48:43
# local_time=2012-03-30 09:48:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 15006 84762023 0 0
# compatibility_mode=8192 67108863 100 0 4135 4135 0 0
# scanned=206904
# found=0
# cleaned=0
# scan_time=4749

cosinus 30.03.2012 21:15
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Vererena 30.03.2012 22:10
Achsoo, okay. Ab jetzt alles in Code Tags.
Ich hoffe ich hab beim OTL Scan alle Häkchen richtig gesetzt.


Tada:
Code:
OTL logfile created on: 30.03.2012 22:36:56 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Verena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,54% Memory free
15,90 Gb Paging File | 13,40 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,22 Gb Total Space | 439,92 Gb Free Space | 64,39% Space Free | Partition Type: NTFS
Drive D: | 15,12 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
 
Computer Name: ANTONHP | User Name: Verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Verena\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74a1075c047edd51ba44cebf5ecf715c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                          )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.27 18:57:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.30 14:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.04 16:16:03 | 000,000,000 | ---D | M]
 
[2011.09.02 21:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Extensions
[2012.03.12 13:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\bydxbmjh.default\extensions
[2011.09.11 17:06:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\bydxbmjh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.23 12:58:08 | 000,000,933 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\11-suche.xml
[2012.02.23 12:58:08 | 000,002,419 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 12:58:08 | 000,010,525 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\gmx-suche.xml
[2012.02.23 12:58:08 | 000,002,457 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\lastminute.xml
[2012.02.23 12:58:08 | 000,005,508 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\webde-suche.xml
[2011.09.02 21:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.27 18:57:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYDXBMJH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYDXBMJH.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.03.30 14:56:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 12:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 12:22:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.27 12:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 12:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 12:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 12:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2140B430-FC1D-4A06-9FE7-C11A4652CD5E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D280C-A08C-4A45-9351-73FD699A5F51}: DhcpNameServer = 149.205.5.81 149.205.5.82
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 18:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.30 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7DE59BD3-859E-4014-A6AC-4B9EB957CC64}
[2012.03.29 23:39:31 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{9FC9FC32-8067-4D1F-9230-36E2577EB158}
[2012.03.29 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E5E1498F-8AD9-48B0-80F9-3934B51EE256}
[2012.03.29 00:44:03 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{805A3C3E-3E09-4345-8572-088961B756F9}
[2012.03.28 14:59:42 | 000,000,000 | ---D | C] -- C:\Users\Verena\Schreibzeug
[2012.03.28 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{F59A8384-D8BE-40A6-86C3-42B64B141FAB}
[2012.03.28 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1BE4A761-0E96-4CCE-AEBA-19A229ED521A}
[2012.03.27 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{62F36148-CB6D-40C9-BFC5-83F08E6E9B0E}
[2012.03.27 23:49:33 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6CFC8EFA-558B-422C-8B51-604ABF731095}
[2012.03.27 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Google
[2012.03.27 18:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.03.27 18:58:07 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.27 18:58:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.03.27 18:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.03.27 18:58:06 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.27 18:58:05 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.27 18:58:04 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.27 18:58:02 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.27 18:58:02 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.27 18:57:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.27 18:57:44 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.27 18:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.03.27 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.03.27 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Malwarebytes
[2012.03.27 12:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 12:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.27 12:47:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.27 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.27 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.27 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{92F4D7CC-ACC6-4B1A-A600-DF7204600C8F}
[2012.03.27 11:44:19 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B359B319-3596-430B-B56A-049133B1A5B8}
[2012.03.26 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{53A5D670-CCCC-4B2E-9682-A04D8CDC47EE}
[2012.03.26 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6627A0FB-9E3F-4315-8B2A-C32C084E1F30}
[2012.03.25 10:57:57 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6B876348-F144-4FFC-9521-52892AFEBE4C}
[2012.03.25 10:57:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0137B535-022C-478E-9BA1-F688A5332FA5}
[2012.03.24 18:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.03.24 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\HP
[2012.03.24 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{8C9A0191-6369-4EFA-96AF-BA768BDE84DE}
[2012.03.24 13:03:36 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{FF97B204-06EB-433C-A99D-B22FFDF4B27E}
[2012.03.23 19:33:17 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{936DF3A9-1A1F-4769-9C6F-EC654A517A3B}
[2012.03.23 19:33:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{327F5B6A-61F8-4D3A-B33E-8FB780F9A801}
[2012.03.23 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0E8A1308-F05A-4643-B3ED-0EFEAF65B293}
[2012.03.23 01:10:11 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{86DE3A03-2595-49D2-B2B6-97BD881F3072}
[2012.03.22 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{52F24D7B-A3E3-45A8-861A-F584580EA687}
[2012.03.22 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6C465391-88FE-4C93-9C6A-942EC1D3BAB1}
[2012.03.21 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5D8CF032-3511-413B-B81F-34B03EDF7391}
[2012.03.21 20:37:07 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{F007C06B-D976-4C8B-A822-747BCF02783E}
[2012.03.21 01:21:00 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{BA3A2929-ADB4-4005-903E-3398F0E6F7F8}
[2012.03.21 01:20:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{4148D761-EACF-4B0D-BA0B-167ACD922055}
[2012.03.20 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{980D9CFE-F466-4878-89BA-05C7233526D0}
[2012.03.20 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{EDA6A1F3-3BB8-4D40-9D0D-F0AE5FD86E72}
[2012.03.19 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7974FFDB-D432-41F5-8107-0F05E033129D}
[2012.03.19 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5BBBA0B6-EFB7-4FD0-B554-4D4086E602BC}
[2012.03.18 12:50:37 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E77A8953-D5FD-48D5-94BC-8A911341E3F7}
[2012.03.17 15:36:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B80B823B-07BF-4A60-9731-ECFCB7F8D90D}
[2012.03.17 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1D512595-7685-4717-B5C2-04CD252B097F}
[2012.03.17 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{33CAAEBE-95BB-4A2D-A47C-DD7AE4B05267}
[2012.03.17 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{BDFD6ECE-37EB-42D3-9166-F4488740C877}
[2012.03.16 12:06:35 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5E438559-3856-4D19-806F-FDCC04D9BA51}
[2012.03.16 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{CB195FD8-FA41-4700-B65A-48D33D58F655}
[2012.03.15 13:21:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E8D5AB5A-CFB7-498A-9DD5-D0215EC3F8B9}
[2012.03.15 13:21:53 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D3505055-7AA5-4AA1-A2DB-547A3EA31DF3}
[2012.03.14 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0ED2AF54-9DAE-48A8-9C93-06AE4E5F5213}
[2012.03.14 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5CA89D5A-ACC4-4329-94DE-2B111F61ADFD}
[2012.03.13 15:38:17 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{94B29E8E-25F8-4170-90A2-BC9975DBA02F}
[2012.03.13 15:38:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{DB5365FA-A11B-4827-90E1-DA4F90EDE0C4}
[2012.03.12 13:02:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D8C5DAB1-66A1-45A1-A22F-EE5D6F20421E}
[2012.03.12 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E0EAAFFA-619E-4EBD-B6D6-36B42E174A9F}
[2012.03.07 13:22:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{70F768FF-3E4F-4662-9491-75005296BA39}
[2012.03.07 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{55540994-458E-4C4B-BCF9-5E737EAB20EB}
[2012.03.06 15:35:48 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{9E542BF3-6C19-4F21-8F26-51F45D4F0394}
[2012.03.06 15:35:46 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{2A3577A1-398F-4557-BC9E-2AFAD8407431}
[2012.03.06 00:00:49 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5C425601-144C-4B59-9CEE-D75A1CC546E6}
[2012.03.05 11:48:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{C3291ABF-3314-4226-A3F1-5C3EDED730FC}
[2012.03.05 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1F63E325-AA75-4707-B8ED-87125CB231B6}
[2012.03.04 17:07:21 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{90DB17D9-5472-4783-B68B-3E9C1B5E168C}
[2012.03.04 17:07:19 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7D859632-159B-4FE9-8F8E-E61C4926B575}
[2012.03.04 02:59:53 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6E7AB8D8-C1BF-48A3-9423-20E92C0389CE}
[2012.03.04 02:59:41 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D6AC19D2-E43A-4351-992E-202664509F4E}
[2012.03.03 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{89A8AF1E-0ADE-4263-A78A-BE047EDC1B77}
[2012.03.03 14:59:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B800525C-DE5B-4EEA-84A3-5B276D610241}
[2012.03.03 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{51F9B59C-9512-42D1-B9C2-FBFEA8D05315}
[2012.03.03 01:28:16 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{2ABFB055-A8E6-4456-9F87-3E021F2A3C52}
[2012.03.02 02:30:05 | 000,000,000 | ---D | C] -- C:\Users\Verena\Documents\Schlotta Studium
[2012.03.02 02:22:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{32AFF12A-2D81-42D9-9CCB-592AB679D865}
[2012.03.02 02:22:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{DB385579-FB23-41D4-9953-EA7C495DFEC0}
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 22:16:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 18:16:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 18:06:12 | 000,222,101 | ---- | M] () -- C:\Users\Verena\Desktop\eset.png
[2012.03.30 18:05:36 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 18:05:36 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 18:03:50 | 003,522,350 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 18:03:50 | 001,480,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 18:03:50 | 001,047,326 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 18:03:50 | 000,933,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 18:03:50 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 17:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 17:58:12 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 13:47:14 | 000,009,342 | ---- | M] () -- C:\Users\Verena\Desktop\Logs Malwarebytes.zip
[2012.03.29 16:56:13 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.29 16:19:44 | 000,035,818 | ---- | M] () -- C:\Users\Verena\Desktop\Logfiles.zip
[2012.03.29 15:39:49 | 000,000,000 | ---- | M] () -- C:\Users\Verena\defogger_reenable
[2012.03.27 18:58:07 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.27 18:58:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.03.27 14:30:43 | 000,000,456 | ---- | M] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,264 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,176 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04Ar
[2012.03.27 12:47:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.27 11:43:19 | 539,522,007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.24 18:34:13 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012.03.18 18:00:29 | 000,002,742 | ---- | M] () -- C:\Users\Verena\Documents\instrus.dxp
[2012.03.18 17:33:07 | 000,001,362 | ---- | M] () -- C:\Users\Verena\Desktop\Free YouTube to MP3 Converter.lnk
[2012.03.15 19:40:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.14 21:44:26 | 002,350,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 21:52:36 | 000,001,276 | ---- | M] () -- C:\Users\Verena\Desktop\Free YouTube Download.lnk
[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.03.30 18:06:12 | 000,222,101 | ---- | C] () -- C:\Users\Verena\Desktop\eset.png
[2012.03.30 13:47:13 | 000,009,342 | ---- | C] () -- C:\Users\Verena\Desktop\Logs Malwarebytes.zip
[2012.03.29 16:19:44 | 000,035,818 | ---- | C] () -- C:\Users\Verena\Desktop\Logfiles.zip
[2012.03.29 15:39:49 | 000,000,000 | ---- | C] () -- C:\Users\Verena\defogger_reenable
[2012.03.27 18:58:18 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 18:58:12 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 18:58:07 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.27 18:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.03.27 15:34:49 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.27 14:23:39 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.27 14:23:39 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.03.27 14:23:39 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2012.03.27 14:23:39 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.27 14:23:39 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.27 14:23:38 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.03.27 14:23:38 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.27 14:23:38 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.27 14:23:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.27 14:23:38 | 000,001,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.27 14:23:38 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.27 14:23:38 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.27 14:23:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.27 14:23:38 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.27 14:23:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.27 14:23:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.27 14:23:37 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.03.27 14:23:37 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.27 14:23:35 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.03.27 14:23:35 | 000,002,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2012.03.27 14:23:35 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk
[2012.03.27 14:23:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.27 14:23:35 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.27 14:23:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.27 14:23:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.27 14:23:33 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.03.27 12:21:59 | 000,000,264 | ---- | C] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 12:21:59 | 000,000,176 | ---- | C] () -- C:\ProgramData\~eypiplihxRU04Ar
[2012.03.27 12:21:55 | 000,000,456 | ---- | C] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.24 18:34:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.03.18 17:28:24 | 000,002,742 | ---- | C] () -- C:\Users\Verena\Documents\instrus.dxp
[2012.03.15 19:40:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.05 01:35:36 | 000,001,276 | ---- | C] () -- C:\Users\Verena\Desktop\Free YouTube Download.lnk
[2011.10.12 11:13:55 | 000,005,120 | ---- | C] () -- C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.02 17:05:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.02 17:00:58 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.09.16 00:46:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011.09.15 21:38:13 | 000,000,421 | ---- | C] () -- C:\Program Files\Adobe CS3.lnk
[2011.07.07 10:53:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.07 10:45:52 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.07.07 10:44:39 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.07 10:44:38 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.07 10:44:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.07 10:44:36 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.07 10:40:18 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.04.09 20:49:45 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.02.22 16:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2011.12.23 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canneverbe Limited
[2012.03.18 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft
[2012.03.05 01:35:46 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 13:38:29 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ
[2011.12.24 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ScanSoft
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Synaptics
[2011.10.08 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Windows Live Writer
[2011.12.24 00:14:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zeon
[2011.09.03 22:37:00 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\_MDLogs
[2012.03.03 23:19:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.29 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Adobe
[2011.12.05 09:19:56 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Apple Computer
[2011.09.02 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ATI
[2011.10.02 17:55:03 | 000,000,000 | R--D | M] -- C:\Users\Verena\AppData\Roaming\Brother
[2011.12.23 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canneverbe Limited
[2011.09.10 13:11:31 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\CyberLink
[2011.09.16 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DivX
[2012.03.18 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft
[2012.03.05 01:35:46 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Hewlett-Packard
[2012.01.14 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\hpqlog
[2012.03.30 13:38:29 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ
[2011.09.02 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Identities
[2011.10.02 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\InstallShield
[2011.09.02 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Intel Corporation
[2011.09.02 18:38:15 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Macromedia
[2012.03.27 12:47:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Malwarebytes
[2011.07.07 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Media Center Programs
[2012.01.15 20:10:15 | 000,000,000 | --SD | M] -- C:\Users\Verena\AppData\Roaming\Microsoft
[2011.09.02 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Mozilla
[2011.12.24 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ScanSoft
[2012.03.30 15:18:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Skype
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Synaptics
[2011.12.04 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\vlc
[2011.10.08 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Windows Live Writer
[2011.12.24 00:14:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zeon
[2011.09.03 22:37:00 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2011.11.29 22:12:15 | 000,010,134 | R--- | M] () -- C:\Users\Verena\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX1\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<            >

< End of report >

cosinus 30.03.2012 23:11
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
O3 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
[2012.03.27 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.27 14:30:43 | 000,000,456 | ---- | M] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,264 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,176 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04Ar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Vererena 31.03.2012 20:42
Besten Dank dir!

Ich habe wie beim letzten Mal "Scanne alle Benutzer" und bei allen möglichen Feldern "Benutze SafeList" aktiviert. Ich hoffe das ist korrekt.

Aber du siehst ja auch sicherlich anhand der Logs ob ich die Häkchen richtig gesetzt habe!?

Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\eypiplihxRU04A moved successfully.
C:\ProgramData\~eypiplihxRU04A moved successfully.
C:\ProgramData\~eypiplihxRU04Ar moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Verena
->Temp folder emptied: 219675925 bytes
->Temporary Internet Files folder emptied: 396807606 bytes
->Java cache emptied: 1042994 bytes
->FireFox cache emptied: 49863075 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164836053 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 12757 bytes
 
Total Files Cleaned = 794,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Verena
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03312012_212714

Files\Folders moved on Reboot...
C:\Users\Verena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 02.04.2012 10:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Vererena 03.04.2012 09:14
Danke für die Mühen!

Oh, oh, es wurden 2 verdächtige Objekte gefunden.

Code:
10:03:00.0738 6112        TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
10:03:00.0863 6112        ============================================================
10:03:00.0863 6112        Current date / time: 2012/04/03 10:03:00.0863
10:03:00.0863 6112        SystemInfo:
10:03:00.0863 6112       
10:03:00.0863 6112        OS Version: 6.1.7601 ServicePack: 1.0
10:03:00.0863 6112        Product type: Workstation
10:03:00.0863 6112        ComputerName: ANTONHP
10:03:00.0863 6112        UserName: Verena
10:03:00.0863 6112        Windows directory: C:\Windows
10:03:00.0863 6112        System windows directory: C:\Windows
10:03:00.0863 6112        Running under WOW64
10:03:00.0863 6112        Processor architecture: Intel x64
10:03:00.0863 6112        Number of processors: 4
10:03:00.0863 6112        Page size: 0x1000
10:03:00.0863 6112        Boot type: Normal boot
10:03:00.0863 6112        ============================================================
10:03:02.0001 6112        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:03:02.0017 6112        \Device\Harddisk0\DR0:
10:03:02.0017 6112        MBR used
10:03:02.0017 6112        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:03:02.0017 6112        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55672800
10:03:02.0017 6112        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x556D6800, BlocksNum 0x1E3C000
10:03:02.0017 6112        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
10:03:02.0267 6112        Initialize success
10:03:02.0267 6112        ============================================================
10:05:34.0941 1784        ============================================================
10:05:34.0941 1784        Scan started
10:05:34.0941 1784        Mode: Manual; SigCheck; TDLFS;
10:05:34.0941 1784        ============================================================
10:05:35.0331 1784        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:05:35.0472 1784        1394ohci - ok
10:05:35.0581 1784        Accelerometer  (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:05:35.0628 1784        Accelerometer - ok
10:05:35.0737 1784        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:05:35.0768 1784        ACPI - ok
10:05:35.0862 1784        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:05:35.0924 1784        AcpiPmi - ok
10:05:36.0033 1784        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:05:36.0049 1784        AdobeARMservice - ok
10:05:36.0158 1784        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:05:36.0205 1784        adp94xx - ok
10:05:36.0314 1784        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:05:36.0345 1784        adpahci - ok
10:05:36.0439 1784        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:05:36.0470 1784        adpu320 - ok
10:05:36.0548 1784        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:05:36.0642 1784        AeLookupSvc - ok
10:05:36.0720 1784        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:05:36.0798 1784        AESTFilters - ok
10:05:36.0891 1784        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:05:36.0969 1784        AFD - ok
10:05:37.0047 1784        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:05:37.0079 1784        agp440 - ok
10:05:37.0157 1784        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:05:37.0203 1784        ALG - ok
10:05:37.0297 1784        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:05:37.0328 1784        aliide - ok
10:05:37.0406 1784        AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe
10:05:37.0469 1784        AMD External Events Utility - ok
10:05:37.0562 1784        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:05:37.0593 1784        amdide - ok
10:05:37.0703 1784        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:05:37.0749 1784        AmdK8 - ok
10:05:38.0077 1784        amdkmdag        (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys
10:05:38.0451 1784        amdkmdag - ok
10:05:38.0561 1784        amdkmdap        (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys
10:05:38.0607 1784        amdkmdap - ok
10:05:38.0701 1784        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:05:38.0748 1784        AmdPPM - ok
10:05:38.0841 1784        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:05:38.0873 1784        amdsata - ok
10:05:38.0966 1784        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:05:38.0997 1784        amdsbs - ok
10:05:39.0153 1784        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:05:39.0169 1784        amdxata - ok
10:05:39.0309 1784        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:05:39.0372 1784        AppID - ok
10:05:39.0465 1784        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:05:39.0543 1784        AppIDSvc - ok
10:05:39.0637 1784        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:05:39.0715 1784        Appinfo - ok
10:05:39.0824 1784        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:05:39.0855 1784        arc - ok
10:05:39.0949 1784        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:05:39.0980 1784        arcsas - ok
10:05:40.0074 1784        aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
10:05:40.0089 1784        aswFsBlk - ok
10:05:40.0199 1784        aswMonFlt      (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
10:05:40.0230 1784        aswMonFlt - ok
10:05:40.0323 1784        aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
10:05:40.0339 1784        aswRdr - ok
10:05:40.0479 1784        aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
10:05:40.0542 1784        aswSnx - ok
10:05:40.0635 1784        aswSP          (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
10:05:40.0667 1784        aswSP - ok
10:05:40.0760 1784        aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
10:05:40.0776 1784        aswTdi - ok
10:05:40.0869 1784        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:05:40.0947 1784        AsyncMac - ok
10:05:41.0041 1784        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:05:41.0072 1784        atapi - ok
10:05:41.0197 1784        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:05:41.0306 1784        AudioEndpointBuilder - ok
10:05:41.0353 1784        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:05:41.0400 1784        AudioSrv - ok
10:05:41.0447 1784        avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:05:41.0478 1784        avast! Antivirus - ok
10:05:41.0571 1784        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:05:41.0634 1784        AxInstSV - ok
10:05:41.0727 1784        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:05:41.0790 1784        b06bdrv - ok
10:05:41.0883 1784        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:05:41.0930 1784        b57nd60a - ok
10:05:42.0102 1784        BCM43XX        (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:05:42.0164 1784        BCM43XX - ok
10:05:42.0242 1784        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:05:42.0305 1784        BDESVC - ok
10:05:42.0398 1784        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:05:42.0492 1784        Beep - ok
10:05:42.0632 1784        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:05:42.0757 1784        BFE - ok
10:05:42.0851 1784        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:05:43.0007 1784        BITS - ok
10:05:43.0100 1784        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:05:43.0147 1784        blbdrive - ok
10:05:43.0194 1784        Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:05:43.0225 1784        Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
10:05:43.0225 1784        Bonjour Service - detected UnsignedFile.Multi.Generic (1)
10:05:43.0303 1784        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:05:43.0350 1784        bowser - ok
10:05:43.0443 1784        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:05:43.0506 1784        BrFiltLo - ok
10:05:43.0584 1784        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:05:43.0631 1784        BrFiltUp - ok
10:05:43.0724 1784        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:05:43.0818 1784        Browser - ok
10:05:43.0927 1784        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:05:43.0989 1784        Brserid - ok
10:05:44.0083 1784        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:05:44.0177 1784        BrSerWdm - ok
10:05:44.0270 1784        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:05:44.0317 1784        BrUsbMdm - ok
10:05:44.0411 1784        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:05:44.0442 1784        BrUsbSer - ok
10:05:44.0535 1784        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:05:44.0582 1784        BTHMODEM - ok
10:05:44.0676 1784        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:05:44.0754 1784        bthserv - ok
10:05:44.0847 1784        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:05:44.0941 1784        cdfs - ok
10:05:45.0035 1784        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:05:45.0097 1784        cdrom - ok
10:05:45.0191 1784        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:05:45.0269 1784        CertPropSvc - ok
10:05:45.0362 1784        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:05:45.0409 1784        circlass - ok
10:05:45.0503 1784        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:05:45.0534 1784        CLFS - ok
10:05:45.0627 1784        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:05:45.0643 1784        clr_optimization_v2.0.50727_32 - ok
10:05:45.0752 1784        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:05:45.0768 1784        clr_optimization_v2.0.50727_64 - ok
10:05:45.0908 1784        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:05:45.0924 1784        clr_optimization_v4.0.30319_32 - ok
10:05:46.0080 1784        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:05:46.0111 1784        clr_optimization_v4.0.30319_64 - ok
10:05:46.0205 1784        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:05:46.0220 1784        clwvd - ok
10:05:46.0314 1784        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:05:46.0376 1784        CmBatt - ok
10:05:46.0454 1784        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:05:46.0485 1784        cmdide - ok
10:05:46.0579 1784        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:05:46.0657 1784        CNG - ok
10:05:46.0735 1784        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:05:46.0766 1784        Compbatt - ok
10:05:46.0860 1784        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:05:46.0907 1784        CompositeBus - ok
10:05:46.0969 1784        COMSysApp - ok
10:05:47.0063 1784        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:05:47.0094 1784        crcdisk - ok
10:05:47.0187 1784        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:05:47.0281 1784        CryptSvc - ok
10:05:47.0390 1784        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:05:47.0499 1784        DcomLaunch - ok
10:05:47.0593 1784        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:05:47.0702 1784        defragsvc - ok
10:05:47.0811 1784        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:05:47.0921 1784        DfsC - ok
10:05:47.0999 1784        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:05:48.0108 1784        Dhcp - ok
10:05:48.0186 1784        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:05:48.0279 1784        discache - ok
10:05:48.0389 1784        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:05:48.0420 1784        Disk - ok
10:05:48.0498 1784        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:05:48.0560 1784        Dnscache - ok
10:05:48.0638 1784        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:05:48.0732 1784        dot3svc - ok
10:05:48.0810 1784        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:05:48.0888 1784        DPS - ok
10:05:48.0981 1784        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:05:49.0028 1784        drmkaud - ok
10:05:49.0169 1784        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:05:49.0215 1784        DXGKrnl - ok
10:05:49.0293 1784        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:05:49.0387 1784        EapHost - ok
10:05:49.0559 1784        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:05:49.0683 1784        ebdrv - ok
10:05:49.0761 1784        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:05:49.0808 1784        EFS - ok
10:05:49.0917 1784        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:05:49.0995 1784        ehRecvr - ok
10:05:50.0073 1784        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:05:50.0120 1784        ehSched - ok
10:05:50.0214 1784        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:05:50.0261 1784        elxstor - ok
10:05:50.0354 1784        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:05:50.0385 1784        ErrDev - ok
10:05:50.0495 1784        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:05:50.0588 1784        EventSystem - ok
10:05:50.0682 1784        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:05:50.0760 1784        exfat - ok
10:05:50.0853 1784        ezSharedSvc - ok
10:05:50.0900 1784        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:05:50.0994 1784        fastfat - ok
10:05:51.0087 1784        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:05:51.0165 1784        Fax - ok
10:05:51.0243 1784        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:05:51.0290 1784        fdc - ok
10:05:51.0384 1784        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:05:51.0462 1784        fdPHost - ok
10:05:51.0540 1784        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:05:51.0633 1784        FDResPub - ok
10:05:51.0711 1784        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:05:51.0743 1784        FileInfo - ok
10:05:51.0821 1784        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:05:51.0930 1784        Filetrace - ok
10:05:51.0977 1784        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:05:52.0023 1784        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:05:52.0023 1784        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:05:52.0086 1784        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:05:52.0133 1784        flpydisk - ok
10:05:52.0226 1784        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:05:52.0273 1784        FltMgr - ok
10:05:52.0382 1784        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:05:52.0445 1784        FontCache - ok
10:05:52.0538 1784        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:05:52.0569 1784        FontCache3.0.0.0 - ok
10:05:52.0647 1784        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:05:52.0679 1784        FsDepends - ok
10:05:52.0757 1784        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:05:52.0788 1784        Fs_Rec - ok
10:05:52.0881 1784        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:05:52.0913 1784        fvevol - ok
10:05:52.0991 1784        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:05:53.0022 1784        gagp30kx - ok
10:05:53.0162 1784        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:05:53.0240 1784        gpsvc - ok
10:05:53.0334 1784        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:53.0349 1784        gupdate - ok
10:05:53.0396 1784        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:53.0412 1784        gupdatem - ok
10:05:53.0490 1784        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:05:53.0537 1784        hcw85cir - ok
10:05:53.0630 1784        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:05:53.0693 1784        HdAudAddService - ok
10:05:53.0802 1784        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:05:53.0849 1784        HDAudBus - ok
10:05:53.0927 1784        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:05:53.0973 1784        HidBatt - ok
10:05:54.0067 1784        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:05:54.0114 1784        HidBth - ok
10:05:54.0207 1784        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:05:54.0254 1784        HidIr - ok
10:05:54.0332 1784        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:05:54.0426 1784        hidserv - ok
10:05:54.0519 1784        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:05:54.0551 1784        HidUsb - ok
10:05:54.0644 1784        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:05:54.0738 1784        hkmsvc - ok
10:05:54.0816 1784        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:05:54.0878 1784        HomeGroupListener - ok
10:05:54.0972 1784        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:05:55.0019 1784        HomeGroupProvider - ok
10:05:55.0112 1784        HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:05:55.0143 1784        HP Health Check Service - ok
10:05:55.0190 1784        HPClientSvc    (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:05:55.0221 1784        HPClientSvc - ok
10:05:55.0346 1784        hpCMSrv        (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:05:55.0409 1784        hpCMSrv - ok
10:05:55.0502 1784        HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:05:55.0518 1784        HPDrvMntSvc.exe - ok
10:05:55.0611 1784        hpdskflt        (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:05:55.0627 1784        hpdskflt - ok
10:05:55.0721 1784        hpqwmiex        (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:05:55.0767 1784        hpqwmiex - ok
10:05:55.0861 1784        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:05:55.0877 1784        HpSAMD - ok
10:05:55.0970 1784        hpsrv          (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe
10:05:55.0986 1784        hpsrv - ok
10:05:56.0048 1784        HPWMISVC        (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:05:56.0064 1784        HPWMISVC - ok
10:05:56.0157 1784        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:05:56.0267 1784        HTTP - ok
10:05:56.0360 1784        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:05:56.0391 1784        hwpolicy - ok
10:05:56.0485 1784        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:05:56.0516 1784        i8042prt - ok
10:05:56.0610 1784        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
10:05:56.0641 1784        iaStor - ok
10:05:56.0781 1784        IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:05:56.0797 1784        IAStorDataMgrSvc - ok
10:05:56.0906 1784        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:05:56.0937 1784        iaStorV - ok
10:05:57.0062 1784        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:05:57.0109 1784        idsvc - ok
10:05:57.0203 1784        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:05:57.0234 1784        iirsp - ok
10:05:57.0327 1784        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:05:57.0437 1784        IKEEXT - ok
10:05:57.0530 1784        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:05:57.0577 1784        IntcDAud - ok
10:05:57.0655 1784        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:05:57.0671 1784        intelide - ok
10:05:58.0045 1784        intelkmd        (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys
10:05:58.0357 1784        intelkmd - ok
10:05:58.0466 1784        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:05:58.0497 1784        intelppm - ok
10:05:58.0591 1784        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:05:58.0685 1784        IPBusEnum - ok
10:05:58.0778 1784        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:05:58.0841 1784        IpFilterDriver - ok
10:05:58.0950 1784        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:05:59.0059 1784        iphlpsvc - ok
10:05:59.0137 1784        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:05:59.0199 1784        IPMIDRV - ok
10:05:59.0277 1784        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:05:59.0387 1784        IPNAT - ok
10:05:59.0480 1784        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:05:59.0527 1784        IRENUM - ok
10:05:59.0605 1784        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:05:59.0636 1784        isapnp - ok
10:05:59.0714 1784        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:05:59.0761 1784        iScsiPrt - ok
10:05:59.0839 1784        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:05:59.0855 1784        kbdclass - ok
10:05:59.0948 1784        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:05:59.0979 1784        kbdhid - ok
10:06:00.0073 1784        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:00.0120 1784        KeyIso - ok
10:06:00.0213 1784        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:06:00.0229 1784        KSecDD - ok
10:06:00.0338 1784        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:06:00.0369 1784        KSecPkg - ok
10:06:00.0463 1784        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:06:00.0557 1784        ksthunk - ok
10:06:00.0650 1784        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:06:00.0759 1784        KtmRm - ok
10:06:00.0869 1784        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:06:00.0978 1784        LanmanServer - ok
10:06:01.0056 1784        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:06:01.0149 1784        LanmanWorkstation - ok
10:06:01.0243 1784        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:06:01.0337 1784        lltdio - ok
10:06:01.0415 1784        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:06:01.0493 1784        lltdsvc - ok
10:06:01.0571 1784        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:06:01.0680 1784        lmhosts - ok
10:06:01.0758 1784        LMS            (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:06:01.0789 1784        LMS - ok
10:06:01.0883 1784        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:06:01.0914 1784        LSI_FC - ok
10:06:02.0007 1784        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:06:02.0039 1784        LSI_SAS - ok
10:06:02.0132 1784        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:06:02.0148 1784        LSI_SAS2 - ok
10:06:02.0257 1784        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:06:02.0288 1784        LSI_SCSI - ok
10:06:02.0382 1784        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:06:02.0460 1784        luafv - ok
10:06:02.0538 1784        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:06:02.0600 1784        Mcx2Svc - ok
10:06:02.0663 1784        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:06:02.0694 1784        megasas - ok
10:06:02.0819 1784        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:06:02.0850 1784        MegaSR - ok
10:06:02.0943 1784        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:06:02.0975 1784        MEIx64 - ok
10:06:03.0068 1784        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:06:03.0084 1784        Microsoft Office Groove Audit Service - ok
10:06:03.0162 1784        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:06:03.0271 1784        MMCSS - ok
10:06:03.0365 1784        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:06:03.0458 1784        Modem - ok
10:06:03.0552 1784        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:06:03.0599 1784        monitor - ok
10:06:03.0692 1784        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:06:03.0723 1784        mouclass - ok
10:06:03.0817 1784        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:06:03.0864 1784        mouhid - ok
10:06:03.0942 1784        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:06:03.0973 1784        mountmgr - ok
10:06:04.0067 1784        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:06:04.0098 1784        mpio - ok
10:06:04.0191 1784        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:06:04.0269 1784        mpsdrv - ok
10:06:04.0347 1784        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:06:04.0457 1784        MpsSvc - ok
10:06:04.0550 1784        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:06:04.0613 1784        MRxDAV - ok
10:06:04.0706 1784        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:06:04.0753 1784        mrxsmb - ok
10:06:04.0847 1784        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:06:04.0878 1784        mrxsmb10 - ok
10:06:04.0971 1784        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:06:05.0003 1784        mrxsmb20 - ok
10:06:05.0096 1784        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:06:05.0112 1784        msahci - ok
10:06:05.0205 1784        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:06:05.0237 1784        msdsm - ok
10:06:05.0299 1784        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:06:05.0346 1784        MSDTC - ok
10:06:05.0455 1784        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:06:05.0517 1784        Msfs - ok
10:06:05.0595 1784        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:06:05.0673 1784        mshidkmdf - ok
10:06:05.0751 1784        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:06:05.0783 1784        msisadrv - ok
10:06:05.0876 1784        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:06:05.0954 1784        MSiSCSI - ok
10:06:06.0001 1784        msiserver - ok
10:06:06.0095 1784        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:06:06.0204 1784        MSKSSRV - ok
10:06:06.0297 1784        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:06:06.0391 1784        MSPCLOCK - ok
10:06:06.0500 1784        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:06:06.0578 1784        MSPQM - ok
10:06:06.0672 1784        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:06:06.0719 1784        MsRPC - ok
10:06:06.0797 1784        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:06:06.0828 1784        mssmbios - ok
10:06:06.0921 1784        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:06:06.0999 1784        MSTEE - ok
10:06:07.0077 1784        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:06:07.0124 1784        MTConfig - ok
10:06:07.0202 1784        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:06:07.0218 1784        Mup - ok
10:06:07.0311 1784        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:06:07.0421 1784        napagent - ok
10:06:07.0530 1784        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:06:07.0592 1784        NativeWifiP - ok
10:06:07.0717 1784        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:06:07.0764 1784        NDIS - ok
10:06:07.0857 1784        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:06:07.0935 1784        NdisCap - ok
10:06:08.0045 1784        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:06:08.0107 1784        NdisTapi - ok
10:06:08.0201 1784        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:06:08.0294 1784        Ndisuio - ok
10:06:08.0372 1784        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:06:08.0466 1784        NdisWan - ok
10:06:08.0591 1784        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:06:08.0684 1784        NDProxy - ok
10:06:08.0762 1784        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:06:08.0856 1784        NetBIOS - ok
10:06:08.0949 1784        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:06:09.0012 1784        NetBT - ok
10:06:09.0105 1784        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:09.0137 1784        Netlogon - ok
10:06:09.0230 1784        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:06:09.0339 1784        Netman - ok
10:06:09.0417 1784        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:06:09.0495 1784        netprofm - ok
10:06:09.0605 1784        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:06:09.0636 1784        NetTcpPortSharing - ok
10:06:09.0714 1784        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:06:09.0745 1784        nfrd960 - ok
10:06:09.0839 1784        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:06:09.0932 1784        NlaSvc - ok
10:06:10.0026 1784        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:06:10.0057 1784        Npfs - ok
10:06:10.0135 1784        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:06:10.0213 1784        nsi - ok
10:06:10.0291 1784        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:06:10.0385 1784        nsiproxy - ok
10:06:10.0509 1784        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:06:10.0572 1784        Ntfs - ok
10:06:10.0650 1784        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:06:10.0743 1784        Null - ok
10:06:10.0837 1784        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:06:10.0899 1784        NVENETFD - ok
10:06:11.0009 1784        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:06:11.0040 1784        nvraid - ok
10:06:11.0149 1784        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:06:11.0196 1784        nvstor - ok
10:06:11.0274 1784        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:06:11.0305 1784        nv_agp - ok
10:06:11.0399 1784        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:06:11.0430 1784        odserv - ok
10:06:11.0523 1784        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:06:11.0570 1784        ohci1394 - ok
10:06:11.0648 1784        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:06:11.0679 1784        ose - ok
10:06:11.0773 1784        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:06:11.0835 1784        p2pimsvc - ok
10:06:11.0929 1784        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:06:11.0976 1784        p2psvc - ok
10:06:12.0054 1784        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:06:12.0101 1784        Parport - ok
10:06:12.0194 1784        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:06:12.0225 1784        partmgr - ok
10:06:12.0303 1784        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:06:12.0366 1784        PcaSvc - ok
10:06:12.0459 1784        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:06:12.0491 1784        pci - ok
10:06:12.0584 1784        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:06:12.0600 1784        pciide - ok
10:06:12.0693 1784        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:06:12.0740 1784        pcmcia - ok
10:06:12.0803 1784        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:06:12.0834 1784        pcw - ok
10:06:12.0943 1784        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:06:13.0068 1784        PEAUTH - ok
10:06:13.0161 1784        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:06:13.0193 1784        PerfHost - ok
10:06:13.0317 1784        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:06:13.0411 1784        pla - ok
10:06:13.0520 1784        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:06:13.0598 1784        PlugPlay - ok
10:06:13.0661 1784        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:06:13.0723 1784        PNRPAutoReg - ok
10:06:13.0801 1784        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:06:13.0848 1784        PNRPsvc - ok
10:06:13.0941 1784        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:06:14.0035 1784        PolicyAgent - ok
10:06:14.0129 1784        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:06:14.0238 1784        Power - ok
10:06:14.0331 1784        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:06:14.0441 1784        PptpMiniport - ok
10:06:14.0519 1784        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:06:14.0565 1784        Processor - ok
10:06:14.0659 1784        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:06:14.0768 1784        ProfSvc - ok
10:06:14.0846 1784        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:14.0877 1784        ProtectedStorage - ok
10:06:14.0971 1784        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:06:15.0049 1784        Psched - ok
10:06:15.0158 1784        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:06:15.0236 1784        ql2300 - ok
10:06:15.0330 1784        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:06:15.0361 1784        ql40xx - ok
10:06:15.0439 1784        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:06:15.0501 1784        QWAVE - ok
10:06:15.0579 1784        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:06:15.0626 1784        QWAVEdrv - ok
10:06:15.0704 1784        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:06:15.0782 1784        RasAcd - ok
10:06:15.0876 1784        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:06:15.0954 1784        RasAgileVpn - ok
10:06:16.0047 1784        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:06:16.0141 1784        RasAuto - ok
10:06:16.0235 1784        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:06:16.0344 1784        Rasl2tp - ok
10:06:16.0437 1784        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:06:16.0547 1784        RasMan - ok
10:06:16.0640 1784        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:06:16.0749 1784        RasPppoe - ok
10:06:16.0859 1784        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:06:16.0952 1784        RasSstp - ok
10:06:17.0061 1784        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:06:17.0171 1784        rdbss - ok
10:06:17.0249 1784        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:06:17.0296 1784        rdpbus - ok
10:06:17.0389 1784        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:06:17.0467 1784        RDPCDD - ok
10:06:17.0561 1784        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:06:17.0639 1784        RDPENCDD - ok
10:06:17.0748 1784        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:06:17.0810 1784        RDPREFMP - ok
10:06:17.0904 1784        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:06:17.0951 1784        RDPWD - ok
10:06:18.0060 1784        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:06:18.0091 1784        rdyboost - ok
10:06:18.0154 1784        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:06:18.0247 1784        RemoteAccess - ok
10:06:18.0341 1784        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:06:18.0450 1784        RemoteRegistry - ok
10:06:18.0528 1784        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:06:18.0606 1784        RpcEptMapper - ok
10:06:18.0684 1784        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:06:18.0746 1784        RpcLocator - ok
10:06:18.0871 1784        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:06:18.0965 1784        RpcSs - ok
10:06:19.0074 1784        RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
10:06:19.0105 1784        RSPCIESTOR - ok
10:06:19.0199 1784        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:06:19.0292 1784        rspndr - ok
10:06:19.0386 1784        RTL8167        (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:06:19.0417 1784        RTL8167 - ok
10:06:19.0526 1784        RTL8187B        (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
10:06:19.0573 1784        RTL8187B - ok
10:06:19.0651 1784        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:19.0682 1784        SamSs - ok
10:06:19.0760 1784        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:06:19.0792 1784        sbp2port - ok
10:06:19.0870 1784        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:06:19.0963 1784        SCardSvr - ok
10:06:20.0041 1784        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:06:20.0119 1784        scfilter - ok
10:06:20.0228 1784        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:06:20.0369 1784        Schedule - ok
10:06:20.0462 1784        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:06:20.0525 1784        SCPolicySvc - ok
10:06:20.0618 1784        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
10:06:20.0681 1784        sdbus - ok
10:06:20.0759 1784        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:06:20.0821 1784        SDRSVC - ok
10:06:20.0915 1784        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:06:21.0008 1784        secdrv - ok
10:06:21.0086 1784        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:06:21.0180 1784        seclogon - ok
10:06:21.0274 1784        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:06:21.0367 1784        SENS - ok
10:06:21.0461 1784        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:06:21.0508 1784        SensrSvc - ok
10:06:21.0617 1784        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:06:21.0664 1784        Serenum - ok
10:06:21.0757 1784        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:06:21.0804 1784        Serial - ok
10:06:21.0913 1784        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:06:21.0960 1784        sermouse - ok
10:06:22.0038 1784        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:06:22.0132 1784        SessionEnv - ok
10:06:22.0225 1784        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:06:22.0256 1784        sffdisk - ok
10:06:22.0350 1784        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:06:22.0397 1784        sffp_mmc - ok
10:06:22.0475 1784        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:06:22.0522 1784        sffp_sd - ok
10:06:22.0615 1784        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:06:22.0646 1784        sfloppy - ok
10:06:22.0740 1784        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:06:22.0834 1784        SharedAccess - ok
10:06:22.0927 1784        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:06:23.0036 1784        ShellHWDetection - ok
10:06:23.0130 1784        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:06:23.0161 1784        SiSRaid2 - ok
10:06:23.0224 1784        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:06:23.0255 1784        SiSRaid4 - ok
10:06:23.0348 1784        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:06:23.0426 1784        Smb - ok
10:06:23.0520 1784        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:06:23.0567 1784        SNMPTRAP - ok
10:06:23.0660 1784        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:06:23.0676 1784        spldr - ok
10:06:23.0785 1784        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:06:23.0879 1784        Spooler - ok
10:06:24.0035 1784        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:06:24.0206 1784        sppsvc - ok
10:06:24.0269 1784        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:06:24.0362 1784        sppuinotify - ok
10:06:24.0456 1784        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:06:24.0518 1784        srv - ok
10:06:24.0612 1784        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:06:24.0659 1784        srv2 - ok
10:06:24.0768 1784        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:06:24.0815 1784        SrvHsfHDA - ok
10:06:24.0924 1784        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:06:25.0002 1784        SrvHsfV92 - ok
10:06:25.0096 1784        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:06:25.0158 1784        SrvHsfWinac - ok
10:06:25.0252 1784        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:06:25.0283 1784        srvnet - ok
10:06:25.0361 1784        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:06:25.0454 1784        SSDPSRV - ok
10:06:25.0532 1784        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:06:25.0642 1784        SstpSvc - ok
10:06:25.0720 1784        STacSV          (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
10:06:25.0766 1784        STacSV - ok
10:06:25.0844 1784        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:06:25.0876 1784        stexstor - ok
10:06:25.0985 1784        STHDA          (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
10:06:26.0063 1784        STHDA - ok
10:06:26.0156 1784        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:06:26.0234 1784        stisvc - ok
10:06:26.0312 1784        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:06:26.0328 1784        swenum - ok
10:06:26.0406 1784        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:06:26.0531 1784        swprv - ok
10:06:26.0656 1784        SynTP          (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
10:06:26.0702 1784        SynTP - ok
10:06:26.0827 1784        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:06:26.0936 1784        SysMain - ok
10:06:27.0014 1784        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:06:27.0077 1784        TabletInputService - ok
10:06:27.0155 1784        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:06:27.0233 1784        TapiSrv - ok
10:06:27.0311 1784        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:06:27.0373 1784        TBS - ok
10:06:27.0514 1784        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:06:27.0607 1784        Tcpip - ok
10:06:27.0732 1784        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:06:27.0794 1784        TCPIP6 - ok
10:06:27.0872 1784        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:06:27.0950 1784        tcpipreg - ok
10:06:28.0044 1784        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:06:28.0091 1784        TDPIPE - ok
10:06:28.0200 1784        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:06:28.0231 1784        TDTCP - ok
10:06:28.0309 1784        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:06:28.0403 1784        tdx - ok
10:06:28.0496 1784        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:06:28.0512 1784        TermDD - ok
10:06:28.0621 1784        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:06:28.0730 1784        TermService - ok
10:06:28.0808 1784        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:06:28.0855 1784        Themes - ok
10:06:28.0933 1784        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:06:29.0027 1784        THREADORDER - ok
10:06:29.0089 1784        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:06:29.0198 1784        TrkWks - ok
10:06:29.0261 1784        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:06:29.0354 1784        TrustedInstaller - ok
10:06:29.0448 1784        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:06:29.0542 1784        tssecsrv - ok
10:06:29.0635 1784        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:06:29.0682 1784        TsUsbFlt - ok
10:06:29.0760 1784        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:06:29.0791 1784        TsUsbGD - ok
10:06:29.0900 1784        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:06:30.0010 1784        tunnel - ok
10:06:30.0088 1784        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:06:30.0119 1784        uagp35 - ok
10:06:30.0228 1784        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:06:30.0337 1784        udfs - ok
10:06:30.0400 1784        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:06:30.0446 1784        UI0Detect - ok
10:06:30.0524 1784        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:06:30.0556 1784        uliagpkx - ok
10:06:30.0649 1784        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:06:30.0696 1784        umbus - ok
10:06:30.0790 1784        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:06:30.0852 1784        UmPass - ok
10:06:31.0008 1784        UNS            (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:06:31.0070 1784        UNS - ok
10:06:31.0148 1784        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:06:31.0258 1784        upnphost - ok
10:06:31.0351 1784        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:06:31.0382 1784        usbccgp - ok
10:06:31.0476 1784        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:06:31.0523 1784        usbcir - ok
10:06:31.0601 1784        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:06:31.0663 1784        usbehci - ok
10:06:31.0757 1784        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:06:31.0819 1784        usbhub - ok
10:06:31.0897 1784        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:06:31.0944 1784        usbohci - ok
10:06:32.0038 1784        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:06:32.0084 1784        usbprint - ok
10:06:32.0162 1784        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:06:32.0194 1784        usbscan - ok
10:06:32.0272 1784        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:06:32.0303 1784        USBSTOR - ok
10:06:32.0381 1784        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:06:32.0412 1784        usbuhci - ok
10:06:32.0506 1784        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:06:32.0537 1784        usbvideo - ok
10:06:32.0599 1784        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:06:32.0646 1784        UxSms - ok
10:06:32.0740 1784        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:32.0771 1784        VaultSvc - ok
10:06:32.0849 1784        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:06:32.0880 1784        vdrvroot - ok
10:06:32.0958 1784        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:06:33.0052 1784        vds - ok
10:06:33.0145 1784        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:06:33.0176 1784        vga - ok
10:06:33.0270 1784        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:06:33.0332 1784        VgaSave - ok
10:06:33.0426 1784        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:06:33.0457 1784        vhdmp - ok
10:06:33.0551 1784        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:06:33.0582 1784        viaide - ok
10:06:33.0676 1784        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:06:33.0691 1784        volmgr - ok
10:06:33.0785 1784        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:06:33.0832 1784        volmgrx - ok
10:06:33.0925 1784        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:06:33.0956 1784        volsnap - ok
10:06:34.0050 1784        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:06:34.0081 1784        vsmraid - ok
10:06:34.0175 1784        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:06:34.0315 1784        VSS - ok
10:06:34.0393 1784        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:06:34.0440 1784        vwifibus - ok
10:06:34.0549 1784        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:06:34.0612 1784        vwififlt - ok
10:06:34.0705 1784        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:06:34.0752 1784        vwifimp - ok
10:06:34.0830 1784        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:06:34.0924 1784        W32Time - ok
10:06:35.0002 1784        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:06:35.0048 1784        WacomPen - ok
10:06:35.0142 1784        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:06:35.0251 1784        WANARP - ok
10:06:35.0282 1784        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:06:35.0360 1784        Wanarpv6 - ok
10:06:35.0454 1784        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:06:35.0548 1784        wbengine - ok
10:06:35.0626 1784        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:06:35.0672 1784        WbioSrvc - ok
10:06:35.0766 1784        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:06:35.0828 1784        wcncsvc - ok
10:06:35.0906 1784        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:06:35.0953 1784        WcsPlugInService - ok
10:06:36.0031 1784        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:06:36.0062 1784        Wd - ok
10:06:36.0172 1784        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:06:36.0218 1784        Wdf01000 - ok
10:06:36.0296 1784        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:06:36.0359 1784        WdiServiceHost - ok
10:06:36.0374 1784        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:06:36.0406 1784        WdiSystemHost - ok
10:06:36.0484 1784        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:06:36.0562 1784        WebClient - ok
10:06:36.0624 1784        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:06:36.0702 1784        Wecsvc - ok
10:06:36.0780 1784        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:06:36.0858 1784        wercplsupport - ok
10:06:36.0952 1784        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:06:37.0030 1784        WerSvc - ok
10:06:37.0123 1784        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:06:37.0201 1784        WfpLwf - ok
10:06:37.0420 1784        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:06:37.0451 1784        WIMMount - ok
10:06:37.0466 1784        WinDefend - ok
10:06:37.0482 1784        WinHttpAutoProxySvc - ok
10:06:37.0591 1784        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:06:37.0685 1784        Winmgmt - ok
10:06:37.0794 1784        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:06:37.0888 1784        WinRM - ok
10:06:38.0028 1784        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:06:38.0075 1784        WinUsb - ok
10:06:38.0184 1784        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:06:38.0262 1784        Wlansvc - ok
10:06:38.0324 1784        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:06:38.0340 1784        wlcrasvc - ok
10:06:38.0480 1784        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:06:38.0590 1784        wlidsvc - ok
10:06:38.0683 1784        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:06:38.0730 1784        WmiAcpi - ok
10:06:38.0824 1784        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:06:38.0886 1784        wmiApSrv - ok
10:06:38.0933 1784        WMPNetworkSvc - ok
10:06:39.0026 1784        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:06:39.0058 1784        WPCSvc - ok
10:06:39.0136 1784        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:06:39.0182 1784        WPDBusEnum - ok
10:06:39.0276 1784        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:06:39.0338 1784        ws2ifsl - ok
10:06:39.0416 1784        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:06:39.0463 1784        wscsvc - ok
10:06:39.0510 1784        WSearch - ok
10:06:39.0604 1784        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:06:39.0728 1784        wuauserv - ok
10:06:39.0806 1784        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:06:39.0900 1784        WudfPf - ok
10:06:40.0009 1784        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:06:40.0087 1784        WUDFRd - ok
10:06:40.0181 1784        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:06:40.0259 1784        wudfsvc - ok
10:06:40.0337 1784        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:06:40.0399 1784        WwanSvc - ok
10:06:40.0446 1784        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:06:40.0586 1784        \Device\Harddisk0\DR0 - ok
10:06:40.0586 1784        Boot (0x1200)  (9bc5c6090102e8ead8bbbd374367bac1) \Device\Harddisk0\DR0\Partition0
10:06:40.0586 1784        \Device\Harddisk0\DR0\Partition0 - ok
10:06:40.0618 1784        Boot (0x1200)  (c90f8e782a9aa717079c275f1a1a23f4) \Device\Harddisk0\DR0\Partition1
10:06:40.0618 1784        \Device\Harddisk0\DR0\Partition1 - ok
10:06:40.0649 1784        Boot (0x1200)  (4a9b47396c18ede7a2e3cd9bb14b25d6) \Device\Harddisk0\DR0\Partition2
10:06:40.0649 1784        \Device\Harddisk0\DR0\Partition2 - ok
10:06:40.0664 1784        Boot (0x1200)  (93988f2ef0e69b8c8f2289a50245578b) \Device\Harddisk0\DR0\Partition3
10:06:40.0664 1784        \Device\Harddisk0\DR0\Partition3 - ok
10:06:40.0664 1784        ============================================================
10:06:40.0664 1784        Scan finished
10:06:40.0664 1784        ============================================================
10:06:40.0696 1040        Detected object count: 2
10:06:40.0696 1040        Actual detected object count: 2
10:06:59.0088 1040        Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:06:59.0088 1040        Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:06:59.0088 1040        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:06:59.0088 1040        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 03.04.2012 15:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Vererena 04.04.2012 22:21
hat gut geklappt, vielen dank!

Code:
ComboFix 12-04-03.02 - Verena 04.04.2012  22:44:53.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8140.6336 [GMT 2:00]
ausgeführt von:: c:\users\Verena\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))
.
.
2012-04-04 21:05 . 2012-04-04 21:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-03 18:19 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF59A96A-E0DA-4B5D-86D7-ABB8BE0EF27B}\mpengine.dll
2012-03-31 19:27 . 2012-03-31 19:27        --------        d-----w-        C:\_OTL
2012-03-30 16:20 . 2012-03-30 16:20        --------        d-----w-        c:\program files (x86)\ESET
2012-03-30 12:56 . 2012-03-30 12:56        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-30 12:56 . 2012-03-30 12:56        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-28 12:59 . 2012-03-28 12:59        --------        d-----w-        c:\users\Verena\Schreibzeug
2012-03-27 16:58 . 2012-03-27 16:58        --------        d-----w-        c:\users\Verena\AppData\Local\Google
2012-03-27 16:58 . 2012-03-27 16:58        --------        d-----w-        c:\program files (x86)\Google
2012-03-27 16:58 . 2012-03-06 23:04        337240        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-03-27 16:58 . 2012-03-06 23:01        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-03-27 16:58 . 2012-03-06 23:02        53080        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-03-27 16:58 . 2012-03-06 23:01        59224        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-03-27 16:58 . 2012-03-06 23:04        819032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-03-27 16:58 . 2012-03-06 23:15        258520        ----a-w-        c:\windows\system32\aswBoot.exe
2012-03-27 16:58 . 2012-03-06 23:01        69976        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-03-27 16:57 . 2012-03-06 23:15        41184        ----a-w-        c:\windows\avastSS.scr
2012-03-27 16:57 . 2012-03-06 23:15        201352        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-03-27 16:57 . 2012-03-27 16:57        --------        d-----w-        c:\programdata\AVAST Software
2012-03-27 16:57 . 2012-03-27 16:57        --------        d-----w-        c:\program files\AVAST Software
2012-03-27 10:47 . 2012-03-27 10:47        --------        d-----w-        c:\users\Verena\AppData\Roaming\Malwarebytes
2012-03-27 10:47 . 2012-03-27 10:47        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-27 10:47 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 10:47 . 2012-03-27 13:34        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:35 . 2012-03-24 16:35        --------        d-----w-        c:\programdata\HP
2012-03-24 16:33 . 2012-03-24 16:36        --------        d-----w-        c:\users\Verena\AppData\Local\HP
2012-03-14 14:11 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 14:11 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 14:11 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:26 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 13:26 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 13:26 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 13:25 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 13:25 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:25 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:25 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:25 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 13:25 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:25 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 16:58]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 16:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15        135408        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 149.205.5.81 149.205.5.82
FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-04  23:11:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-04 21:11
.
Vor Suchlauf: 15 Verzeichnis(se), 472.112.701.440 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 471.993.106.432 Bytes frei
.
- - End Of File - - 8BFBD902A9C7545DA8B47B5717FA3B6C

cosinus 04.04.2012 23:11
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Vererena 05.04.2012 21:07
Wow,ich hätte nicht erwartet, dass so viele verschiedene Scans erforderlich sind. Ich bin dir für deine Geduld sehr dankbar!

Hier der aswMBR-Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 21:40:39
-----------------------------
21:40:39.746    OS Version: Windows x64 6.1.7601 Service Pack 1
21:40:39.746    Number of processors: 4 586 0x2A07
21:40:39.746    ComputerName: ANTONHP  UserName: Verena
21:40:42.227    Initialize success
21:40:42.305    AVAST engine defs: 12040500
21:40:58.576    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:58.576    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
21:40:58.622    Disk 0 MBR read successfully
21:40:58.622    Disk 0 MBR scan
21:40:58.622    Disk 0 Windows 7 default MBR code
21:40:58.638    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:40:58.654    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      699621 MB offset 409600
21:40:58.685    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        15480 MB offset 1433233408
21:40:58.700    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
21:40:58.747    Disk 0 scanning C:\Windows\system32\drivers
21:41:06.797    Service scanning
21:41:32.178    Modules scanning
21:41:32.194    Disk 0 trace - called modules:
21:41:32.225    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
21:41:32.240    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008184060]
21:41:32.240    3 CLASSPNP.SYS[fffff88001b5543f] -> nt!IofCallDriver -> [0xfffffa8007e82b10]
21:41:32.240    5 hpdskflt.sys[fffff88001afc361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d3d050]
21:41:34.658    AVAST engine scan C:\Windows
21:41:40.072    AVAST engine scan C:\Windows\system32
21:43:28.570    AVAST engine scan C:\Windows\system32\drivers
21:43:40.270    AVAST engine scan C:\Users\Verena
21:54:38.685    AVAST engine scan C:\ProgramData
21:55:59.290    Scan finished successfully
21:57:39.317    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\Logs\MBR.dat"
21:57:39.333    The log file has been saved successfully to "C:\Users\Verena\Desktop\Logs\aswMBR Log.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19