Trojaner-Board - Exploit:JS/Blacole.HP

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Exploit:JS/Blacole.HP (https://www.trojaner-board.de/120692-exploit-js-blacole-hp.html)

Exploit:JS/Blacole.HP

Hallo ihr lieben Helfer in der Not,

nach einem Scan wurde" Exploit:JS/Blacole.HP" gefunden und entfernt.
Da ich mir aber nicht sicher bin ob das auch wirklich so ist ließ ich noch Malewarbytes durchlaufen und hab den Scan per OTL gemacht.

Drum hoffe ich auf Hilfe von euch und bedanke mich schon mal im voraus.
:dankeschoen:

Schön und wo sind die Logs dazu? http://cosgan.de/images/midi/boese/a040.gif

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,
ich hoffe das ich es nun richtig gemacht habe.

OTL:

Code:

OTL logfile created on: 29.07.2012 11:47:07 - Run 2

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\****\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,10% Memory free

15,96 Gb Paging File | 14,46 Gb Available in Paging File | 90,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 399,47 Gb Free Space | 85,77% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( )

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (lxbc_device) -- C:\Windows\SysWOW64\lxbccoms.exe ( )

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )

DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 09 C6 B5 12 17 CD 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.10 13:55:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 22:18:45 | 000,000,000 | ---D | M]

 

[2012.03.19 14:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions

[2012.05.02 20:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5gnh8x9j.default\extensions

[2012.07.10 13:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173B8E0F-E426-49EB-BBD8-55201AD9441D}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B205F2C6-102F-49AE-9C90-C73D4F4F90D3}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.29 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2012.07.29 10:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.29 10:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.29 10:47:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.07.28 16:36:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2012.07.28 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012.07.21 16:05:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.07.21 15:58:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.07.21 15:58:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.07.21 15:58:31 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012.07.19 18:16:21 | 000,962,612 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42d.dll

[2012.07.19 18:16:21 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL

[2012.07.18 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadra

[2012.07.18 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TS3Client

[2012.07.18 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2012.07.18 19:29:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\TeamSpeak 3 Client

[2012.07.18 17:32:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.18 17:32:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.18 17:32:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.18 17:32:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.18 17:32:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.18 17:32:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.18 17:32:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.18 17:32:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.18 17:32:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.18 17:32:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.18 17:32:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.18 17:32:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.18 17:32:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.18 17:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.18 17:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.18 17:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.18 17:29:42 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012.07.18 17:29:41 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012.07.18 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AMD

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ATI

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ATI

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012.07.18 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name

[2012.07.18 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012.07.18 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2012.07.18 17:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012.07.18 17:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012.07.18 17:17:19 | 000,114,704 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys

[2012.07.18 17:16:44 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll

[2012.07.18 17:15:54 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

[2012.07.18 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2012.07.18 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

[2012.07.18 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2012.07.18 17:10:58 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.18 17:10:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.18 17:08:55 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll

[2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012.07.18 17:06:10 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012.07.18 17:06:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012.07.18 17:06:09 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll

[2012.07.18 17:06:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012.07.18 17:06:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012.07.18 17:06:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012.07.18 17:06:09 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll

[2012.07.18 17:06:09 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll

[2012.07.18 17:06:09 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll

[2012.07.18 17:06:09 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2012.07.18 17:06:08 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012.07.18 17:06:07 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012.07.18 17:06:07 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012.07.18 17:06:07 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012.07.18 17:06:07 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012.07.18 17:06:06 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012.07.18 17:06:06 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012.07.18 17:06:06 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012.07.18 17:06:05 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012.07.18 17:06:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012.07.18 17:06:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012.07.18 17:06:05 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2012.07.18 17:06:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012.07.18 17:06:02 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012.07.18 17:06:02 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012.07.18 17:06:02 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012.07.18 17:06:02 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012.07.18 17:06:02 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012.07.18 17:06:01 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012.07.18 17:06:01 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012.07.18 17:06:01 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012.07.18 17:06:01 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012.07.18 17:06:01 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012.07.18 17:05:56 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012.07.18 17:05:55 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012.07.18 17:05:55 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012.07.18 17:05:55 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012.07.18 17:05:55 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012.07.18 17:05:54 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012.07.18 17:05:54 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012.07.18 17:05:54 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012.07.18 17:05:54 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012.07.18 17:05:54 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012.07.18 17:05:54 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012.07.18 17:05:54 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012.07.18 17:05:54 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012.07.18 17:05:53 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2012.07.18 17:05:53 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2012.07.18 17:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012.07.18 17:05:17 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2012.07.18 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012.07.18 17:04:23 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys

[2012.07.18 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012.07.18 17:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2012.07.18 17:01:36 | 000,048,416 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys

[2012.07.18 17:01:30 | 000,029,472 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys

[2012.07.18 17:01:23 | 000,032,544 | R--- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys

[2012.07.18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012.07.18 17:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek

[2012.07.10 13:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.07.10 13:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.29 11:29:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.29 11:29:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.29 11:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.29 11:21:56 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.28 16:41:40 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.28 16:41:40 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.28 16:41:40 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.28 16:41:40 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.28 16:41:40 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.28 16:36:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2012.07.19 15:34:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.19 15:34:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.18 19:29:42 | 000,001,207 | ---- | M] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk

[2012.07.18 17:55:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.18 17:11:30 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2012.07.18 16:59:55 | 000,031,754 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2012.07.07 16:40:48 | 003,989,338 | ---- | M] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.psd

[2012.07.05 21:57:47 | 000,074,708 | ---- | M] () -- C:\Users\****\Desktop\küche.png

[2012.07.05 21:20:10 | 000,053,372 | ---- | M] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.jpg

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.07.18 19:29:42 | 000,001,207 | ---- | C] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk

[2012.07.18 17:16:45 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml

[2012.07.18 17:16:44 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2012.07.18 17:11:48 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.07.18 17:11:48 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012.07.18 16:59:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012.07.07 16:40:47 | 003,989,338 | ---- | C] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.psd

[2012.07.05 21:36:37 | 000,074,708 | ---- | C] () -- C:\Users\****\Desktop\küche.png

[2012.07.05 21:20:05 | 000,053,372 | ---- | C] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.jpg

[2012.05.02 14:45:48 | 000,000,290 | ---- | C] () -- C:\Windows\Lexstat.ini

[2012.05.02 14:44:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll

[2012.05.02 14:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll

[2012.05.02 14:44:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll

[2012.05.02 14:44:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll

[2012.05.02 14:44:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll

[2012.05.02 14:44:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll

[2012.05.02 14:44:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll

[2012.05.02 14:44:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll

[2012.05.02 14:44:25 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe

[2012.05.02 14:44:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll

[2012.05.02 14:44:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll

[2012.05.02 14:44:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll

[2012.05.02 14:44:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe

[2012.05.02 14:44:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe

[2012.05.02 14:44:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll

[2012.05.02 14:44:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll

[2012.05.02 14:44:21 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe

[2012.04.02 17:26:13 | 000,018,742 | ---- | C] () -- C:\Users\****\UStVA2011_IV._*****.elfo

[2012.03.19 14:38:40 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2012.03.19 14:22:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.03.19 12:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 

< End of report >

Extras:

Code:

OTL Extras logfile created on: 29.07.2012 11:47:07 - Run 2

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\****\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,10% Memory free

15,96 Gb Paging File | 14,46 Gb Available in Paging File | 90,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 399,47 Gb Free Space | 85,77% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.jse [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- Reg Error: Value error.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0553DA67-8F2D-4E99-B6C3-FEBBC60436E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4AC613DC-C6FA-435A-A839-CDC9A4B72A95}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4BD6FE31-A7E0-47EC-9CFB-C88176FA78F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{510F404E-515A-42F2-9134-4BE015B9A8C2}" = rport=139 | protocol=6 | dir=out | app=system | 

"{571E06BB-395E-440A-BDD3-F2638A85B423}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{635AF3E1-E3AC-4594-943D-D78C16D38860}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7F4E3C07-EADE-42D6-B7A5-452AD606470C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{92F9F3F2-3D76-4B0F-8D31-C6EB18D8CF9E}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{96F10E80-BAD6-44BE-9598-31957E12ACF4}" = rport=445 | protocol=6 | dir=out | app=system | 

"{976D54A7-355F-477D-A07B-B3F18F3EEC43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A4624D59-AB62-4A27-99C6-0D6FD5559EF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A5CF3C11-6B4E-432C-9FA3-2EB6AC0AACD0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{A61D054B-2F81-4D65-8766-20026477C425}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AD1A3D31-76F2-4601-B67E-5A16E6BD2D9C}" = rport=138 | protocol=17 | dir=out | app=system | 

"{AE3E9693-E74E-409E-B9BD-53EBDDCF9C99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C998798A-8C67-4DFE-BA45-327C4018B47C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CD666DC7-8924-4E3F-B3E8-2BAF045AAA9B}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D188E45D-EDFB-434B-A76E-0C3081D8128C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DA91B20C-5E46-46FD-B8FC-E9F264A9FA40}" = rport=137 | protocol=17 | dir=out | app=system | 

"{EE60F08B-B070-4D62-B0E7-A350F508CC2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F02D87FA-FDED-44AC-9D8F-1DECAB6553F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{FCEBF00E-40B2-4F4B-8BFB-C2715264FA0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{FF514549-54FD-46B5-9F30-3AE5A2B38477}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0068B66C-72F4-400B-9C51-30578CB67805}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1BDDEACC-3CB7-49EA-BFE5-547B6728C324}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{1C0B29E4-7534-4245-AB16-59B502BD9F50}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{1D309F76-473D-478E-8E6A-C0B65F8FE8FC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe | 

"{2FBAA758-3CC8-473F-ADA5-914DE5A5A484}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{36C29450-7CB0-4384-94EF-5A32FBA1B51C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{418D3882-18CF-4B4E-8A24-8FEE99341482}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{57B2A9A6-15DD-4BA0-851B-ACC97AF5D125}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5E2E3862-839B-4796-B612-9711AB722910}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe | 

"{66680C28-BE9E-43D5-9596-55574CEC1E1C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6D786BD1-C774-4C98-AF27-5979D8057E3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{753A816B-0239-455D-9A75-CBCB1F377750}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe | 

"{7566EC3B-A1D6-43AF-944B-237BC1F67DBB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 

"{85856365-FB41-45BF-B977-63B63FDDE763}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{88876301-BDBB-43D8-8E56-256EE10CD030}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8A0844A1-2E73-43E0-9637-0172A8963189}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8DFFF0BD-56F1-44B1-BDA9-D6623BB57972}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{94F5BF9A-ACB4-4FAC-B2F5-8B6986434718}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{968A251C-EBE0-4DAE-BAC6-23C5F2665272}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{AEF6DBCD-C825-49B5-B330-41587358920D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B1F82DE1-DF5B-4AC1-B55B-ABEFEF630294}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe | 

"{B6B9DA9B-1643-491C-A472-7846D893CECE}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe | 

"{B8BF619B-7836-4708-8007-4356BC987AA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BAD67134-5B68-4EB4-A5DE-0CA6DF2C27E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C42BEACC-E2AE-4769-897A-F58D621193C8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 

"{D378834D-985D-4C1F-808D-1D34068CF14E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D95832C8-3BCC-45BD-8349-5AD26517E336}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{E80AEF1C-B7F6-4123-BA33-9DA491AF1AED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{EF2F591D-2866-40B4-BE9F-01898F1151C1}" = protocol=6 | dir=out | app=system | 

"{F1C86BCB-37E9-41B9-A944-AA1EE158BC49}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe | 

"{F7EDE496-FBFD-44C6-8E8E-EBBE2E618162}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"TCP Query User{48E7774F-713E-4C0D-8880-AC7AD9B34981}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"TCP Query User{57802DFD-3BD5-4E2F-9141-9E809CE23382}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

"TCP Query User{7E05B24A-8D8C-4A46-A30F-F0050429150F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"TCP Query User{95443736-B9FB-415D-96A8-7715AD2AB4B8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"TCP Query User{BC7BE830-AF38-4895-842C-6B3C3E370027}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 

"UDP Query User{03BA0E3F-AE55-4D4B-85A7-14C55C94D81B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"UDP Query User{0EB05A25-97CB-40B3-A195-6D80C29A9D57}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"UDP Query User{79DA1376-D3E3-41CA-A711-6C2AE539B063}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"UDP Query User{95424F0A-89BC-45B6-B43B-6059AE8438D4}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 

"UDP Query User{BB7AD8CD-E71A-41F3-8C30-061600B23B10}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{1B7FF76E-10FF-6EC1-1289-E8089B6423CC}" = AMD Fuel

"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

"Speccy" = Speccy

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision

"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy

"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding

"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7

"{8334930A-9405-467B-9498-1EBC1878A09D}" = AMD VISION Engine Control Center

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop

"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"ElsterFormular 13.1.1.8531u" = ElsterFormular

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"FileZilla Client" = FileZilla Client 3.3.5.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Quadra" = Quadra (remove only)

"Sweet Home 3D_is1" = Sweet Home 3D version 3.5

"Winamp" = Winamp

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.06.2012 14:12:19 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,

 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,

 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:

 0x0016b4a9  ID des fehlerhaften Prozesses: 0xc90  Startzeit der fehlerhaften Anwendung:

 0x01cd50a1fc7269d6  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

Berichtskennung:

 cdd471c3-bc95-11e1-9167-0019666430ae

 

Error - 26.06.2012 14:46:13 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,

 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,

 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:

 0x000ccb60  ID des fehlerhaften Prozesses: 0x8f4  Startzeit der fehlerhaften Anwendung:

 0x01cd53cbde7a5790  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

Berichtskennung:

 3377401c-bfbf-11e1-ba63-0019666430ae

 

Error - 27.06.2012 14:00:44 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,

 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,

 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:

 0x000ccb60  ID des fehlerhaften Prozesses: 0x868  Startzeit der fehlerhaften Anwendung:

 0x01cd548ebe803ebf  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

Berichtskennung:

 03563af3-c082-11e1-939f-0019666430ae

 

Error - 18.07.2012 09:58:00 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388

Description = ATI EEU Client event error

 

Error - 18.07.2012 10:01:12 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388

Description = ATI EEU Client event error

 

Error - 18.07.2012 10:02:10 | Computer Name = ****-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 18.07.2012 10:57:05 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388

Description = ATI EEU Client event error

 

Error - 21.07.2012 10:04:52 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11720

Description = 

 

Error - 21.07.2012 10:07:52 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11720

Description = 

 

Error - 28.07.2012 10:22:16 | Computer Name = ****-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

[ System Events ]

Error - 23.07.2012 14:34:49 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 24.07.2012 15:11:11 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 25.07.2012 17:12:18 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 26.07.2012 17:22:41 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 27.07.2012 15:38:36 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 28.07.2012 06:44:53 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 28.07.2012 09:37:34 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 28.07.2012 09:38:10 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7043

Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 

Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

 

Error - 28.07.2012 09:38:42 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7043

Description = Der Dienst AMD FUEL Service konnte nach dem Empfang eines Preshutdown-Steuerelements

 nicht richtig heruntergefahren werden.

 

Error - 29.07.2012 05:21:03 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >

Malewarebytes:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.29.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

**** :: ****-PC [Administrator]
 

29.07.2012 10:50:06

mbam-log-2012-07-29 (10-50-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 297022

Laufzeit: 28 Minute(n), 50 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Micros. Security Essentials:

Code:

Kategorie: Exploit
 

Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus.
 

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
 

Elemente: 

file:C:\Users\****\AppData\Local\Mozilla\Firefox\Profiles\5gnh8x9j.default\Cache\C\7A\02AA9d01

Und der wurde wirklich "nur" im Browserchache gefunden?
Hast du die Avira-Reportdatei noch?

Avira hab ich nicht.
Hab die Überprüfung mit Microsoft Security Essential gemacht und den Verlauf hab ich gepostet ( s.o.)

Hab soeben Avira installiert und damit nochmal eine Komplettprüfung gemacht

Code:

Avira Free Antivirus

Erstellungsdatum der Reportdatei: Montag, 30. Juli 2012  21:28
 

Es wird nach 3995628 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : ***

Computername   : ***-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1167          Bytes  18.07.2012 19:07:00

AVSCAN.EXE     : 12.3.0.33     468472 Bytes  18.07.2012 16:04:24

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  18.07.2012 16:04:38

LUKE.DLL       : 12.3.0.15      68304 Bytes  18.07.2012 16:04:31

AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  18.07.2012 16:04:24

AVREG.DLL      : 12.3.0.33     232232 Bytes  18.07.2012 16:04:23

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 22:37:35

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 16:04:37

VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 16:04:37

VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 16:04:37

VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 16:04:37

VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 16:04:37

VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 16:04:37

VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 16:04:37

VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 16:04:37

VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 16:04:37

VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 19:18:20

VBASE015.VDF   : 7.11.38.19      2048 Bytes  30.07.2012 19:18:20

VBASE016.VDF   : 7.11.38.20      2048 Bytes  30.07.2012 19:18:20

VBASE017.VDF   : 7.11.38.21      2048 Bytes  30.07.2012 19:18:20

VBASE018.VDF   : 7.11.38.22      2048 Bytes  30.07.2012 19:18:20

VBASE019.VDF   : 7.11.38.23      2048 Bytes  30.07.2012 19:18:20

VBASE020.VDF   : 7.11.38.24      2048 Bytes  30.07.2012 19:18:20

VBASE021.VDF   : 7.11.38.25      2048 Bytes  30.07.2012 19:18:21

VBASE022.VDF   : 7.11.38.26      2048 Bytes  30.07.2012 19:18:21

VBASE023.VDF   : 7.11.38.27      2048 Bytes  30.07.2012 19:18:21

VBASE024.VDF   : 7.11.38.28      2048 Bytes  30.07.2012 19:18:21

VBASE025.VDF   : 7.11.38.29      2048 Bytes  30.07.2012 19:18:21

VBASE026.VDF   : 7.11.38.30      2048 Bytes  30.07.2012 19:18:21

VBASE027.VDF   : 7.11.38.31      2048 Bytes  30.07.2012 19:18:21

VBASE028.VDF   : 7.11.38.32      2048 Bytes  30.07.2012 19:18:21

VBASE029.VDF   : 7.11.38.33      2048 Bytes  30.07.2012 19:18:21

VBASE030.VDF   : 7.11.38.34      2048 Bytes  30.07.2012 19:18:21

VBASE031.VDF   : 7.11.38.38     15872 Bytes  30.07.2012 19:18:22

Engineversion  : 8.2.10.120

AEVDF.DLL      : 8.1.2.10      102772 Bytes  30.07.2012 19:18:32

AESCRIPT.DLL   : 8.1.4.36      459131 Bytes  30.07.2012 19:18:32

AESCN.DLL      : 8.1.8.2       131444 Bytes  16.02.2012 16:11:36

AESBX.DLL      : 8.2.5.12      606578 Bytes  18.07.2012 16:04:20

AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32

AEPACK.DLL     : 8.3.0.18      807287 Bytes  30.07.2012 19:18:31

AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  30.07.2012 19:18:30

AEHEUR.DLL     : 8.1.4.80     5075318 Bytes  30.07.2012 19:18:30

AEHELP.DLL     : 8.1.23.2      258422 Bytes  18.07.2012 16:04:17

AEGEN.DLL      : 8.1.5.34      434548 Bytes  30.07.2012 19:18:24

AEEXP.DLL      : 8.1.0.72       86389 Bytes  30.07.2012 19:18:33

AEEMU.DLL      : 8.1.3.2       393587 Bytes  30.07.2012 19:18:23

AECORE.DLL     : 8.1.27.2      201078 Bytes  30.07.2012 19:18:23

AEBB.DLL       : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.07.2012 16:04:25

AVPREF.DLL     : 12.3.0.15      51920 Bytes  18.07.2012 16:04:23

AVREP.DLL      : 12.3.0.15     179208 Bytes  18.07.2012 16:04:23

AVARKT.DLL     : 12.3.0.15     211408 Bytes  18.07.2012 16:04:21

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  18.07.2012 16:04:22

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  18.07.2012 16:04:34

AVSMTP.DLL     : 12.3.0.32      63480 Bytes  18.07.2012 16:04:24

NETNT.DLL      : 12.3.0.15      17104 Bytes  18.07.2012 16:04:31

RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  18.07.2012 16:04:41

RCTEXT.DLL     : 12.3.0.31     100088 Bytes  18.07.2012 16:04:41
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Manuelle Auswahl

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, 

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Intelligente Dateiauswahl

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +PFS,+SPR,
 

Beginn des Suchlaufs: Montag, 30. Juli 2012  21:28
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!

    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

C:\Program Files (x86)\Exact Audio Copy\uninst.exe

  [WARNUNG]   Unerwartetes Dateiende erreicht

Die Registry wurde durchsucht ( '1312' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\'

C:\Program Files (x86)\Exact Audio Copy\uninst.exe

  [WARNUNG]   Unerwartetes Dateiende erreicht

C:\Users\ulli\Downloads\avira_free_antivirus_de.exe

  [WARNUNG]   Die Datei ist kennwortgeschützt
 
 

Ende des Suchlaufs: Montag, 30. Juli 2012  22:02

Benötigte Zeit: 34:28 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  25360 Verzeichnisse wurden überprüft

 249268 Dateien wurden geprüft

      0 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      0 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 249268 Dateien ohne Befall

   2568 Archive wurden durchsucht

      3 Warnungen

      0 Hinweise

Hast du jetzt einfach AntIVir zusätzlich installiert oder war es schon die ganze Zeit parallel zu MSE da? :eek:

Willst du dein System in die Knie zwingen? Zwei solcher Virenscanner installiert man niemals parallel! Deinstalliere einen der beiden!

Max. Malwarebytes kann man zu einem installierten Virenscanner benutzen.
(die anderen Scanner die ich hier in der Bereinigung/Analyse verwende kommen den anderen auch nichts ins Gehege)

Habe es vorhin zusätzlich installiert, MSE deaktiviert gehabt und die Prüfung durchgeführt.
Sicher werde ich eines der beiden deinstallieren, aber welches Virenprogr. gibt mehr Auskunft für mein Problem?!

Welchen Scanner du behälst musst du wissen! Du musst ihn bedienen und einstellen können!
Aber auf jeden Fall deinstallierst du einen der beiden jetzt!
Und bitte keine Programme mehr ohne Absprache installieren während wir hier in der Analyse sind!

So, verbleibe bei Avira und habe MSE deinstalliert.
Warte nun geduldig auf Anweisung.
Danke!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Das was ich an Log Datein habe, habe ich gepostet!

Malewarebytes war für mich vorher kein Begriff bis ich auf Trojaner-Board gestoßen bin.
Hatte bislang nur MSE laufen und sonst keine weiteren Virenscanner o.ä.

Also, das was ich an Datein zu bieten habe sind hier hinterlassen.
Solltet bzw. könnt ihr mir deswegen nicht behilflich sein weil zuwenig an Log datein vorhanden sind, ist´s ok. Teilt es einfach mit, dann muß ich halt die Festplatte formatieren um sicher zu gehen.

Das ist kein zur Panik :pfeiff:
Ich wollte einfach nur wissen, ob du zuvor schon mit Malwarebytes gescannt hast, da musst dich nicht gleich was von "keine Hilfe mehr" hineinfantasieren :D

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4660eef303e7084896ff879865b57196

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-01 09:32:30

# local_time=2012-08-01 11:32:30 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 177227 177227 0 0

# compatibility_mode=5893 16776573 100 94 16406 95482824 0 0

# compatibility_mode=8192 67108863 100 0 207 207 0 0

# scanned=114269

# found=0

# cleaned=0

# scan_time=3777

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4660eef303e7084896ff879865b57196

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-02 02:19:56

# local_time=2012-08-02 04:19:56 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 238844 238844 0 0

# compatibility_mode=5893 16776573 100 94 33086 95544441 0 0

# compatibility_mode=8192 67108863 100 0 61824 61824 0 0

# scanned=114317

# found=0

# cleaned=0

# scan_time=2605

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Code:

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 16:11:11

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : ***

# Running from : C:\Users\***\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\***\AppData\Roaming\OpenCandy
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v13.0.1 (de)
 

Profile name : default 

File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5gnh8x9j.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [756 octets] - [03/08/2012 16:11:11]
 

########## EOF - C:\AdwCleaner[R1].txt - [883 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Code:

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 22:51:25

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : **** - ****-PC

# Running from : C:\Users\***\Desktop\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\***\AppData\Roaming\OpenCandy
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v13.0.1 (de)
 

Profile name : default 

File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5gnh8x9j.default\prefs.js
 

[OK] File is clean.
 

*************************

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Zu 1) läuft ohne Probleme soweit. Das einzigste was mir auffällt ist, bzw. hab das Gefühl, das beim aufrufen von Firefox das laden der Startseite zweifach geschieht.
:confused:Weiß jetzt nicht wie ich es beschreiben soll, als würde er nochmals nachladen. Das war vorher definitiv nicht.

ZU 2) im Startmenü ist alles an seinem Platz und kein Ordner ist leer.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hab ich erledigt

Code:

OTL logfile created on: 04.08.2012 19:59:09 - Run 3

OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\****\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 7,07 Gb Available Physical Memory | 88,51% Memory free

15,96 Gb Paging File | 14,34 Gb Available in Paging File | 89,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 397,76 Gb Free Space | 85,40% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( )

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (lxbc_device) -- C:\Windows\SysWOW64\lxbccoms.exe ( )

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )

DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 09 C6 B5 12 17 CD 01  [binary data]

IE - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.10 13:55:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 22:18:45 | 000,000,000 | ---D | M]

 

[2012.03.19 14:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions

[2012.05.02 20:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5gnh8x9j.default\extensions

[2012.07.10 13:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2216851621-1439308923-3023364391-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173B8E0F-E426-49EB-BBD8-55201AD9441D}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B205F2C6-102F-49AE-9C90-C73D4F4F90D3}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.04 19:57:10 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2012.08.01 22:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.08.01 22:25:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe

[2012.07.31 13:46:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.07.30 21:23:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira

[2012.07.30 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.07.30 21:15:49 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.07.30 21:15:49 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.07.30 21:15:49 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.07.30 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.07.30 21:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.07.29 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2012.07.29 10:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.29 10:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.29 10:47:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.07.18 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quadra

[2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadra

[2012.07.18 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TS3Client

[2012.07.18 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2012.07.18 19:29:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\TeamSpeak 3 Client

[2012.07.18 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AMD

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ATI

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ATI

[2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012.07.18 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name

[2012.07.18 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012.07.18 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2012.07.18 17:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012.07.18 17:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012.07.18 17:15:54 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

[2012.07.18 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2012.07.18 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

[2012.07.18 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012.07.18 17:06:10 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012.07.18 17:06:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012.07.18 17:06:09 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll

[2012.07.18 17:06:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012.07.18 17:06:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012.07.18 17:06:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012.07.18 17:06:09 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll

[2012.07.18 17:06:09 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll

[2012.07.18 17:06:09 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2012.07.18 17:06:06 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012.07.18 17:06:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012.07.18 17:06:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012.07.18 17:06:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012.07.18 17:06:02 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012.07.18 17:06:02 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012.07.18 17:06:02 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012.07.18 17:06:02 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012.07.18 17:06:02 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012.07.18 17:06:01 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012.07.18 17:06:01 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012.07.18 17:06:01 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012.07.18 17:06:01 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012.07.18 17:06:01 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012.07.18 17:05:56 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012.07.18 17:05:55 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012.07.18 17:05:55 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012.07.18 17:05:55 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012.07.18 17:05:55 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012.07.18 17:05:54 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012.07.18 17:05:54 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012.07.18 17:05:54 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012.07.18 17:05:54 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012.07.18 17:05:54 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012.07.18 17:05:54 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012.07.18 17:05:54 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012.07.18 17:05:54 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012.07.18 17:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012.07.18 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012.07.18 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012.07.18 17:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2012.07.18 17:01:36 | 000,048,416 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys

[2012.07.18 17:01:30 | 000,029,472 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys

[2012.07.18 17:01:23 | 000,032,544 | R--- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys

[2012.07.18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012.07.18 17:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek

[2012.07.10 13:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.07.10 13:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.04 19:57:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2012.08.04 19:50:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.04 16:03:37 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.04 16:03:36 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.04 15:56:02 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.03 16:10:17 | 000,614,903 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe

[2012.08.03 13:41:00 | 000,000,469 | ---- | M] () -- C:\Users\****\Desktop\Desktop.lnk

[2012.08.01 22:25:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe

[2012.07.31 13:40:15 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.07.31 13:39:46 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.31 13:39:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.31 13:39:46 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.31 13:39:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.28 16:41:40 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.07.18 17:55:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.18 17:11:30 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2012.07.18 16:59:55 | 000,031,754 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

 
 ========== Files Created - No Company Name ==========

 

[2012.08.03 16:10:12 | 000,614,903 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe

[2012.08.03 13:41:00 | 000,000,469 | ---- | C] () -- C:\Users\****\Desktop\Desktop.lnk

[2012.07.18 17:16:45 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml

[2012.07.18 17:16:44 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2012.07.18 17:11:48 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.07.18 17:11:48 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012.07.18 16:59:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012.05.02 14:45:48 | 000,000,290 | ---- | C] () -- C:\Windows\Lexstat.ini

[2012.05.02 14:44:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll

[2012.05.02 14:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll

[2012.05.02 14:44:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll

[2012.05.02 14:44:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll

[2012.05.02 14:44:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll

[2012.05.02 14:44:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll

[2012.05.02 14:44:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll

[2012.05.02 14:44:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll

[2012.05.02 14:44:25 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe

[2012.05.02 14:44:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll

[2012.05.02 14:44:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll

[2012.05.02 14:44:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll

[2012.05.02 14:44:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe

[2012.05.02 14:44:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe

[2012.05.02 14:44:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll

[2012.05.02 14:44:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll

[2012.05.02 14:44:21 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe

[2012.03.19 14:38:40 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2012.03.19 14:22:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.03.19 12:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

 
 ========== LOP Check ==========

 

[2012.06.10 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCON Installer

[2012.05.21 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC

[2012.04.02 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular

[2012.06.15 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla

[2012.07.18 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ

[2012.07.18 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Quadra

[2012.07.18 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client

[2012.06.19 14:42:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.05.21 16:38:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AccurateRip

[2012.05.08 15:07:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe

[2012.06.10 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCON Installer

[2012.07.18 17:24:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI

[2012.07.30 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira

[2012.05.21 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC

[2012.04.02 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular

[2012.06.15 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla

[2012.07.18 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ

[2012.03.19 12:54:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities

[2012.03.19 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield

[2012.03.19 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia

[2012.07.29 10:47:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs

[2012.07.29 10:20:42 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft

[2012.03.19 14:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla

[2012.07.18 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Quadra

[2012.07.18 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client

[2012.07.23 13:59:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Winamp

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Ist alles recht unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

13:07:01.0782 3496        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:07:01.0989 3496        ============================================================

13:07:01.0989 3496        Current date / time: 2012/08/05 13:07:01.0989

13:07:01.0989 3496        SystemInfo:

13:07:01.0989 3496        

13:07:01.0989 3496        OS Version: 6.1.7601 ServicePack: 1.0

13:07:01.0989 3496        Product type: Workstation

13:07:01.0989 3496        ComputerName: ***-PC

13:07:01.0989 3496        UserName: ***

13:07:01.0989 3496        Windows directory: C:\Windows

13:07:01.0989 3496        System windows directory: C:\Windows

13:07:01.0989 3496        Running under WOW64

13:07:01.0989 3496        Processor architecture: Intel x64

13:07:01.0989 3496        Number of processors: 4

13:07:01.0989 3496        Page size: 0x1000

13:07:01.0989 3496        Boot type: Normal boot

13:07:01.0989 3496        ============================================================

13:07:05.0530 3496        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:07:05.0535 3496        ============================================================

13:07:05.0535 3496        \Device\Harddisk0\DR0:

13:07:05.0535 3496        MBR partitions:

13:07:05.0535 3496        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

13:07:05.0535 3496        ============================================================

13:07:05.0549 3496        C: <-> \Device\Harddisk0\DR0\Partition0

13:07:05.0549 3496        ============================================================

13:07:05.0549 3496        Initialize success

13:07:05.0549 3496        ============================================================

13:07:55.0845 4064        ============================================================

13:07:55.0845 4064        Scan started

13:07:55.0845 4064        Mode: Manual; SigCheck; TDLFS; 

13:07:55.0845 4064        ============================================================

13:07:57.0202 4064        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:07:57.0295 4064        1394ohci - ok

13:07:57.0342 4064        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:07:57.0358 4064        ACPI - ok

13:07:57.0373 4064        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:07:57.0436 4064        AcpiPmi - ok

13:07:57.0514 4064        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:07:57.0529 4064        AdobeARMservice - ok

13:07:57.0576 4064        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:07:57.0592 4064        adp94xx - ok

13:07:57.0623 4064        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:07:57.0639 4064        adpahci - ok

13:07:57.0639 4064        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:07:57.0654 4064        adpu320 - ok

13:07:57.0685 4064        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:07:57.0763 4064        AeLookupSvc - ok

13:07:57.0810 4064        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:07:57.0857 4064        AFD - ok

13:07:57.0904 4064        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:07:57.0904 4064        agp440 - ok

13:07:57.0951 4064        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:07:57.0982 4064        ALG - ok

13:07:58.0013 4064        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:07:58.0029 4064        aliide - ok

13:07:58.0075 4064        AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe

13:07:58.0138 4064        AMD External Events Utility - ok

13:07:58.0216 4064        AMD FUEL Service - ok

13:07:58.0231 4064        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:07:58.0247 4064        amdide - ok

13:07:58.0278 4064        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:07:58.0325 4064        AmdK8 - ok

13:07:58.0746 4064        amdkmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys

13:07:58.0933 4064        amdkmdag - ok

13:07:59.0152 4064        amdkmdap        (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys

13:07:59.0183 4064        amdkmdap - ok

13:07:59.0199 4064        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:07:59.0230 4064        AmdPPM - ok

13:07:59.0261 4064        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:07:59.0277 4064        amdsata - ok

13:07:59.0292 4064        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:07:59.0323 4064        amdsbs - ok

13:07:59.0323 4064        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:07:59.0339 4064        amdxata - ok

13:07:59.0417 4064        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

13:07:59.0417 4064        AntiVirSchedulerService - ok

13:07:59.0433 4064        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

13:07:59.0448 4064        AntiVirService - ok

13:07:59.0479 4064        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:07:59.0573 4064        AppID - ok

13:07:59.0589 4064        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:07:59.0620 4064        AppIDSvc - ok

13:07:59.0667 4064        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:07:59.0682 4064        Appinfo - ok

13:07:59.0729 4064        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:07:59.0729 4064        arc - ok

13:07:59.0745 4064        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:07:59.0745 4064        arcsas - ok

13:07:59.0838 4064        AsIO            (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys

13:07:59.0854 4064        AsIO - ok

13:07:59.0869 4064        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:07:59.0916 4064        AsyncMac - ok

13:07:59.0932 4064        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:07:59.0947 4064        atapi - ok

13:07:59.0994 4064        AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys

13:07:59.0994 4064        AtiHDAudioService - ok

13:08:02.0849 4064        atikmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys

13:08:02.0943 4064        atikmdag - ok

13:08:03.0208 4064        AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

13:08:03.0208 4064        AtiPcie - ok

13:08:03.0301 4064        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:08:03.0364 4064        AudioEndpointBuilder - ok

13:08:03.0364 4064        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:08:03.0395 4064        AudioSrv - ok

13:08:03.0489 4064        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

13:08:03.0504 4064        avgntflt - ok

13:08:03.0551 4064        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

13:08:03.0567 4064        avipbb - ok

13:08:03.0582 4064        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

13:08:03.0582 4064        avkmgr - ok

13:08:03.0613 4064        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:08:03.0676 4064        AxInstSV - ok

13:08:03.0738 4064        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:08:03.0785 4064        b06bdrv - ok

13:08:03.0832 4064        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:08:03.0863 4064        b57nd60a - ok

13:08:03.0910 4064        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:08:03.0941 4064        BDESVC - ok

13:08:03.0957 4064        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:08:04.0003 4064        Beep - ok

13:08:04.0081 4064        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:08:04.0128 4064        BFE - ok

13:08:04.0237 4064        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

13:08:04.0315 4064        BITS - ok

13:08:04.0347 4064        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:08:04.0362 4064        blbdrive - ok

13:08:04.0393 4064        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:08:04.0409 4064        bowser - ok

13:08:04.0440 4064        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:08:04.0471 4064        BrFiltLo - ok

13:08:04.0487 4064        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:08:04.0503 4064        BrFiltUp - ok

13:08:04.0518 4064        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:08:04.0581 4064        Browser - ok

13:08:04.0627 4064        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:08:04.0659 4064        Brserid - ok

13:08:04.0674 4064        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:08:04.0690 4064        BrSerWdm - ok

13:08:04.0721 4064        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:08:04.0737 4064        BrUsbMdm - ok

13:08:04.0768 4064        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:08:04.0783 4064        BrUsbSer - ok

13:08:04.0799 4064        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:08:04.0815 4064        BTHMODEM - ok

13:08:04.0846 4064        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:08:04.0908 4064        bthserv - ok

13:08:04.0955 4064        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:08:05.0002 4064        cdfs - ok

13:08:05.0049 4064        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:08:05.0064 4064        cdrom - ok

13:08:05.0095 4064        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:08:05.0142 4064        CertPropSvc - ok

13:08:05.0173 4064        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:08:05.0189 4064        circlass - ok

13:08:05.0267 4064        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:08:05.0283 4064        CLFS - ok

13:08:05.0345 4064        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:08:05.0361 4064        clr_optimization_v2.0.50727_32 - ok

13:08:05.0407 4064        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:08:05.0407 4064        clr_optimization_v2.0.50727_64 - ok

13:08:05.0485 4064        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:08:05.0517 4064        clr_optimization_v4.0.30319_32 - ok

13:08:05.0532 4064        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:08:05.0548 4064        clr_optimization_v4.0.30319_64 - ok

13:08:05.0563 4064        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:08:05.0579 4064        CmBatt - ok

13:08:05.0610 4064        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:08:05.0610 4064        cmdide - ok

13:08:05.0704 4064        CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

13:08:05.0735 4064        CNG - ok

13:08:05.0751 4064        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:08:05.0766 4064        Compbatt - ok

13:08:05.0782 4064        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:08:05.0813 4064        CompositeBus - ok

13:08:05.0829 4064        COMSysApp - ok

13:08:05.0829 4064        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:08:05.0844 4064        crcdisk - ok

13:08:05.0875 4064        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

13:08:05.0938 4064        CryptSvc - ok

13:08:06.0000 4064        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:08:06.0047 4064        DcomLaunch - ok

13:08:06.0094 4064        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:08:06.0141 4064        defragsvc - ok

13:08:06.0156 4064        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:08:06.0203 4064        DfsC - ok

13:08:06.0265 4064        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:08:06.0312 4064        Dhcp - ok

13:08:06.0359 4064        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:08:06.0390 4064        discache - ok

13:08:06.0421 4064        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:08:06.0437 4064        Disk - ok

13:08:06.0468 4064        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:08:06.0499 4064        Dnscache - ok

13:08:06.0531 4064        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:08:06.0577 4064        dot3svc - ok

13:08:06.0624 4064        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:08:06.0671 4064        DPS - ok

13:08:06.0702 4064        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:08:06.0718 4064        drmkaud - ok

13:08:06.0796 4064        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:08:06.0811 4064        DXGKrnl - ok

13:08:06.0874 4064        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:08:06.0905 4064        EapHost - ok

13:08:07.0233 4064        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:08:07.0311 4064        ebdrv - ok

13:08:07.0404 4064        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:08:07.0435 4064        EFS - ok

13:08:07.0529 4064        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:08:07.0576 4064        ehRecvr - ok

13:08:07.0591 4064        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:08:07.0623 4064        ehSched - ok

13:08:07.0716 4064        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:08:07.0747 4064        elxstor - ok

13:08:07.0779 4064        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:08:07.0794 4064        ErrDev - ok

13:08:07.0841 4064        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:08:07.0888 4064        EventSystem - ok

13:08:07.0903 4064        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:08:07.0935 4064        exfat - ok

13:08:07.0966 4064        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:08:08.0013 4064        fastfat - ok

13:08:08.0075 4064        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:08:08.0091 4064        Fax - ok

13:08:08.0106 4064        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:08:08.0122 4064        fdc - ok

13:08:08.0153 4064        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:08:08.0184 4064        fdPHost - ok

13:08:08.0200 4064        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:08:08.0231 4064        FDResPub - ok

13:08:08.0247 4064        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:08:08.0247 4064        FileInfo - ok

13:08:08.0247 4064        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:08:08.0278 4064        Filetrace - ok

13:08:08.0309 4064        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:08:08.0309 4064        flpydisk - ok

13:08:08.0340 4064        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:08:08.0356 4064        FltMgr - ok

13:08:08.0434 4064        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:08:08.0481 4064        FontCache - ok

13:08:08.0543 4064        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:08:08.0543 4064        FontCache3.0.0.0 - ok

13:08:08.0574 4064        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:08:08.0590 4064        FsDepends - ok

13:08:08.0605 4064        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:08:08.0605 4064        Fs_Rec - ok

13:08:08.0637 4064        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:08:08.0652 4064        fvevol - ok

13:08:08.0683 4064        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:08:08.0699 4064        gagp30kx - ok

13:08:08.0761 4064        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:08:08.0824 4064        gpsvc - ok

13:08:08.0839 4064        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:08:08.0949 4064        hcw85cir - ok

13:08:08.0995 4064        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:08:09.0011 4064        HdAudAddService - ok

13:08:09.0027 4064        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:08:09.0058 4064        HDAudBus - ok

13:08:09.0073 4064        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:08:09.0089 4064        HidBatt - ok

13:08:09.0105 4064        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:08:09.0136 4064        HidBth - ok

13:08:09.0151 4064        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:08:09.0167 4064        HidIr - ok

13:08:09.0198 4064        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:08:09.0229 4064        hidserv - ok

13:08:09.0307 4064        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:08:09.0323 4064        HidUsb - ok

13:08:09.0417 4064        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:08:09.0463 4064        hkmsvc - ok

13:08:09.0510 4064        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:08:09.0526 4064        HomeGroupListener - ok

13:08:09.0541 4064        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:08:09.0557 4064        HomeGroupProvider - ok

13:08:09.0604 4064        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:08:09.0619 4064        HpSAMD - ok

13:08:09.0666 4064        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:08:09.0713 4064        HTTP - ok

13:08:09.0729 4064        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:08:09.0744 4064        hwpolicy - ok

13:08:09.0760 4064        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:08:09.0775 4064        i8042prt - ok

13:08:09.0822 4064        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:08:09.0838 4064        iaStorV - ok

13:08:09.0931 4064        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

13:08:09.0963 4064        IDriverT ( UnsignedFile.Multi.Generic ) - warning

13:08:09.0963 4064        IDriverT - detected UnsignedFile.Multi.Generic (1)

13:08:10.0056 4064        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:08:10.0072 4064        idsvc - ok

13:08:10.0165 4064        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:08:10.0165 4064        iirsp - ok

13:08:10.0243 4064        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:08:10.0290 4064        IKEEXT - ok

13:08:10.0431 4064        IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

13:08:10.0462 4064        IntcAzAudAddService - ok

13:08:10.0555 4064        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:08:10.0571 4064        intelide - ok

13:08:10.0587 4064        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:08:10.0602 4064        intelppm - ok

13:08:10.0633 4064        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:08:10.0649 4064        IPBusEnum - ok

13:08:10.0680 4064        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:08:10.0727 4064        IpFilterDriver - ok

13:08:10.0758 4064        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:08:10.0805 4064        iphlpsvc - ok

13:08:10.0836 4064        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:08:10.0852 4064        IPMIDRV - ok

13:08:10.0883 4064        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:08:10.0914 4064        IPNAT - ok

13:08:10.0945 4064        irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys

13:08:10.0977 4064        irda - ok

13:08:10.0992 4064        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:08:11.0023 4064        IRENUM - ok

13:08:11.0055 4064        Irmon           (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll

13:08:11.0086 4064        Irmon - ok

13:08:11.0117 4064        irsir           (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys

13:08:11.0133 4064        irsir - ok

13:08:11.0164 4064        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:08:11.0179 4064        isapnp - ok

13:08:11.0211 4064        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:08:11.0211 4064        iScsiPrt - ok

13:08:11.0242 4064        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:08:11.0257 4064        kbdclass - ok

13:08:11.0289 4064        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:08:11.0304 4064        kbdhid - ok

13:08:11.0335 4064        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:11.0335 4064        KeyIso - ok

13:08:11.0382 4064        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

13:08:11.0382 4064        KSecDD - ok

13:08:11.0398 4064        KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

13:08:11.0413 4064        KSecPkg - ok

13:08:11.0445 4064        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:08:11.0476 4064        ksthunk - ok

13:08:11.0507 4064        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:08:11.0554 4064        KtmRm - ok

13:08:11.0585 4064        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

13:08:11.0616 4064        LanmanServer - ok

13:08:11.0647 4064        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:08:11.0694 4064        LanmanWorkstation - ok

13:08:11.0725 4064        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:08:11.0757 4064        lltdio - ok

13:08:11.0819 4064        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:08:11.0866 4064        lltdsvc - ok

13:08:11.0881 4064        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:08:11.0913 4064        lmhosts - ok

13:08:11.0944 4064        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:08:11.0959 4064        LSI_FC - ok

13:08:11.0975 4064        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:08:11.0991 4064        LSI_SAS - ok

13:08:12.0006 4064        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:08:12.0022 4064        LSI_SAS2 - ok

13:08:12.0037 4064        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:08:12.0037 4064        LSI_SCSI - ok

13:08:12.0069 4064        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:08:12.0115 4064        luafv - ok

13:08:12.0162 4064        lxbc_device - ok

13:08:12.0178 4064        MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

13:08:12.0193 4064        MBAMProtector - ok

13:08:12.0303 4064        MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:08:12.0318 4064        MBAMService - ok

13:08:12.0334 4064        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:08:12.0349 4064        Mcx2Svc - ok

13:08:12.0365 4064        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:08:12.0381 4064        megasas - ok

13:08:12.0396 4064        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:08:12.0412 4064        MegaSR - ok

13:08:12.0474 4064        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:08:12.0505 4064        MMCSS - ok

13:08:12.0537 4064        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:08:12.0583 4064        Modem - ok

13:08:12.0615 4064        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:08:12.0630 4064        monitor - ok

13:08:12.0677 4064        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:08:12.0677 4064        mouclass - ok

13:08:12.0708 4064        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:08:12.0724 4064        mouhid - ok

13:08:12.0771 4064        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:08:12.0771 4064        mountmgr - ok

13:08:12.0833 4064        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:08:12.0864 4064        MozillaMaintenance - ok

13:08:12.0895 4064        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:08:12.0895 4064        mpio - ok

13:08:12.0942 4064        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:08:12.0958 4064        mpsdrv - ok

13:08:13.0020 4064        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:08:13.0083 4064        MpsSvc - ok

13:08:13.0114 4064        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:08:13.0129 4064        MRxDAV - ok

13:08:13.0161 4064        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:08:13.0192 4064        mrxsmb - ok

13:08:13.0223 4064        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:08:13.0239 4064        mrxsmb10 - ok

13:08:13.0270 4064        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:08:13.0285 4064        mrxsmb20 - ok

13:08:13.0301 4064        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:08:13.0317 4064        msahci - ok

13:08:13.0348 4064        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:08:13.0348 4064        msdsm - ok

13:08:13.0379 4064        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:08:13.0395 4064        MSDTC - ok

13:08:13.0410 4064        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:08:13.0441 4064        Msfs - ok

13:08:13.0457 4064        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:08:13.0504 4064        mshidkmdf - ok

13:08:13.0519 4064        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:08:13.0535 4064        msisadrv - ok

13:08:13.0566 4064        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:08:13.0597 4064        MSiSCSI - ok

13:08:13.0597 4064        msiserver - ok

13:08:13.0629 4064        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:08:13.0675 4064        MSKSSRV - ok

13:08:13.0691 4064        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:08:13.0753 4064        MSPCLOCK - ok

13:08:13.0816 4064        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:08:13.0863 4064        MSPQM - ok

13:08:13.0909 4064        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:08:13.0925 4064        MsRPC - ok

13:08:13.0956 4064        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:08:13.0956 4064        mssmbios - ok

13:08:14.0003 4064        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:08:14.0065 4064        MSTEE - ok

13:08:14.0081 4064        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:08:14.0081 4064        MTConfig - ok

13:08:14.0112 4064        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

13:08:14.0128 4064        MTsensor - ok

13:08:14.0143 4064        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:08:14.0159 4064        Mup - ok

13:08:14.0268 4064        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:08:14.0299 4064        napagent - ok

13:08:14.0362 4064        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:08:14.0409 4064        NativeWifiP - ok

13:08:14.0580 4064        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:08:14.0596 4064        NDIS - ok

13:08:14.0627 4064        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:08:14.0674 4064        NdisCap - ok

13:08:14.0689 4064        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:08:14.0721 4064        NdisTapi - ok

13:08:14.0736 4064        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:08:14.0767 4064        Ndisuio - ok

13:08:14.0783 4064        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:08:14.0830 4064        NdisWan - ok

13:08:14.0877 4064        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:08:14.0908 4064        NDProxy - ok

13:08:14.0939 4064        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:08:14.0970 4064        NetBIOS - ok

13:08:15.0001 4064        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:08:15.0033 4064        NetBT - ok

13:08:15.0048 4064        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:15.0064 4064        Netlogon - ok

13:08:15.0111 4064        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:08:15.0142 4064        Netman - ok

13:08:15.0189 4064        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:08:15.0220 4064        netprofm - ok

13:08:15.0298 4064        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:08:15.0313 4064        NetTcpPortSharing - ok

13:08:15.0345 4064        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:08:15.0345 4064        nfrd960 - ok

13:08:15.0391 4064        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:08:15.0423 4064        NlaSvc - ok

13:08:15.0454 4064        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:08:15.0501 4064        Npfs - ok

13:08:15.0516 4064        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:08:15.0563 4064        nsi - ok

13:08:15.0610 4064        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:08:15.0641 4064        nsiproxy - ok

13:08:15.0891 4064        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:08:15.0953 4064        Ntfs - ok

13:08:16.0093 4064        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:08:16.0140 4064        Null - ok

13:08:16.0281 4064        NVENETFD        (99ed33f7fe39026a477893d92aea5ef0) C:\Windows\system32\DRIVERS\nvmfdx64.sys

13:08:16.0312 4064        NVENETFD - ok

13:08:16.0499 4064        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:08:16.0530 4064        nvraid - ok

13:08:16.0561 4064        nvsmu           (76b304c8156779d4d39530118acf1d1a) C:\Windows\system32\DRIVERS\nvsmu.sys

13:08:16.0577 4064        nvsmu - ok

13:08:16.0655 4064        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:08:16.0671 4064        nvstor - ok

13:08:16.0733 4064        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:08:16.0749 4064        nv_agp - ok

13:08:16.0764 4064        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:08:16.0780 4064        ohci1394 - ok

13:08:16.0842 4064        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:08:16.0889 4064        p2pimsvc - ok

13:08:17.0045 4064        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:08:17.0061 4064        p2psvc - ok

13:08:17.0092 4064        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:08:17.0107 4064        Parport - ok

13:08:17.0217 4064        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:08:17.0232 4064        partmgr - ok

13:08:17.0263 4064        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:08:17.0279 4064        PcaSvc - ok

13:08:17.0310 4064        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:08:17.0326 4064        pci - ok

13:08:17.0326 4064        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:08:17.0341 4064        pciide - ok

13:08:17.0373 4064        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:08:17.0373 4064        pcmcia - ok

13:08:17.0388 4064        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:08:17.0404 4064        pcw - ok

13:08:17.0497 4064        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:08:17.0544 4064        PEAUTH - ok

13:08:17.0794 4064        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:08:17.0809 4064        PerfHost - ok

13:08:17.0934 4064        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:08:18.0012 4064        pla - ok

13:08:18.0075 4064        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:08:18.0106 4064        PlugPlay - ok

13:08:18.0121 4064        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:08:18.0153 4064        PNRPAutoReg - ok

13:08:18.0184 4064        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:08:18.0199 4064        PNRPsvc - ok

13:08:18.0246 4064        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:08:18.0277 4064        PolicyAgent - ok

13:08:18.0309 4064        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:08:18.0355 4064        Power - ok

13:08:18.0402 4064        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:08:18.0449 4064        PptpMiniport - ok

13:08:18.0465 4064        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:08:18.0465 4064        Processor - ok

13:08:18.0511 4064        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

13:08:18.0543 4064        ProfSvc - ok

13:08:18.0558 4064        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:18.0574 4064        ProtectedStorage - ok

13:08:18.0605 4064        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:08:18.0636 4064        Psched - ok

13:08:18.0714 4064        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:08:18.0745 4064        ql2300 - ok

13:08:18.0855 4064        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:08:18.0870 4064        ql40xx - ok

13:08:18.0901 4064        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:08:18.0917 4064        QWAVE - ok

13:08:18.0933 4064        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:08:18.0948 4064        QWAVEdrv - ok

13:08:18.0964 4064        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:08:18.0995 4064        RasAcd - ok

13:08:19.0026 4064        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:08:19.0057 4064        RasAgileVpn - ok

13:08:19.0073 4064        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:08:19.0120 4064        RasAuto - ok

13:08:19.0151 4064        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:08:19.0198 4064        Rasl2tp - ok

13:08:19.0213 4064        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:08:19.0245 4064        RasMan - ok

13:08:19.0276 4064        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:08:19.0307 4064        RasPppoe - ok

13:08:19.0323 4064        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:08:19.0369 4064        RasSstp - ok

13:08:19.0401 4064        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:08:19.0447 4064        rdbss - ok

13:08:19.0463 4064        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:08:19.0479 4064        rdpbus - ok

13:08:19.0494 4064        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:08:19.0572 4064        RDPCDD - ok

13:08:19.0619 4064        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:08:19.0666 4064        RDPENCDD - ok

13:08:19.0681 4064        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:08:19.0713 4064        RDPREFMP - ok

13:08:19.0744 4064        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

13:08:19.0806 4064        RDPWD - ok

13:08:19.0837 4064        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:08:19.0853 4064        rdyboost - ok

13:08:19.0869 4064        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:08:19.0915 4064        RemoteAccess - ok

13:08:19.0947 4064        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:08:19.0993 4064        RemoteRegistry - ok

13:08:20.0009 4064        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:08:20.0040 4064        RpcEptMapper - ok

13:08:20.0056 4064        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:08:20.0071 4064        RpcLocator - ok

13:08:20.0118 4064        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:08:20.0149 4064        RpcSs - ok

13:08:20.0181 4064        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:08:20.0196 4064        rspndr - ok

13:08:20.0243 4064        RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:08:20.0259 4064        RTL8167 - ok

13:08:20.0305 4064        RtNdPt60        (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys

13:08:20.0305 4064        RtNdPt60 - ok

13:08:20.0321 4064        RTTEAMPT        (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

13:08:20.0337 4064        RTTEAMPT - ok

13:08:20.0337 4064        RTVLANPT        (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys

13:08:20.0352 4064        RTVLANPT - ok

13:08:20.0368 4064        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:20.0383 4064        SamSs - ok

13:08:20.0415 4064        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:08:20.0415 4064        sbp2port - ok

13:08:20.0446 4064        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:08:20.0493 4064        SCardSvr - ok

13:08:20.0508 4064        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:08:20.0524 4064        scfilter - ok

13:08:20.0602 4064        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:08:20.0649 4064        Schedule - ok

13:08:20.0664 4064        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:08:20.0695 4064        SCPolicySvc - ok

13:08:20.0711 4064        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:08:20.0727 4064        SDRSVC - ok

13:08:20.0836 4064        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:08:20.0867 4064        secdrv - ok

13:08:20.0883 4064        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:08:20.0914 4064        seclogon - ok

13:08:20.0929 4064        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:08:20.0976 4064        SENS - ok

13:08:20.0992 4064        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:08:21.0023 4064        SensrSvc - ok

13:08:21.0023 4064        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:08:21.0039 4064        Serenum - ok

13:08:21.0070 4064        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:08:21.0085 4064        Serial - ok

13:08:21.0117 4064        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:08:21.0132 4064        sermouse - ok

13:08:21.0163 4064        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:08:21.0195 4064        SessionEnv - ok

13:08:21.0210 4064        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:08:21.0226 4064        sffdisk - ok

13:08:21.0241 4064        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:08:21.0257 4064        sffp_mmc - ok

13:08:21.0273 4064        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:08:21.0288 4064        sffp_sd - ok

13:08:21.0304 4064        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:08:21.0319 4064        sfloppy - ok

13:08:21.0351 4064        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:08:21.0382 4064        SharedAccess - ok

13:08:21.0429 4064        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:08:21.0460 4064        ShellHWDetection - ok

13:08:21.0491 4064        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:08:21.0491 4064        SiSRaid2 - ok

13:08:21.0507 4064        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:08:21.0522 4064        SiSRaid4 - ok

13:08:21.0538 4064        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:08:21.0569 4064        Smb - ok

13:08:21.0600 4064        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:08:21.0616 4064        SNMPTRAP - ok

13:08:21.0631 4064        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:08:21.0647 4064        spldr - ok

13:08:21.0694 4064        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:08:21.0725 4064        Spooler - ok

13:08:22.0068 4064        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:08:22.0162 4064        sppsvc - ok

13:08:22.0287 4064        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:08:22.0318 4064        sppuinotify - ok

13:08:22.0365 4064        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:08:22.0396 4064        srv - ok

13:08:22.0427 4064        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:08:22.0443 4064        srv2 - ok

13:08:22.0536 4064        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:08:22.0567 4064        srvnet - ok

13:08:22.0599 4064        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:08:22.0645 4064        SSDPSRV - ok

13:08:22.0645 4064        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:08:22.0677 4064        SstpSvc - ok

13:08:22.0723 4064        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:08:22.0739 4064        stexstor - ok

13:08:22.0770 4064        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:08:22.0801 4064        stisvc - ok

13:08:22.0833 4064        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:08:22.0833 4064        swenum - ok

13:08:22.0895 4064        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:08:22.0942 4064        swprv - ok

13:08:23.0160 4064        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:08:23.0191 4064        SysMain - ok

13:08:23.0301 4064        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:08:23.0332 4064        TabletInputService - ok

13:08:23.0394 4064        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:08:23.0441 4064        TapiSrv - ok

13:08:23.0488 4064        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:08:23.0550 4064        TBS - ok

13:08:23.0800 4064        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:08:23.0862 4064        Tcpip - ok

13:08:24.0127 4064        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:08:24.0159 4064        TCPIP6 - ok

13:08:24.0252 4064        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:08:24.0283 4064        tcpipreg - ok

13:08:24.0315 4064        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:08:24.0346 4064        TDPIPE - ok

13:08:24.0361 4064        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:08:24.0377 4064        TDTCP - ok

13:08:24.0408 4064        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:08:24.0439 4064        tdx - ok

13:08:24.0471 4064        TEAM            (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

13:08:24.0486 4064        TEAM - ok

13:08:24.0502 4064        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:08:24.0517 4064        TermDD - ok

13:08:24.0611 4064        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:08:24.0658 4064        TermService - ok

13:08:24.0705 4064        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:08:24.0751 4064        Themes - ok

13:08:24.0783 4064        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:08:24.0814 4064        THREADORDER - ok

13:08:24.0829 4064        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:08:24.0861 4064        TrkWks - ok

13:08:24.0907 4064        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:08:24.0939 4064        TrustedInstaller - ok

13:08:24.0970 4064        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:08:25.0001 4064        tssecsrv - ok

13:08:25.0032 4064        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:08:25.0063 4064        TsUsbFlt - ok

13:08:25.0110 4064        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:08:25.0141 4064        tunnel - ok

13:08:25.0157 4064        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:08:25.0173 4064        uagp35 - ok

13:08:25.0204 4064        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:08:25.0235 4064        udfs - ok

13:08:25.0266 4064        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:08:25.0282 4064        UI0Detect - ok

13:08:25.0329 4064        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:08:25.0329 4064        uliagpkx - ok

13:08:25.0360 4064        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

13:08:25.0360 4064        umbus - ok

13:08:25.0375 4064        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:08:25.0391 4064        UmPass - ok

13:08:25.0422 4064        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:08:25.0453 4064        upnphost - ok

13:08:25.0485 4064        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

13:08:25.0516 4064        usbccgp - ok

13:08:25.0563 4064        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:08:25.0578 4064        usbcir - ok

13:08:25.0609 4064        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:08:25.0625 4064        usbehci - ok

13:08:25.0672 4064        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:08:25.0703 4064        usbhub - ok

13:08:25.0719 4064        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

13:08:25.0734 4064        usbohci - ok

13:08:25.0750 4064        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:08:25.0781 4064        usbprint - ok

13:08:25.0812 4064        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:08:25.0843 4064        USBSTOR - ok

13:08:25.0859 4064        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:08:25.0875 4064        usbuhci - ok

13:08:25.0906 4064        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:08:25.0937 4064        UxSms - ok

13:08:25.0968 4064        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:25.0968 4064        VaultSvc - ok

13:08:25.0984 4064        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:08:25.0999 4064        vdrvroot - ok

13:08:26.0046 4064        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:08:26.0077 4064        vds - ok

13:08:26.0109 4064        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:08:26.0124 4064        vga - ok

13:08:26.0124 4064        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:08:26.0171 4064        VgaSave - ok

13:08:26.0202 4064        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:08:26.0218 4064        vhdmp - ok

13:08:26.0233 4064        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:08:26.0233 4064        viaide - ok

13:08:26.0249 4064        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:08:26.0265 4064        volmgr - ok

13:08:26.0296 4064        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:08:26.0311 4064        volmgrx - ok

13:08:26.0358 4064        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:08:26.0358 4064        volsnap - ok

13:08:26.0389 4064        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:08:26.0405 4064        vsmraid - ok

13:08:26.0499 4064        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:08:26.0545 4064        VSS - ok

13:08:26.0639 4064        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

13:08:26.0655 4064        vwifibus - ok

13:08:26.0701 4064        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:08:26.0733 4064        W32Time - ok

13:08:26.0748 4064        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:08:26.0764 4064        WacomPen - ok

13:08:26.0795 4064        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:08:26.0842 4064        WANARP - ok

13:08:26.0842 4064        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:08:26.0873 4064        Wanarpv6 - ok

13:08:26.0951 4064        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:08:26.0998 4064        wbengine - ok

13:08:27.0091 4064        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:08:27.0107 4064        WbioSrvc - ok

13:08:27.0154 4064        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:08:27.0185 4064        wcncsvc - ok

13:08:27.0201 4064        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:08:27.0216 4064        WcsPlugInService - ok

13:08:27.0247 4064        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:08:27.0263 4064        Wd - ok

13:08:27.0310 4064        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:08:27.0325 4064        Wdf01000 - ok

13:08:27.0341 4064        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:08:27.0388 4064        WdiServiceHost - ok

13:08:27.0388 4064        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:08:27.0403 4064        WdiSystemHost - ok

13:08:27.0435 4064        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:08:27.0466 4064        WebClient - ok

13:08:27.0481 4064        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:08:27.0528 4064        Wecsvc - ok

13:08:27.0544 4064        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:08:27.0575 4064        wercplsupport - ok

13:08:27.0606 4064        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:08:27.0653 4064        WerSvc - ok

13:08:27.0700 4064        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:08:27.0731 4064        WfpLwf - ok

13:08:27.0731 4064        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:08:27.0747 4064        WIMMount - ok

13:08:27.0778 4064        WinDefend - ok

13:08:27.0778 4064        WinHttpAutoProxySvc - ok

13:08:27.0840 4064        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:08:27.0887 4064        Winmgmt - ok

13:08:28.0043 4064        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:08:28.0121 4064        WinRM - ok

13:08:28.0339 4064        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:08:28.0371 4064        Wlansvc - ok

13:08:28.0417 4064        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:08:28.0449 4064        WmiAcpi - ok

13:08:28.0542 4064        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:08:28.0558 4064        wmiApSrv - ok

13:08:28.0589 4064        WMPNetworkSvc - ok

13:08:28.0620 4064        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:08:28.0667 4064        WPCSvc - ok

13:08:28.0745 4064        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:08:28.0761 4064        WPDBusEnum - ok

13:08:28.0776 4064        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:08:28.0807 4064        ws2ifsl - ok

13:08:28.0839 4064        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

13:08:28.0870 4064        wscsvc - ok

13:08:28.0870 4064        WSearch - ok

13:08:29.0135 4064        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

13:08:29.0197 4064        wuauserv - ok

13:08:29.0385 4064        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:08:29.0431 4064        WudfPf - ok

13:08:29.0478 4064        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:08:29.0509 4064        WUDFRd - ok

13:08:29.0541 4064        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:08:29.0572 4064        wudfsvc - ok

13:08:29.0603 4064        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:08:29.0634 4064        WwanSvc - ok

13:08:29.0650 4064        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:08:30.0414 4064        \Device\Harddisk0\DR0 - ok

13:08:30.0414 4064        Boot (0x1200)   (66af2f3d2d30b0b20064802f279e702d) \Device\Harddisk0\DR0\Partition0

13:08:30.0414 4064        \Device\Harddisk0\DR0\Partition0 - ok

13:08:30.0430 4064        ============================================================

13:08:30.0430 4064        Scan finished

13:08:30.0430 4064        ============================================================

13:08:30.0430 2892        Detected object count: 1

13:08:30.0430 2892        Actual detected object count: 1

13:09:39.0439 2892        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

13:09:39.0439 2892        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Auch das ist unauffällig, deswegen würde ich jetzt nicht unbedingt tiefer graben wollen
Noch Probleme oder ist alles ok?

Erfreulich zu hören. :taenzer:
Ich danke recht herzlich für die Hilfe.

Eines möchte ich dann nur noch für die Zukunft wissen.
Falls mal wieder ein Plagegeist gefunden wird, lieber in Quarantäne stecken anstatt ihn reparieren bzw. löschen zu lassen?

Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.