Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden (https://www.trojaner-board.de/112412-virus-loescht-verknuepfungen-ordner-leer-vorhanden.html)

sunjojo 27.03.2012 15:42
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden
 
Hallo,
ich hab folgendes Problem: Gestern habe ich mir einen Virus gefangen, der meine Verknüpfungen gelöscht (es kommen Fehlermeldungen, dass meine Festplatte zerstört ist). Meine Ordner und mein Laufwerk ist auch leer. Ich habe hier erstmal ein bisschen gelesen und mit Malwarebytes 4 Scans (2 gestern, 2 heute) gemacht. Ich poste hier gleich die drei Logs nach der Reihe. Die Fehlermeldungen sind weg und meine Dateien habe ich mit Unhide wieder sichtbar gemacht. Trotzdem traue ich dem Computer nicht, auch wenn der letzt Scan keine Viren mehr angezeigt hat. Ich hoffe mal ihr könnt mir noch ein paar Tips gegen und noch mal mein System überprüfen.
Hier die Logs von Malwarebytes:

Gestern 1. Scan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonas Hanke :: JONASH [Administrator]

26.03.2012 17:34:55
mbam-log-2012-03-25 (17-34-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 693635
Laufzeit: 1 Stunde(n), 34 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Gestern zweiter Scan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 8.0.7601.17514
Jonas Hanke :: JONASH [Administrator]

26.03.2012 21:36:55
mbam-log-2012-03-26 (15-36-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 684161
Laufzeit: 1 Stunde(n), 28 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\SystemRestore\FRStaging\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Heute morgen erster Scan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jonas Hanke :: JONASH [Administrator]

27.03.2012 10:55:51
mbam-log-2012-03-26 (18-55-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 726766
Laufzeit: 1 Stunde(n), 28 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$WINDOWS.~Q\DATA\ProgramData\XCMsXSJotCWrp.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Der vierte Scan von vorhin ergab zum Glück keine weiteren Viren. Ich hoffe das reicht erstmal an Informationen. Danke schonmal für die Arbeit, die ihr euch macht.
Jonas

cosinus 28.03.2012 14:03
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


sunjojo 28.03.2012 18:37
Hey, danke schomal für die schnelle Antwort. Ich habe beim ersten mal den Scaner gestartet und bei 9 % kam eine Meldung von Avira AntiVir, dass ich einen weiteren Virus habe (hab diesen sofort gelöscht). Der Name ist TR/Kazy.62856.1. Danach habe ich ESET erstmal abgebrochen, dann aber nach kurzer Zeit neugestartet (damit ESET, falls es eine neuinfizierung gäbe, nochmal alle Dateien überprüft). Im zweiten Versuch lief alles gut und nach 3:40 Stunden scanen kam diese Logdatei herraus:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 01:47:02
# local_time=2012-03-28 03:47:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 78627 69473126 76112 0
# compatibility_mode=5893 16776573 100 94 61484 84571113 0 0
# compatibility_mode=8192 67108863 100 0 187 187 0 0
# scanned=15586
# found=0
# cleaned=0
# scan_time=1159
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 05:30:18
# local_time=2012-03-28 07:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 79942 69474441 77427 0
# compatibility_mode=5893 16776573 100 94 62799 84572428 0 0
# compatibility_mode=8192 67108863 100 0 1502 1502 0 0
# scanned=406375
# found=0
# cleaned=0
# scan_time=13240

cosinus 28.03.2012 20:42
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sunjojo 29.03.2012 14:38
Hier der Inhalt aus der OTL.txt Datei:

Code:
OTL logfile created on: 29.03.2012 15:21:02 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Jonas Hanke\Desktop
64bit-Windows XP  Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,62% Memory free
15,82 Gb Paging File | 13,75 Gb Available in Paging File | 86,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,72 Gb Total Space | 360,28 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
Drive D: | 7,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JONASH | User Name: Jonas Hanke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
PRC - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.01.30 02:11:17 | 000,327,680 | ---- | M] (Zemi Interactive Inc.) -- C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe
PRC - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.01 13:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.07.14 01:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008.08.08 17:30:40 | 000,532,808 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.27 13:57:43 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
MOD - [2012.03.27 13:55:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll
MOD - [2012.03.27 13:55:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2012.03.26 21:54:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.03.26 21:54:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.03.26 21:54:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.03.26 21:54:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.03.26 21:54:23 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.03.26 21:54:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.03.26 21:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.03.26 21:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.03.26 21:54:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.03.26 21:54:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.03 13:50:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.01 17:34:22 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
MOD - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.15 20:33:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.25 17:12:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 17:42:58 | 000,763,904 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.01.19 18:17:32 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2012.01.19 17:58:11 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.02 13:54:37 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2011.06.28 17:47:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 17:47:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 17:43:22 | 002,702,952 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2011.02.18 17:43:20 | 000,068,712 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2011.02.18 17:43:16 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2011.01.27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.14 13:25:04 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits)
DRV:64bit: - [2010.12.06 15:56:26 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 14:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2010.02.11 19:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.28 02:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.01 21:08:23 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {593DD466-8269-45F1-8534-5E1E2405540A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{593DD466-8269-45F1-8534-5E1E2405540A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3401B925-3912-4D57-9048-E78033D8156B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3401B925-3912-4D57-9048-E78033D8156B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
 
 
 
 
 
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonas Hanke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012.03.25 21:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDEC6066-9D9D-4130-AE95-87B8EDC0F449}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.iac2 -  File not found
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.iv31 -  File not found
Drivers32:64bit: vidc.iv32 -  File not found
Drivers32:64bit: vidc.iv41 -  File not found
Drivers32:64bit: vidc.iv50 -  File not found
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 15:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.27 17:33:47 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.27 17:33:47 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.26 18:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.26 18:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.03.26 18:32:29 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe
[2012.03.26 17:40:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
[2012.03.26 15:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.26 15:36:38 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.03.25 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.03.25 22:17:08 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2012.03.25 21:57:24 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2012.03.25 21:37:42 | 000,000,000 | --SD | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Videos
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Saved Games
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Pictures
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Music
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Links
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Favorites
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Downloads
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Documents
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Desktop
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Vorlagen
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Verlauf
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Temporary Internet Files
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Startmenü
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\SendTo
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Recent
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Netzwerkumgebung
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Lokale Einstellungen
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Videos
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Musik
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Eigene Dateien
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Bilder
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Druckumgebung
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Cookies
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Anwendungsdaten
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Anwendungsdaten
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Temp
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Microsoft
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData
[2012.03.25 21:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.03.25 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.03.25 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.03.25 21:33:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.03.25 17:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes
[2012.03.25 17:33:57 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.25 17:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.25 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.25 17:33:32 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.18 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\GeneChro
[2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Documents\Arduino
[2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.17 19:12:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\arduino-1.0
[2012.03.17 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\FTDI
[2012.03.15 21:49:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\Spiel
[2012.03.11 17:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eligium
[2012.03.11 17:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eligium
[2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eligium_0_90_1_en
[2012.03.07 19:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixLin
[2012.03.06 16:36:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.03 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\PAYDAY
[2012.03.03 00:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.02.29 16:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2012.02.29 16:28:58 | 000,000,000 | ---D | C] -- C:\BrickForce
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 15:22:17 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.29 15:22:17 | 000,698,046 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.29 15:22:17 | 000,652,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.29 15:22:17 | 000,148,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.29 15:22:17 | 000,121,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
[2012.03.29 15:15:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.29 15:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.29 15:14:13 | 2074,394,623 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 06:55:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.26 21:47:57 | 000,342,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.26 21:34:33 | 001,593,026 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.26 20:07:17 | 000,001,090 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk
[2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.03.26 18:32:31 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe
[2012.03.26 17:08:57 | 000,022,213 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err
[2012.03.26 15:36:39 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.26 06:51:07 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012.03.25 23:00:57 | 000,626,149 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err
[2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.03.25 22:35:08 | 000,022,960 | -H-- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.03.25 21:35:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.25 20:26:45 | 000,004,562 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.03.25 17:30:32 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.22 23:41:36 | 000,499,284 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png
[2012.03.20 23:59:29 | 000,001,475 | ---- | M] () -- C:\Users\Jonas Hanke\.recently-used.xbel
[2012.03.20 19:06:42 | 003,892,467 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv
[2012.03.20 16:53:50 | 001,022,644 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv
[2012.03.18 22:44:11 | 679,171,242 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.17 19:18:31 | 001,256,512 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip
[2012.03.17 18:05:16 | 001,365,803 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip
[2012.03.17 17:49:17 | 090,223,398 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip
[2012.03.17 14:31:42 | 000,000,786 | ---- | M] () -- C:\Windows\ST5UNST.005
[2012.03.16 20:54:22 | 000,005,324 | ---- | M] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png
[2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 22:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.02.28 17:40:59 | 000,014,554 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Snake_Jonas.jar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.27 18:26:13 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2012.03.26 20:07:17 | 000,001,090 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk
[2012.03.26 15:36:39 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.26 06:51:07 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012.03.25 22:56:35 | 001,593,026 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.25 22:54:51 | 000,001,419 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.03.25 22:54:43 | 000,001,453 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.25 22:44:43 | 2074,394,623 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.25 22:35:08 | 000,022,960 | -H-- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.03.25 21:37:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.25 21:37:23 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.03.25 21:35:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.25 20:26:46 | 000,004,562 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.03.22 23:53:53 | 000,499,284 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png
[2012.03.22 22:59:24 | 003,892,467 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv
[2012.03.22 22:59:24 | 001,022,644 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv
[2012.03.20 23:59:29 | 000,001,475 | ---- | C] () -- C:\Users\Jonas Hanke\.recently-used.xbel
[2012.03.17 19:18:31 | 001,256,512 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip
[2012.03.17 18:05:16 | 001,365,803 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip
[2012.03.17 17:46:24 | 090,223,398 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip
[2012.03.17 14:31:37 | 000,000,786 | ---- | C] () -- C:\Windows\ST5UNST.005
[2012.03.16 20:54:21 | 000,005,324 | ---- | C] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png
[2012.03.07 19:23:29 | 000,001,037 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PixLin.LNK
[2011.12.28 21:31:08 | 000,000,338 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.10.22 14:34:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.09 17:48:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.26 19:03:14 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.26 19:03:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.14 17:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2011.08.14 17:38:50 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2011.08.14 17:38:50 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2011.08.14 17:38:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2011.08.14 17:38:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2011.08.14 17:38:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2011.08.02 20:57:03 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.08.02 20:53:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.07.02 15:24:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.07.01 21:08:23 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2011.06.28 19:34:15 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.25 17:13:03 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.06.25 17:13:01 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.06.25 17:13:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.06.25 17:08:19 | 000,000,101 | ---- | C] () -- C:\Windows\OEM.ini
[2011.06.25 17:08:19 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2011.06.25 16:57:15 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.25 16:57:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.25 16:57:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.25 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\Detlev Hanke\AppData\Roaming\Protector Suite
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla
[2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft
[2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity
[2012.03.25 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\.minecraft
[2011.12.03 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Clonk Rage
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Cornelsen
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Dev-Cpp
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoft
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Notepad++
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\ProtectDisc
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Protector Suite
[2012.03.25 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Ubisoft
[2009.07.14 07:08:49 | 000,006,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Adobe
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Avira
[2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Corel
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla
[2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Identities
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\InstallShield
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Intel Corporation
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Macromedia
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.03.25 22:34:19 | 000,000,000 | --SD | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft
[2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Nero
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NVIDIA
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite
[2012.03.29 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Skype
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft
[2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity
 
< %APPDATA%\*.exe /s >
[2012.03.06 16:36:36 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\System Volume Information\SystemRestore\FRStaging\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.12.16 09:52:04 | 010,992,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk

< End of report >

cosinus 29.03.2012 15:09
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
@Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk
:Files
C:\Program Files (x86)\Mein Gutscheincode Finder
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sunjojo 29.03.2012 15:26
Fix ausgeführt, lief alles ohne Probleme ab. Der Inhalt der Logdatei:
Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XCMsXSJotCWrp.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableClock deleted successfully.
ADS C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Mein Gutscheincode Finder not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Detlev Hanke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 707 bytes
 
User: Jonas Hanke
->Temp folder emptied: 7078751 bytes
->Temporary Internet Files folder emptied: 235389872 bytes
->Java cache emptied: 24760036 bytes
->Flash cache emptied: 1296 bytes
 
User: Jonas Schule
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 3836645 bytes
->Flash cache emptied: 10631 bytes
 
User: Public
 
User: TEMP
 
User: TEMP.JonasH
 
User: TEMP.JonasH.000
 
User: TEMP.JonasH.001
 
User: TEMP.JonasH.002
 
User: TEMP.JonasH.003
 
User: TEMP.JonasH.004
 
User: TEMP.JonasH.005
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43497731 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 593920 bytes
 
Total Files Cleaned = 301,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Detlev Hanke
->Flash cache emptied: 0 bytes
 
User: Jonas Hanke
->Flash cache emptied: 0 bytes
 
User: Jonas Schule
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
 
User: TEMP.JonasH
 
User: TEMP.JonasH.000
 
User: TEMP.JonasH.001
 
User: TEMP.JonasH.002
 
User: TEMP.JonasH.003
 
User: TEMP.JonasH.004
 
User: TEMP.JonasH.005
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161954

Files\Folders moved on Reboot...
C:\Users\Jonas Hanke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 29.03.2012 15:46
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

sunjojo 29.03.2012 16:22
Danke nochmal für die schnelle Antworten. Das Scan von dem TDSSKillder ist ohne probleme abgelaufen. Hier der Log:
Code:
17:15:32.0827 1680        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:15:32.0921 1680        ============================================================
17:15:32.0921 1680        Current date / time: 2012/03/29 17:15:32.0921
17:15:32.0921 1680        SystemInfo:
17:15:32.0921 1680       
17:15:32.0921 1680        OS Version: 6.1.7601 ServicePack: 1.0
17:15:32.0921 1680        Product type: Workstation
17:15:32.0921 1680        ComputerName: JONASH
17:15:32.0921 1680        UserName: Jonas Hanke
17:15:32.0921 1680        Windows directory: C:\Windows
17:15:32.0921 1680        System windows directory: C:\Windows
17:15:32.0921 1680        Running under WOW64
17:15:32.0921 1680        Processor architecture: Intel x64
17:15:32.0921 1680        Number of processors: 4
17:15:32.0921 1680        Page size: 0x1000
17:15:32.0921 1680        Boot type: Normal boot
17:15:32.0921 1680        ============================================================
17:15:33.0498 1680        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:33.0592 1680        \Device\Harddisk0\DR0:
17:15:33.0592 1680        MBR used
17:15:33.0592 1680        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFA0800, BlocksNum 0x32000
17:15:33.0592 1680        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD2800, BlocksNum 0x56573000
17:15:33.0654 1680        Initialize success
17:15:33.0654 1680        ============================================================
17:16:32.0593 5416        ============================================================
17:16:32.0593 5416        Scan started
17:16:32.0593 5416        Mode: Manual; SigCheck; TDLFS;
17:16:32.0593 5416        ============================================================
17:16:33.0638 5416        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:16:33.0716 5416        1394ohci - ok
17:16:34.0106 5416        acedrv07        (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
17:16:34.0138 5416        acedrv07 ( UnsignedFile.Multi.Generic ) - warning
17:16:34.0138 5416        acedrv07 - detected UnsignedFile.Multi.Generic (1)
17:16:34.0481 5416        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:16:34.0512 5416        ACPI - ok
17:16:34.0855 5416        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:16:34.0902 5416        AcpiPmi - ok
17:16:35.0105 5416        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:16:35.0120 5416        AdobeARMservice - ok
17:16:35.0510 5416        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:16:35.0542 5416        adp94xx - ok
17:16:35.0916 5416        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:16:35.0947 5416        adpahci - ok
17:16:36.0337 5416        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:16:36.0368 5416        adpu320 - ok
17:16:36.0665 5416        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:16:36.0712 5416        AeLookupSvc - ok
17:16:37.0148 5416        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:16:37.0195 5416        AFD - ok
17:16:37.0538 5416        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:16:37.0554 5416        agp440 - ok
17:16:37.0975 5416        Ak27x64        (99bcfb8c4009e749fda3a8d23d2e5c93) C:\Windows\system32\DRIVERS\Ak27x64.sys
17:16:38.0022 5416        Ak27x64 - ok
17:16:38.0303 5416        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:38.0350 5416        ALG - ok
17:16:38.0740 5416        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:16:38.0755 5416        aliide - ok
17:16:39.0098 5416        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:16:39.0130 5416        amdide - ok
17:16:39.0473 5416        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:16:39.0520 5416        AmdK8 - ok
17:16:39.0910 5416        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:16:39.0941 5416        AmdPPM - ok
17:16:40.0331 5416        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:16:40.0362 5416        amdsata - ok
17:16:40.0736 5416        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:16:40.0768 5416        amdsbs - ok
17:16:41.0095 5416        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:16:41.0126 5416        amdxata - ok
17:16:41.0345 5416        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:16:41.0376 5416        AntiVirSchedulerService - ok
17:16:41.0392 5416        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:16:41.0407 5416        AntiVirService - ok
17:16:41.0797 5416        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:16:41.0875 5416        AppID - ok
17:16:42.0296 5416        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:42.0359 5416        AppIDSvc - ok
17:16:42.0686 5416        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:16:42.0764 5416        Appinfo - ok
17:16:43.0108 5416        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:16:43.0170 5416        AppMgmt - ok
17:16:43.0560 5416        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:16:43.0576 5416        arc - ok
17:16:43.0934 5416        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:16:43.0950 5416        arcsas - ok
17:16:44.0293 5416        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:16:44.0309 5416        aspnet_state - ok
17:16:44.0699 5416        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:44.0792 5416        AsyncMac - ok
17:16:45.0214 5416        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:16:45.0229 5416        atapi - ok
17:16:45.0557 5416        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0635 5416        AudioEndpointBuilder - ok
17:16:45.0650 5416        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0682 5416        AudioSrv - ok
17:16:46.0040 5416        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:16:46.0072 5416        avgntflt - ok
17:16:46.0399 5416        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:16:46.0430 5416        avipbb - ok
17:16:46.0711 5416        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:16:46.0758 5416        AxInstSV - ok
17:16:47.0195 5416        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:16:47.0226 5416        b06bdrv - ok
17:16:47.0616 5416        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:47.0663 5416        b57nd60a - ok
17:16:47.0944 5416        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:47.0990 5416        BDESVC - ok
17:16:48.0365 5416        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:48.0412 5416        Beep - ok
17:16:48.0755 5416        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:16:48.0833 5416        BFE - ok
17:16:49.0223 5416        BfLwf          (6b6ee63887bab99a745d7e3358bc8b20) C:\Windows\system32\DRIVERS\bflwfx64.sys
17:16:49.0238 5416        BfLwf - ok
17:16:49.0582 5416        BFN7x64        (851bfc266ac6424f44f7dfb05de4d803) C:\Windows\system32\drivers\Xeno7x64.sys
17:16:49.0597 5416        BFN7x64 - ok
17:16:49.0706 5416        Bigfoot Networks Killer Service (c08c3a1a45846891b5a97301d179db40) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
17:16:49.0738 5416        Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - warning
17:16:49.0738 5416        Bigfoot Networks Killer Service - detected UnsignedFile.Multi.Generic (1)
17:16:50.0050 5416        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:16:50.0128 5416        BITS - ok
17:16:50.0502 5416        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:50.0533 5416        blbdrive - ok
17:16:50.0908 5416        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:16:50.0939 5416        bowser - ok
17:16:51.0298 5416        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:16:51.0344 5416        BrFiltLo - ok
17:16:51.0703 5416        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:16:51.0734 5416        BrFiltUp - ok
17:16:52.0015 5416        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:16:52.0109 5416        Browser - ok
17:16:52.0514 5416        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:52.0546 5416        Brserid - ok
17:16:52.0920 5416        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:52.0967 5416        BrSerWdm - ok
17:16:53.0341 5416        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:53.0372 5416        BrUsbMdm - ok
17:16:53.0747 5416        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:53.0778 5416        BrUsbSer - ok
17:16:54.0152 5416        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:16:54.0184 5416        BTHMODEM - ok
17:16:54.0464 5416        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:54.0527 5416        bthserv - ok
17:16:54.0886 5416        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:54.0948 5416        cdfs - ok
17:16:55.0322 5416        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:55.0354 5416        cdrom - ok
17:16:55.0650 5416        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:55.0712 5416        CertPropSvc - ok
17:16:56.0102 5416        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:16:56.0134 5416        circlass - ok
17:16:56.0461 5416        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:56.0492 5416        CLFS - ok
17:16:56.0758 5416        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:56.0789 5416        clr_optimization_v2.0.50727_32 - ok
17:16:56.0898 5416        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:56.0929 5416        clr_optimization_v2.0.50727_64 - ok
17:16:57.0163 5416        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:57.0179 5416        clr_optimization_v4.0.30319_32 - ok
17:16:57.0522 5416        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:57.0538 5416        clr_optimization_v4.0.30319_64 - ok
17:16:57.0896 5416        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:57.0928 5416        CmBatt - ok
17:16:58.0271 5416        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:16:58.0302 5416        cmdide - ok
17:16:58.0645 5416        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:16:58.0692 5416        CNG - ok
17:16:59.0020 5416        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:59.0051 5416        Compbatt - ok
17:16:59.0394 5416        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:16:59.0441 5416        CompositeBus - ok
17:16:59.0690 5416        COMSysApp - ok
17:17:00.0065 5416        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:17:00.0080 5416        crcdisk - ok
17:17:00.0361 5416        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:17:00.0455 5416        CryptSvc - ok
17:17:00.0845 5416        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:17:00.0923 5416        CSC - ok
17:17:01.0219 5416        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:17:01.0282 5416        CscService - ok
17:17:01.0594 5416        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:01.0656 5416        DcomLaunch - ok
17:17:01.0952 5416        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:17:02.0030 5416        defragsvc - ok
17:17:02.0405 5416        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:17:02.0452 5416        DfsC - ok
17:17:02.0748 5416        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:17:02.0842 5416        Dhcp - ok
17:17:03.0185 5416        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:17:03.0232 5416        discache - ok
17:17:03.0622 5416        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:17:03.0637 5416        Disk - ok
17:17:03.0996 5416        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:17:04.0043 5416        dmvsc - ok
17:17:04.0308 5416        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:17:04.0370 5416        Dnscache - ok
17:17:04.0651 5416        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:17:04.0745 5416        dot3svc - ok
17:17:05.0026 5416        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:17:05.0104 5416        DPS - ok
17:17:05.0478 5416        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:17:05.0525 5416        drmkaud - ok
17:17:05.0899 5416        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:05.0930 5416        dtsoftbus01 - ok
17:17:06.0289 5416        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:06.0320 5416        DXGKrnl - ok
17:17:06.0601 5416        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:17:06.0679 5416        EapHost - ok
17:17:07.0132 5416        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:17:07.0288 5416        ebdrv - ok
17:17:07.0568 5416        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:17:07.0615 5416        EFS - ok
17:17:07.0787 5416        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:17:07.0849 5416        ehRecvr - ok
17:17:07.0865 5416        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:17:07.0880 5416        ehSched - ok
17:17:08.0208 5416        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:17:08.0239 5416        elxstor - ok
17:17:08.0614 5416        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:17:08.0645 5416        ErrDev - ok
17:17:08.0941 5416        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:17:09.0004 5416        EventSystem - ok
17:17:09.0409 5416        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:17:09.0472 5416        exfat - ok
17:17:09.0830 5416        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:17:09.0893 5416        fastfat - ok
17:17:10.0205 5416        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:17:10.0252 5416        Fax - ok
17:17:10.0610 5416        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:17:10.0657 5416        fdc - ok
17:17:10.0907 5416        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:17:10.0985 5416        fdPHost - ok
17:17:11.0281 5416        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:17:11.0344 5416        FDResPub - ok
17:17:11.0702 5416        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:17:11.0718 5416        FileInfo - ok
17:17:12.0061 5416        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:17:12.0124 5416        Filetrace - ok
17:17:12.0342 5416        FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:12.0389 5416        FLEXnet Licensing Service - ok
17:17:12.0732 5416        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:17:12.0763 5416        flpydisk - ok
17:17:13.0106 5416        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:17:13.0138 5416        FltMgr - ok
17:17:13.0418 5416        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:17:13.0528 5416        FontCache - ok
17:17:13.0715 5416        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:13.0715 5416        FontCache3.0.0.0 - ok
17:17:13.0980 5416        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:17:13.0996 5416        FsDepends - ok
17:17:14.0354 5416        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:14.0370 5416        Fs_Rec - ok
17:17:14.0744 5416        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:17:14.0776 5416        fvevol - ok
17:17:15.0134 5416        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:17:15.0150 5416        gagp30kx - ok
17:17:15.0446 5416        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:17:15.0493 5416        gpsvc - ok
17:17:15.0665 5416        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0696 5416        gupdate - ok
17:17:15.0696 5416        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0712 5416        gupdatem - ok
17:17:16.0039 5416        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:17:16.0055 5416        hamachi - ok
17:17:16.0258 5416        Hamachi2Svc    (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:17:16.0367 5416        Hamachi2Svc - ok
17:17:16.0726 5416        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:17:16.0757 5416        hcw85cir - ok
17:17:17.0131 5416        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:17.0178 5416        HDAudBus - ok
17:17:17.0537 5416        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:17:17.0568 5416        HidBatt - ok
17:17:17.0927 5416        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:17:17.0958 5416        HidBth - ok
17:17:18.0317 5416        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:17:18.0348 5416        HidIr - ok
17:17:18.0613 5416        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:17:18.0691 5416        hidserv - ok
17:17:19.0066 5416        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:19.0081 5416        HidUsb - ok
17:17:19.0362 5416        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:17:19.0440 5416        hkmsvc - ok
17:17:19.0736 5416        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:17:19.0783 5416        HomeGroupListener - ok
17:17:20.0080 5416        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:17:20.0111 5416        HomeGroupProvider - ok
17:17:20.0485 5416        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:17:20.0501 5416        HpSAMD - ok
17:17:20.0860 5416        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:17:20.0922 5416        HTTP - ok
17:17:21.0296 5416        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:17:21.0312 5416        hwpolicy - ok
17:17:21.0686 5416        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:21.0718 5416        i8042prt - ok
17:17:22.0061 5416        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
17:17:22.0076 5416        iaStor - ok
17:17:22.0279 5416        IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:17:22.0295 5416        IAStorDataMgrSvc - ok
17:17:22.0685 5416        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:17:22.0716 5416        iaStorV - ok
17:17:22.0919 5416        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:17:22.0950 5416        IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:17:22.0950 5416        IDriverT - detected UnsignedFile.Multi.Generic (1)
17:17:23.0200 5416        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:23.0246 5416        idsvc - ok
17:17:23.0761 5416        igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:17:24.0073 5416        igfx - ok
17:17:24.0448 5416        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:17:24.0479 5416        iirsp - ok
17:17:24.0760 5416        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:17:24.0838 5416        IKEEXT - ok
17:17:25.0274 5416        IntcAzAudAddService (72a253efca059d8cf303371255624890) C:\Windows\system32\drivers\RTKVHD64.sys
17:17:25.0337 5416        IntcAzAudAddService - ok
17:17:25.0711 5416        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:17:25.0742 5416        IntcDAud - ok
17:17:26.0101 5416        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:17:26.0132 5416        intelide - ok
17:17:26.0476 5416        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:26.0522 5416        intelppm - ok
17:17:26.0819 5416        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:17:26.0881 5416        IPBusEnum - ok
17:17:27.0256 5416        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:27.0318 5416        IpFilterDriver - ok
17:17:27.0599 5416        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:17:27.0661 5416        iphlpsvc - ok
17:17:28.0020 5416        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:17:28.0051 5416        IPMIDRV - ok
17:17:28.0426 5416        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:17:28.0504 5416        IPNAT - ok
17:17:28.0878 5416        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:17:28.0925 5416        IRENUM - ok
17:17:29.0268 5416        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:17:29.0284 5416        isapnp - ok
17:17:29.0643 5416        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:17:29.0658 5416        iScsiPrt - ok
17:17:30.0017 5416        JMCR            (e5f9a5ac854529efbe37e475149615c1) C:\Windows\system32\DRIVERS\jmcr.sys
17:17:30.0033 5416        JMCR - ok
17:17:30.0376 5416        JME            (23078cb27144d6d8510246b282968695) C:\Windows\system32\DRIVERS\JME.sys
17:17:30.0391 5416        JME - ok
17:17:30.0719 5416        johci          (bb851eda4211d8d013d93f361adb13b5) C:\Windows\system32\drivers\johci.sys
17:17:30.0735 5416        johci - ok
17:17:31.0093 5416        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:31.0109 5416        kbdclass - ok
17:17:31.0452 5416        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:17:31.0483 5416        kbdhid - ok
17:17:31.0795 5416        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:31.0811 5416        KeyIso - ok
17:17:32.0154 5416        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:17:32.0185 5416        KSecDD - ok
17:17:32.0513 5416        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:17:32.0544 5416        KSecPkg - ok
17:17:32.0887 5416        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:17:32.0950 5416        ksthunk - ok
17:17:33.0293 5416        ksupmgr        (3ca4073a107b42828732088957960643) C:\Windows\SysWOW64\ksupmgr.exe
17:17:33.0324 5416        ksupmgr - ok
17:17:33.0621 5416        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:17:33.0699 5416        KtmRm - ok
17:17:34.0011 5416        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:17:34.0089 5416        LanmanServer - ok
17:17:34.0401 5416        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:17:34.0463 5416        LanmanWorkstation - ok
17:17:34.0837 5416        lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
17:17:34.0853 5416        lirsgt - ok
17:17:35.0227 5416        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:35.0274 5416        lltdio - ok
17:17:35.0571 5416        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:17:35.0633 5416        lltdsvc - ok
17:17:35.0898 5416        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:17:35.0976 5416        lmhosts - ok
17:17:36.0179 5416        LMS            (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:17:36.0195 5416        LMS - ok
17:17:36.0553 5416        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:17:36.0569 5416        LSI_FC - ok
17:17:36.0928 5416        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:17:36.0943 5416        LSI_SAS - ok
17:17:37.0302 5416        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:17:37.0318 5416        LSI_SAS2 - ok
17:17:37.0677 5416        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:17:37.0708 5416        LSI_SCSI - ok
17:17:38.0051 5416        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:17:38.0129 5416        luafv - ok
17:17:38.0425 5416        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:17:38.0472 5416        Mcx2Svc - ok
17:17:38.0831 5416        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:17:38.0847 5416        megasas - ok
17:17:39.0205 5416        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:17:39.0237 5416        MegaSR - ok
17:17:39.0611 5416        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:17:39.0627 5416        MEIx64 - ok
17:17:39.0892 5416        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:39.0970 5416        MMCSS - ok
17:17:40.0344 5416        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:17:40.0407 5416        Modem - ok
17:17:40.0750 5416        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:17:40.0797 5416        monitor - ok
17:17:41.0171 5416        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:41.0187 5416        mouclass - ok
17:17:41.0530 5416        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:41.0561 5416        mouhid - ok
17:17:41.0935 5416        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:17:41.0951 5416        mountmgr - ok
17:17:42.0294 5416        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:17:42.0325 5416        mpio - ok
17:17:42.0684 5416        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:17:42.0731 5416        mpsdrv - ok
17:17:43.0027 5416        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:17:43.0105 5416        MpsSvc - ok
17:17:43.0464 5416        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:17:43.0495 5416        MRxDAV - ok
17:17:43.0823 5416        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:43.0870 5416        mrxsmb - ok
17:17:44.0213 5416        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:44.0244 5416        mrxsmb10 - ok
17:17:44.0572 5416        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:44.0587 5416        mrxsmb20 - ok
17:17:44.0899 5416        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:17:44.0931 5416        msahci - ok
17:17:45.0258 5416        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:17:45.0274 5416        msdsm - ok
17:17:45.0555 5416        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:17:45.0586 5416        MSDTC - ok
17:17:45.0945 5416        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:17:45.0991 5416        Msfs - ok
17:17:46.0366 5416        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:17:46.0428 5416        mshidkmdf - ok
17:17:46.0787 5416        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:17:46.0803 5416        msisadrv - ok
17:17:47.0099 5416        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:17:47.0177 5416        MSiSCSI - ok
17:17:47.0442 5416        msiserver - ok
17:17:47.0583 5416        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:47.0645 5416        MSKSSRV - ok
17:17:48.0004 5416        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:48.0066 5416        MSPCLOCK - ok
17:17:48.0441 5416        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:17:48.0519 5416        MSPQM - ok
17:17:48.0862 5416        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:17:48.0893 5416        MsRPC - ok
17:17:49.0205 5416        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:49.0221 5416        mssmbios - ok
17:17:49.0595 5416        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:17:49.0657 5416        MSTEE - ok
17:17:49.0985 5416        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:17:50.0016 5416        MTConfig - ok
17:17:50.0359 5416        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:17:50.0375 5416        Mup - ok
17:17:50.0656 5416        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:17:50.0734 5416        napagent - ok
17:17:51.0124 5416        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:51.0171 5416        NativeWifiP - ok
17:17:51.0373 5416        NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
17:17:51.0405 5416        NAUpdate - ok
17:17:51.0779 5416        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:17:51.0810 5416        NDIS - ok
17:17:52.0169 5416        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:52.0216 5416        NdisCap - ok
17:17:52.0575 5416        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:52.0637 5416        NdisTapi - ok
17:17:52.0996 5416        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:53.0058 5416        Ndisuio - ok
17:17:53.0386 5416        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:53.0448 5416        NdisWan - ok
17:17:53.0791 5416        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:17:53.0838 5416        NDProxy - ok
17:17:54.0181 5416        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:17:54.0213 5416        NetBIOS - ok
17:17:54.0556 5416        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:17:54.0603 5416        NetBT - ok
17:17:54.0883 5416        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:54.0915 5416        Netlogon - ok
17:17:55.0211 5416        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:17:55.0289 5416        Netman - ok
17:17:55.0601 5416        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0617 5416        NetMsmqActivator - ok
17:17:55.0632 5416        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0648 5416        NetPipeActivator - ok
17:17:55.0929 5416        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:17:56.0007 5416        netprofm - ok
17:17:56.0319 5416        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0334 5416        NetTcpActivator - ok
17:17:56.0350 5416        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0365 5416        NetTcpPortSharing - ok
17:17:56.0740 5416        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:17:56.0755 5416        nfrd960 - ok
17:17:57.0036 5416        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:17:57.0083 5416        NlaSvc - ok
17:17:57.0442 5416        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:17:57.0489 5416        Npfs - ok
17:17:57.0754 5416        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:17:57.0832 5416        nsi - ok
17:17:58.0175 5416        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:17:58.0222 5416        nsiproxy - ok
17:17:58.0596 5416        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:17:58.0659 5416        Ntfs - ok
17:17:58.0986 5416        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:17:59.0049 5416        Null - ok
17:17:59.0423 5416        nusb3hub        (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:17:59.0439 5416        nusb3hub - ok
17:17:59.0797 5416        nusb3xhc        (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:17:59.0829 5416        nusb3xhc - ok
17:18:00.0437 5416        nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:18:00.0562 5416        nvlddmkm - ok
17:18:00.0889 5416        nvpciflt        (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:18:00.0905 5416        nvpciflt - ok
17:18:01.0248 5416        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:18:01.0279 5416        nvraid - ok
17:18:01.0623 5416        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:18:01.0638 5416        nvstor - ok
17:18:01.0935 5416        NVSvc          (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:18:01.0981 5416        NVSvc - ok
17:18:02.0231 5416        nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:18:02.0325 5416        nvUpdatusService - ok
17:18:02.0683 5416        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:18:02.0715 5416        nv_agp - ok
17:18:03.0042 5416        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:18:03.0073 5416        ohci1394 - ok
17:18:03.0261 5416        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:03.0276 5416        ose - ok
17:18:03.0448 5416        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:03.0588 5416        osppsvc - ok
17:18:03.0869 5416        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:03.0916 5416        p2pimsvc - ok
17:18:04.0212 5416        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:18:04.0259 5416        p2psvc - ok
17:18:04.0618 5416        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:18:04.0649 5416        Parport - ok
17:18:05.0023 5416        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:18:05.0039 5416        partmgr - ok
17:18:05.0320 5416        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:18:05.0367 5416        PcaSvc - ok
17:18:05.0710 5416        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:18:05.0741 5416        pci - ok
17:18:06.0100 5416        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:18:06.0115 5416        pciide - ok
17:18:06.0459 5416        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:18:06.0490 5416        pcmcia - ok
17:18:06.0817 5416        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:18:06.0849 5416        pcw - ok
17:18:07.0207 5416        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:18:07.0270 5416        PEAUTH - ok
17:18:07.0582 5416        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:18:07.0629 5416        PeerDistSvc - ok
17:18:07.0956 5416        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:18:07.0987 5416        PerfHost - ok
17:18:08.0315 5416        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:18:08.0393 5416        pla - ok
17:18:08.0705 5416        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:18:08.0767 5416        PlugPlay - ok
17:18:09.0033 5416        PnkBstrA - ok
17:18:09.0111 5416        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:18:09.0142 5416        PNRPAutoReg - ok
17:18:09.0423 5416        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:09.0454 5416        PNRPsvc - ok
17:18:09.0501 5416        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:18:09.0547 5416        PolicyAgent - ok
17:18:09.0844 5416        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:18:09.0906 5416        Power - ok
17:18:10.0093 5416        PowerBiosServer (02778106ea187027005ef106e25dfda7) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
17:18:10.0125 5416        PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning
17:18:10.0125 5416        PowerBiosServer - detected UnsignedFile.Multi.Generic (1)
17:18:10.0468 5416        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:18:10.0530 5416        PptpMiniport - ok
17:18:10.0873 5416        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:18:10.0905 5416        Processor - ok
17:18:11.0170 5416        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:18:11.0248 5416        ProfSvc - ok
17:18:11.0544 5416        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:11.0560 5416        ProtectedStorage - ok
17:18:11.0919 5416        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:18:11.0981 5416        Psched - ok
17:18:12.0168 5416        PSI_SVC_2      (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:18:12.0184 5416        PSI_SVC_2 - ok
17:18:12.0574 5416        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:18:12.0652 5416        ql2300 - ok
17:18:13.0026 5416        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:18:13.0042 5416        ql40xx - ok
17:18:13.0307 5416        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:18:13.0354 5416        QWAVE - ok
17:18:13.0697 5416        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:18:13.0744 5416        QWAVEdrv - ok
17:18:14.0071 5416        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:14.0134 5416        RasAcd - ok
17:18:14.0493 5416        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:14.0539 5416        RasAgileVpn - ok
17:18:14.0820 5416        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:18:14.0898 5416        RasAuto - ok
17:18:15.0257 5416        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:15.0319 5416        Rasl2tp - ok
17:18:15.0616 5416        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:18:15.0678 5416        RasMan - ok
17:18:16.0037 5416        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:16.0115 5416        RasPppoe - ok
17:18:16.0474 5416        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:16.0536 5416        RasSstp - ok
17:18:16.0879 5416        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:16.0942 5416        rdbss - ok
17:18:17.0285 5416        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:17.0332 5416        rdpbus - ok
17:18:17.0644 5416        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:17.0691 5416        RDPCDD - ok
17:18:18.0018 5416        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:18:18.0049 5416        RDPDR - ok
17:18:18.0377 5416        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:18:18.0455 5416        RDPENCDD - ok
17:18:18.0767 5416        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:18:18.0814 5416        RDPREFMP - ok
17:18:19.0126 5416        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:18:19.0157 5416        RDPWD - ok
17:18:19.0500 5416        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:18:19.0516 5416        rdyboost - ok
17:18:19.0781 5416        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:18:19.0859 5416        RemoteAccess - ok
17:18:20.0140 5416        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:18:20.0202 5416        RemoteRegistry - ok
17:18:20.0483 5416        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:18:20.0545 5416        RpcEptMapper - ok
17:18:20.0842 5416        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:18:20.0889 5416        RpcLocator - ok
17:18:21.0169 5416        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:18:21.0232 5416        RpcSs - ok
17:18:21.0591 5416        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:21.0637 5416        rspndr - ok
17:18:21.0965 5416        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:18:22.0012 5416        s3cap - ok
17:18:22.0261 5416        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:22.0293 5416        SamSs - ok
17:18:22.0651 5416        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:18:22.0683 5416        sbp2port - ok
17:18:22.0948 5416        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:18:23.0010 5416        SCardSvr - ok
17:18:23.0353 5416        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:18:23.0416 5416        scfilter - ok
17:18:23.0728 5416        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:18:23.0775 5416        Schedule - ok
17:18:24.0055 5416        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:18:24.0118 5416        SCPolicySvc - ok
17:18:24.0165 5416        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:18:24.0196 5416        SDRSVC - ok
17:18:24.0383 5416        SeaPort        (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:18:24.0414 5416        SeaPort - ok
17:18:24.0773 5416        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:18:24.0820 5416        secdrv - ok
17:18:25.0116 5416        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:18:25.0194 5416        seclogon - ok
17:18:25.0475 5416        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:18:25.0537 5416        SENS - ok
17:18:25.0818 5416        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:18:25.0849 5416        SensrSvc - ok
17:18:26.0224 5416        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:18:26.0255 5416        Serenum - ok
17:18:26.0614 5416        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:18:26.0645 5416        Serial - ok
17:18:27.0019 5416        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:18:27.0051 5416        sermouse - ok
17:18:27.0347 5416        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:18:27.0409 5416        SessionEnv - ok
17:18:27.0753 5416        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:18:27.0799 5416        sffdisk - ok
17:18:28.0127 5416        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:18:28.0158 5416        sffp_mmc - ok
17:18:28.0533 5416        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:18:28.0564 5416        sffp_sd - ok
17:18:28.0938 5416        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:18:28.0969 5416        sfloppy - ok
17:18:29.0250 5416        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:18:29.0328 5416        SharedAccess - ok
17:18:29.0625 5416        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:18:29.0687 5416        ShellHWDetection - ok
17:18:30.0046 5416        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:18:30.0061 5416        SiSRaid2 - ok
17:18:30.0405 5416        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:18:30.0420 5416        SiSRaid4 - ok
17:18:30.0763 5416        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:18:30.0826 5416        Smb - ok
17:18:31.0153 5416        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:18:31.0185 5416        SNMPTRAP - ok
17:18:31.0543 5416        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:18:31.0575 5416        spldr - ok
17:18:31.0855 5416        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:18:31.0949 5416        Spooler - ok
17:18:32.0308 5416        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:18:32.0370 5416        sppsvc - ok
17:18:32.0667 5416        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:18:32.0745 5416        sppuinotify - ok
17:18:33.0103 5416        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:18:33.0166 5416        srv - ok
17:18:33.0540 5416        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:18:33.0571 5416        srv2 - ok
17:18:33.0899 5416        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:33.0930 5416        srvnet - ok
17:18:34.0211 5416        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:18:34.0273 5416        SSDPSRV - ok
17:18:34.0554 5416        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:18:34.0617 5416        SstpSvc - ok
17:18:34.0757 5416        Steam Client Service - ok
17:18:35.0100 5416        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:18:35.0131 5416        stexstor - ok
17:18:35.0428 5416        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:18:35.0490 5416        stisvc - ok
17:18:35.0833 5416        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:18:35.0865 5416        storflt - ok
17:18:36.0099 5416        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:18:36.0145 5416        StorSvc - ok
17:18:36.0504 5416        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:18:36.0535 5416        storvsc - ok
17:18:36.0863 5416        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:18:36.0879 5416        swenum - ok
17:18:37.0159 5416        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:18:37.0237 5416        swprv - ok
17:18:37.0596 5416        SynTP          (c80b9cce2239d092421a390147a692ed) C:\Windows\system32\DRIVERS\SynTP.sys
17:18:37.0612 5416        SynTP - ok
17:18:37.0939 5416        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:18:38.0002 5416        SysMain - ok
17:18:38.0283 5416        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:18:38.0345 5416        TabletInputService - ok
17:18:38.0626 5416        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:18:38.0688 5416        TapiSrv - ok
17:18:38.0985 5416        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:18:39.0031 5416        TBS - ok
17:18:39.0453 5416        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:18:39.0515 5416        Tcpip - ok
17:18:39.0905 5416        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:39.0936 5416        TCPIP6 - ok
17:18:40.0279 5416        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:18:40.0342 5416        tcpipreg - ok
17:18:40.0701 5416        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:18:40.0747 5416        TDPIPE - ok
17:18:41.0075 5416        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:18:41.0122 5416        TDTCP - ok
17:18:41.0449 5416        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:18:41.0496 5416        tdx - ok
17:18:41.0871 5416        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:18:41.0886 5416        TermDD - ok
17:18:42.0183 5416        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:18:42.0245 5416        TermService - ok
17:18:42.0541 5416        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:18:42.0573 5416        Themes - ok
17:18:42.0853 5416        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:18:42.0916 5416        THREADORDER - ok
17:18:43.0212 5416        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:18:43.0290 5416        TrkWks - ok
17:18:43.0431 5416        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:18:43.0524 5416        TrustedInstaller - ok
17:18:43.0805 5416        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:43.0867 5416        tssecsrv - ok
17:18:44.0195 5416        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:18:44.0226 5416        TsUsbFlt - ok
17:18:44.0554 5416        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:18:44.0585 5416        TsUsbGD - ok
17:18:44.0944 5416        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:45.0006 5416        tunnel - ok
17:18:45.0365 5416        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:18:45.0396 5416        uagp35 - ok
17:18:45.0724 5416        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:18:45.0802 5416        udfs - ok
17:18:46.0098 5416        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:18:46.0129 5416        UI0Detect - ok
17:18:46.0504 5416        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:18:46.0519 5416        uliagpkx - ok
17:18:46.0847 5416        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:18:46.0894 5416        umbus - ok
17:18:47.0221 5416        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:18:47.0268 5416        UmPass - ok
17:18:47.0533 5416        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:18:47.0580 5416        UmRdpService - ok
17:18:47.0814 5416        UNS            (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:18:47.0923 5416        UNS - ok
17:18:48.0235 5416        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:18:48.0298 5416        upnphost - ok
17:18:48.0657 5416        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:18:48.0719 5416        usbaudio - ok
17:18:49.0047 5416        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:49.0078 5416        usbccgp - ok
17:18:49.0421 5416        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:18:49.0452 5416        usbcir - ok
17:18:49.0780 5416        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:18:49.0795 5416        usbehci - ok
17:18:50.0139 5416        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:50.0185 5416        usbhub - ok
17:18:50.0513 5416        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:18:50.0560 5416        usbohci - ok
17:18:50.0903 5416        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:18:50.0934 5416        usbprint - ok
17:18:51.0293 5416        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:18:51.0324 5416        usbscan - ok
17:18:51.0636 5416        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:51.0683 5416        USBSTOR - ok
17:18:52.0026 5416        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:18:52.0073 5416        usbuhci - ok
17:18:52.0416 5416        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:18:52.0463 5416        usbvideo - ok
17:18:52.0728 5416        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:18:52.0791 5416        UxSms - ok
17:18:53.0071 5416        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:53.0103 5416        VaultSvc - ok
17:18:53.0461 5416        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:18:53.0477 5416        vdrvroot - ok
17:18:53.0758 5416        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:18:53.0820 5416        vds - ok
17:18:54.0179 5416        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:54.0226 5416        vga - ok
17:18:54.0569 5416        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:18:54.0647 5416        VgaSave - ok
17:18:54.0990 5416        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:18:55.0021 5416        vhdmp - ok
17:18:55.0365 5416        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:18:55.0380 5416        viaide - ok
17:18:55.0708 5416        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:18:55.0739 5416        vmbus - ok
17:18:56.0067 5416        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:18:56.0113 5416        VMBusHID - ok
17:18:56.0410 5416        vmm            (b2e25db5a6a178c056342abd747b7326) C:\Windows\system32\Treiber\vmm.sys
17:18:56.0425 5416        vmm - ok
17:18:56.0784 5416        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:18:56.0800 5416        volmgr - ok
17:18:57.0143 5416        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:18:57.0174 5416        volmgrx - ok
17:18:57.0517 5416        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:18:57.0549 5416        volsnap - ok
17:18:57.0892 5416        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:18:57.0923 5416        vsmraid - ok
17:18:58.0235 5416        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:18:58.0344 5416        VSS - ok
17:18:58.0687 5416        VUSB3HUB        (cc38015bb30360b1b1afeb995791004a) C:\Windows\system32\drivers\ViaHub3.sys
17:18:58.0734 5416        VUSB3HUB ( UnsignedFile.Multi.Generic ) - warning
17:18:58.0734 5416        VUSB3HUB - detected UnsignedFile.Multi.Generic (1)
17:18:59.0062 5416        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:59.0109 5416        vwifibus - ok
17:18:59.0467 5416        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:59.0514 5416        vwififlt - ok
17:18:59.0873 5416        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:18:59.0904 5416        vwifimp - ok
17:19:00.0201 5416        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:19:00.0247 5416        W32Time - ok
17:19:00.0622 5416        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:19:00.0653 5416        WacomPen - ok
17:19:00.0996 5416        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0074 5416        WANARP - ok
17:19:01.0090 5416        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0105 5416        Wanarpv6 - ok
17:19:01.0417 5416        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:19:01.0495 5416        WatAdminSvc - ok
17:19:01.0807 5416        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:19:01.0870 5416        wbengine - ok
17:19:02.0182 5416        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:19:02.0213 5416        WbioSrvc - ok
17:19:02.0478 5416        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:19:02.0541 5416        wcncsvc - ok
17:19:02.0821 5416        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:19:02.0853 5416        WcsPlugInService - ok
17:19:03.0227 5416        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:19:03.0243 5416        Wd - ok
17:19:03.0601 5416        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:19:03.0633 5416        Wdf01000 - ok
17:19:03.0913 5416        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0960 5416        WdiServiceHost - ok
17:19:03.0960 5416        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0976 5416        WdiSystemHost - ok
17:19:04.0272 5416        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:19:04.0319 5416        WebClient - ok
17:19:04.0615 5416        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:19:04.0678 5416        Wecsvc - ok
17:19:04.0959 5416        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:19:04.0974 5416        wercplsupport - ok
17:19:05.0271 5416        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:19:05.0333 5416        WerSvc - ok
17:19:05.0676 5416        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:05.0739 5416        WfpLwf - ok
17:19:06.0051 5416        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:19:06.0066 5416        WIMMount - ok
17:19:06.0191 5416        WinDefend - ok
17:19:06.0207 5416        WinHttpAutoProxySvc - ok
17:19:06.0581 5416        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:19:06.0643 5416        Winmgmt - ok
17:19:06.0971 5416        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:19:07.0080 5416        WinRM - ok
17:19:07.0455 5416        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:19:07.0501 5416        WinUsb - ok
17:19:07.0767 5416        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:19:07.0813 5416        Wlansvc - ok
17:19:07.0954 5416        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:19:08.0016 5416        wlidsvc - ok
17:19:08.0359 5416        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:19:08.0406 5416        WmiAcpi - ok
17:19:08.0781 5416        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:19:08.0827 5416        wmiApSrv - ok
17:19:08.0952 5416        WMPNetworkSvc - ok
17:19:09.0249 5416        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:19:09.0264 5416        WPCSvc - ok
17:19:09.0545 5416        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:19:09.0592 5416        WPDBusEnum - ok
17:19:09.0966 5416        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:19:09.0997 5416        ws2ifsl - ok
17:19:10.0278 5416        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:19:10.0325 5416        wscsvc - ok
17:19:10.0575 5416        WSearch - ok
17:19:10.0746 5416        WTGService      (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
17:19:10.0762 5416        WTGService - ok
17:19:11.0089 5416        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:19:11.0230 5416        wuauserv - ok
17:19:11.0589 5416        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:19:11.0651 5416        WudfPf - ok
17:19:11.0994 5416        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:19:12.0057 5416        WUDFRd - ok
17:19:12.0322 5416        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:19:12.0384 5416        wudfsvc - ok
17:19:12.0649 5416        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:19:12.0696 5416        WwanSvc - ok
17:19:12.0805 5416        X6va007 - ok
17:19:12.0868 5416        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:19:13.0117 5416        \Device\Harddisk0\DR0 - ok
17:19:13.0117 5416        Boot (0x1200)  (6c34b1637b51abca3e9a1cc8c4582bdf) \Device\Harddisk0\DR0\Partition0
17:19:13.0133 5416        \Device\Harddisk0\DR0\Partition0 - ok
17:19:13.0164 5416        Boot (0x1200)  (092fc2bba5e835859f3e88bde18a02c0) \Device\Harddisk0\DR0\Partition1
17:19:13.0164 5416        \Device\Harddisk0\DR0\Partition1 - ok
17:19:13.0164 5416        ============================================================
17:19:13.0164 5416        Scan finished
17:19:13.0164 5416        ============================================================
17:19:13.0180 5388        Detected object count: 5
17:19:13.0180 5388        Actual detected object count: 5
17:19:32.0025 5388        acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388        acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388        Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388        Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0025 5388        PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388        PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:32.0040 5388        VUSB3HUB ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0040 5388        VUSB3HUB ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 29.03.2012 19:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sunjojo 29.03.2012 20:50
Hey, ComboFix habe ich ausgeführt, wie bei den anderen Scans verlief es ohne Probleme. Hier die Logdatei:
Code:
ComboFix 12-03-29.02 - Jonas Hanke 29.03.2012  21:24:49.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8099.6298 [GMT 2:00]
ausgeführt von:: c:\users\Jonas Hanke\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\server.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46        607296        ----a-w-        c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2074-05-07 17:38 . 2006-11-21 19:48        203576        ----a-w-        c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-03-29 19:30 . 2012-03-29 19:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-29 14:19 . 2012-03-29 14:19        --------        d-----w-        C:\_OTL
2012-03-28 13:24 . 2012-03-28 13:24        --------        d-----w-        c:\program files (x86)\ESET
2012-03-27 16:26 . 2011-08-26 17:02        2484592        ----a-w-        c:\windows\SysWow64\pbsvc_p4f.exe
2012-03-27 15:35 . 2012-03-27 15:35        --------        d-----w-        c:\users\UpdatusUser
2012-03-27 11:52 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{381D2696-DDF5-419C-B9DE-5365A7ECE694}\mpengine.dll
2012-03-26 19:38 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-26 19:38 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-26 19:38 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-26 16:52 . 2011-03-12 12:08        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2012-03-26 16:52 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2012-03-26 16:52 . 2011-04-22 22:15        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2012-03-26 16:52 . 2011-08-13 05:27        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-08-13 04:18        6144        ----a-w-        c:\program files (x86)\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-02-18 10:51        31232        ----a-w-        c:\windows\system32\prevhost.exe
2012-03-26 16:52 . 2011-02-18 05:39        31232        ----a-w-        c:\windows\SysWow64\prevhost.exe
2012-03-26 16:52 . 2011-01-17 11:09        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-26 16:52 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-03-26 16:46 . 2012-03-26 16:46        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-03-26 15:18 . 2011-02-05 17:10        642944        ----a-w-        c:\windows\system32\winload.efi
2012-03-26 15:16 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-26 15:16 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-26 15:16 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-26 15:15 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-26 15:15 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-26 13:36 . 2012-03-26 13:36        --------        d-----w-        C:\Malwarebytes' Anti-Malware
2012-03-25 20:31 . 2012-03-25 20:49        --------        d-----w-        c:\windows\Panther
2012-03-25 20:28 . 2012-03-25 20:28        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2012-03-25 20:17 . 2012-03-25 20:36        --------        d-----w-        C:\$WINDOWS.~Q
2012-03-25 19:57 . 2012-03-25 20:10        --------        d-----w-        C:\$INPLACE.~TR
2012-03-25 19:37 . 2012-03-25 20:59        --------        d-----w-        c:\users\Jonas Schule
2012-03-25 19:37 . 2012-03-25 20:26        --------        d-----w-        c:\users\Detlev Hanke
2012-03-25 19:37 . 2012-03-25 20:49        --------        d-----w-        c:\users\Jonas Hanke
2012-03-25 19:36 . 2012-03-25 19:44        --------        d-----w-        c:\program files\Protector Suite
2012-03-25 19:35 . 2012-03-25 19:35        --------        d-----w-        c:\windows\SysWow64\RTCOM
2012-03-25 19:35 . 2012-03-25 19:35        --------        d-----w-        c:\program files\Realtek
2012-03-25 19:35 . 2012-03-25 19:35        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35        --------        d-----w-        c:\program files\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-25 19:35        --------        d-----w-        c:\program files\Synaptics
2012-03-25 15:33 . 2012-03-25 20:08        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-25 15:33 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-25 15:33 . 2012-03-26 13:35        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 17:27 . 2012-03-25 20:08        --------        d-----w-        c:\users\TEMP.JonasH.004
2012-03-23 16:58 . 2012-03-25 20:08        --------        d-----w-        c:\users\TEMP.JonasH.005
2012-03-17 11:24 . 2012-03-25 20:08        --------        d-----w-        c:\users\TEMP.JonasH.003
2012-03-14 20:53 . 2012-03-25 20:08        --------        d-----w-        c:\users\TEMP.JonasH.002
2012-03-11 15:13 . 2012-03-25 19:50        --------        d-----w-        c:\program files (x86)\Eligium
2012-03-11 13:05 . 2012-03-25 19:50        --------        d-----w-        c:\program files (x86)\eligium_0_90_1_en
2012-03-09 15:25 . 2012-03-25 20:08        --------        d-----w-        c:\users\TEMP.JonasH.001
2012-03-08 20:36 . 2012-03-08 20:36        1798656        ------w-        c:\windows\SysWow64\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36        110592        ------w-        c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 20:36 . 2012-03-08 20:36        2308096        ------w-        c:\windows\system32\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36        135168        ------w-        c:\windows\system32\IEAdvpack.dll
2012-03-07 17:23 . 2012-03-25 19:59        --------        d-----w-        c:\program files (x86)\PixLin
2012-03-07 17:23 . 1998-11-03 11:04        1355776        ----a-w-        c:\windows\SysWow64\MSVBVM50.dll
2012-03-07 17:23 . 1998-05-15 19:01        99866        ----a-w-        c:\windows\SysWow64\VB5DE.dll
2012-03-07 17:23 . 1997-01-15 23:00        29696        ----a-w-        c:\windows\SysWow64\VB5StKit.dll
2012-03-02 22:16 . 2012-03-25 19:47        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-29 14:28 . 2012-03-25 18:09        --------        d-----w-        C:\BrickForce
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 18:09 . 2011-08-26 17:06        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 18:09 . 2011-08-26 17:03        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-03-27 16:26 . 2011-08-26 17:03        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-03-26 16:47 . 2011-06-28 17:28        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-01 00:02 . 2011-08-09 16:28        962368        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2011-08-09 16:28        2660160        ----a-w-        c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-08-09 16:28        260416        ----a-w-        c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2011-08-09 16:28        2301248        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-08-09 16:28        1737536        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-09 16:28        1466176        ----a-w-        c:\windows\system32\nvgenco64.dll
2012-02-29 21:00 . 2010-12-26 05:05        3089728        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-12-26 05:06        6074176        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-12-26 05:06        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2010-12-26 05:06        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-12-26 05:06        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-12-26 05:06        55616        ----a-w-        c:\windows\system32\nv3dappshextr.dll
2012-02-29 20:59 . 2010-12-26 05:06        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2010-12-26 05:06        849728        ----a-w-        c:\windows\system32\nv3dappshext.dll
2012-02-29 20:59 . 2010-12-26 05:06        2515790        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-02-23 07:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-02 16:52 . 2009-08-18 09:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-02 15:07 . 2012-02-02 15:07        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-02-02 15:07 . 2011-09-05 17:45        660368        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-21 12:50 . 2012-01-19 15:57        310984        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2012-01-20 19:12 . 2012-01-18 20:49        164880        ----a-w-        c:\users\Jonas Hanke\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-01-19 15:58 . 2012-01-19 15:57        42696        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 5975704]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story_DE\PrePatch.exe" [2012-01-30 327680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5635736]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
R1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va007;X6va007;c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-02-18 763904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-27 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 13:48        5947656        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 13:48        5947656        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-LEGO Rock Raiders - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_p4f.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\cchservice.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29  21:37:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-29 19:37
.
Vor Suchlauf: 20 Verzeichnis(se), 386.336.530.432 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 387.156.635.648 Bytes frei
.
- - End Of File - - EA939EB7AA78B769CF1618C999F7F098
Da AntiVir bei mir versagt hat, wollte ich fragen, welches Antivieren Programm du mir empfehlst (kann auch Geld kosten, ich würde jetzt auf Malwarebytes tippen?) ?

cosinus 29.03.2012 21:26
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

sunjojo 30.03.2012 19:04
Hey, leider geht das aswMBR.exe nicht. Ich habe AntiVir abgeschaltet und das Programm als Administrator ausgeführt und trotzdem stürzt es bei mir immer an einer Stelle ab: "C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Aplications (weiter konnte ich den Dateipfad nich lesen, weil dann das Programm abgestürzt ist). Ich habe 3 mal probiert das System scannen zu lassen, aber jedesmal trat das selbe Problem auf.

cosinus 30.03.2012 20:03
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

sunjojo 30.03.2012 20:26
Danke, jetzt hat es geklappt. Hier der Inhalt der Logdatei:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 21:24:43
-----------------------------
21:24:43.053    OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:43.053    Number of processors: 4 586 0x2A07
21:24:43.054    ComputerName: JONASH  UserName:
21:24:44.328    Initialize success
21:24:49.913    AVAST engine defs: 12033000
21:24:53.618    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:24:53.622    Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
21:24:53.647    Disk 0 MBR read successfully
21:24:53.650    Disk 0 MBR scan
21:24:53.656    Disk 0 Windows 7 default MBR code
21:24:53.661    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        8000 MB offset 2048
21:24:53.676    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 16386048
21:24:53.688    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      707302 MB offset 16590848
21:24:53.708    Disk 0 scanning C:\Windows\system32\drivers
21:25:00.962    Service scanning
21:25:27.136    Modules scanning
21:25:27.145    Disk 0 trace - called modules:
21:25:27.203    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:25:27.208    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009692060]
21:25:27.423    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083e7050]
21:25:27.430    Scan finished successfully
21:25:46.783    Disk 0 MBR has been saved successfully to "C:\Users\Jonas Hanke\Desktop\MBR.dat"
21:25:46.786    The log file has been saved successfully to "C:\Users\Jonas Hanke\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131