Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ...wiedermal BKA Virus (https://www.trojaner-board.de/115080-wiedermal-bka-virus.html)

Youtek 12.05.2012 21:23
...wiedermal BKA Virus
 
Hallo zusammen,

ich habe mir heute vormittag den BKA Trojaner eingefangen und versuche seitdem dieses Biest wieder loszuwerden.

Ich habe versucht mich an diese Anleitung zu halten

hxxp://blog.botfrei.de/2012/01/bka-trojaner-1-03-entfernen-windows-7-windows-vista/

Leider ohne großen Erfolg. Ich bin im Prinzip am Punkt 3. stehengeblieben.

Ich kann mich nicht als Admin anmelden.

Hat jemand eine Idee bzw. eine andere Möglichkeit das Teil wieder loszuwerden?

cosinus 14.05.2012 10:53
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Youtek 14.05.2012 15:55
...ja da komm ich noch rein

cosinus 14.05.2012 18:46
na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Youtek 14.05.2012 22:10
...hier die Logs:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-PC [Administrator]

Schutz: Deaktiviert

14.05.2012 21:13:10
mbam-log-2012-05-14 (21-13-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329545
Laufzeit: 34 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Matthias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZM8PUGG\contacts[1].exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88669a3a600c4548b59bcb1d0c2e3de2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 09:00:01
# local_time=2012-05-14 11:00:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17969769 17969769 0 0
# compatibility_mode=5893 16776573 100 94 196489 88655612 0 0
# compatibility_mode=8192 67108863 100 0 279 279 0 0
# scanned=142436
# found=0
# cleaned=0
# scan_time=3439

cosinus 15.05.2012 08:55
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Youtek 15.05.2012 09:51
Hab den Rechner grad mal hochgefahren...der normale Modus funktioniert wie immer. Ist alles so wie vorher...

cosinus 15.05.2012 12:58
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Youtek 15.05.2012 13:59
OTL Logfile:
Code:
OTL logfile created on: 15.05.2012 14:19:43 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Matthias\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 63,22% Memory free
7,87 Gb Paging File | 6,26 Gb Available in Paging File | 79,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 372,90 Gb Free Space | 88,72% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 28,34 Gb Free Space | 92,97% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.15 14:14:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\Downloads\OTL.exe
PRC - [2012.04.19 17:42:41 | 006,033,016 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.13 10:39:57 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012.03.13 10:39:56 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.30 18:26:51 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Matthias\AppData\Local\Apps\2.0\5DY8XN5W.10T\WK1MNX5E.NH5\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.11.04 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.13 10:39:56 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012.01.27 01:33:25 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.01.04 04:51:04 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.01.04 04:51:03 | 003,190,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.01.04 04:50:59 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011.07.30 18:26:25 | 000,368,640 | ---- | M] () -- C:\Users\Matthias\AppData\Local\Apps\2.0\5DY8XN5W.10T\WK1MNX5E.NH5\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2011.05.11 00:01:16 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.05.11 00:01:16 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:05 | 000,970,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.06.10 23:14:43 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.06.29 16:38:34 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.05 09:40:35 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.26 21:10:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.13 10:39:57 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.01.12 18:15:24 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.30 08:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2009.11.17 17:00:54 | 000,575,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.11.04 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.16 20:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009.07.15 07:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.15 07:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.30 18:26:41 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.05.18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.06.29 17:09:58 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.29 15:48:34 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.02 08:35:42 | 000,229,456 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.05.24 14:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.03 13:19:40 | 000,317,488 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.26 09:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.03.03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.01.15 20:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010.01.15 02:51:20 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.15 02:51:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 02:51:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.12.14 10:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.10.16 05:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.16 19:31:24 | 001,383,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009.06.10 22:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.08.06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.06.06 17:07:20 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={586E81BF-9D15-4ABC-AECE-3A70E96FC514}&mid=dac42fd0189647d194813d1cbf3a05d0-12682e749f182146867c1e92ae1af7c87d0b9d66&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1ACAFA84-E0F0-49A5-A47F-D0F08AF36766}&mid=dac42fd0189647d194813d1cbf3a05d0-12682e749f182146867c1e92ae1af7c87d0b9d66&lang=de&ds=tt014&pr=sa&d=2011-12-14 20:41:06&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bead0e4a6-e975-43cc-b872-ea67ffc49d48%7D&mid=dac42fd0189647d194813d1cbf3a05d0-12682e749f182146867c1e92ae1af7c87d0b9d66&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-14%2020%3A41%3A06&sap=ku&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.15 10:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 21:10:18 | 000,000,000 | ---D | M]
 
[2012.02.04 14:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.02.04 14:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.15 10:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\756aosek.default\extensions
[2012.05.15 10:49:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\756aosek.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.15 10:49:48 | 000,002,102 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\756aosek.default\searchplugins\suche.xml
[2011.11.10 20:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.15 10:39:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.05.15 10:49:30 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\756AOSEK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.06 10:21:27 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\756AOSEK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.26 21:10:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 20:49:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 10:39:55 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.13 20:49:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 20:49:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 20:49:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 20:49:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 20:49:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000..\Run: [AVMUSBFernanschluss] C:\Users\Matthias\AppData\Local\Apps\2.0\5DY8XN5W.10T\WK1MNX5E.NH5\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1234854419-2353236082-1726613358-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AFAF671-9234-415B-A4C3-03E6E15D0F7E}: DhcpNameServer = 60.2.0.1 60.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA32769C-C7F9-45D6-B2F6-F8ABF5F60927}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bttray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bttray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.15 10:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012.05.15 10:29:58 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Secunia PSI
[2012.05.15 10:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.05.15 10:17:42 | 000,337,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012.05.15 10:17:42 | 000,024,408 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012.05.15 10:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.05.15 10:17:41 | 000,053,080 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012.05.15 10:17:40 | 000,059,224 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012.05.15 10:17:39 | 000,819,032 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012.05.15 10:17:39 | 000,258,520 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012.05.15 10:17:39 | 000,069,976 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012.05.15 10:17:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012.05.15 10:17:06 | 000,201,352 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012.05.15 10:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.05.15 10:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.05.14 21:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.14 21:09:39 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.05.14 21:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.14 21:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.14 21:09:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.05.14 21:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.06 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Pop Art Studio 6.2
[2012.04.26 21:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.23 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Buhl Data Service
[2012.04.22 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\T@x
[2012.04.20 21:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.04.19 17:27:45 | 000,000,000 | ---D | C] -- C:\EasyFit
[2012.04.19 17:27:13 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.15 14:19:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 14:19:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 14:18:45 | 001,543,166 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.05.15 14:18:45 | 000,674,536 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.05.15 14:18:45 | 000,625,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.05.15 14:18:45 | 000,137,760 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.05.15 14:18:45 | 000,113,084 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.05.15 14:15:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.15 14:12:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.15 14:11:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.15 10:48:06 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.15 10:45:07 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.05.15 10:39:01 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012.05.15 10:33:28 | 000,001,973 | ---- | M] () -- C:\Users\Matthias\Desktop\Update Checker.lnk
[2012.05.15 10:29:52 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.15 10:17:42 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.05.14 21:09:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.12 08:29:07 | 000,283,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.05.03 09:14:12 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.04.23 21:44:36 | 000,000,149 | ---- | M] () -- C:\windows\wiso.ini
 
========== Files Created - No Company Name ==========
 
[2012.05.15 10:45:07 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.05.15 10:33:28 | 000,002,003 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012.05.15 10:33:28 | 000,001,973 | ---- | C] () -- C:\Users\Matthias\Desktop\Update Checker.lnk
[2012.05.15 10:29:52 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.15 10:29:52 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.05.15 10:17:42 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.05.15 10:17:39 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2012.05.14 21:09:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.23 10:00:38 | 000,000,149 | ---- | C] () -- C:\windows\wiso.ini
[2012.01.05 14:52:37 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.04 17:30:37 | 000,000,306 | ---- | C] () -- C:\windows\lgfwup.ini
[2011.07.30 18:35:49 | 001,527,068 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.07.30 18:33:52 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.07.30 18:33:52 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7440N.DAT
[2011.06.09 21:14:34 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.05.10 17:22:11 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011.05.10 17:06:47 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.05.10 17:06:47 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.05.10 17:06:40 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.05.10 16:49:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.08.09 10:28:09 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010.07.06 03:54:55 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini
 
========== LOP Check ==========
 
[2011.06.09 21:16:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ArcSyncConfig
[2012.04.23 21:44:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Buhl Data Service
[2012.01.05 12:46:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2012.02.17 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\griffith
[2011.12.18 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2011.06.09 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Lenovo
[2012.04.22 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftGrid Client
[2011.12.02 21:59:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Syncdocs
[2012.02.04 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom
[2011.08.26 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TP
[2011.07.17 13:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
[2011.12.02 21:46:14 | 000,000,000 | -HSD | M] -- C:\Users\Matthias\AppData\Roaming\wyUpdate AU
[2012.05.15 10:47:40 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TuneUp Software
[2012.04.04 18:25:06 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.13 21:50:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe
[2011.11.25 21:52:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Apple Computer
[2011.06.09 21:16:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ArcSyncConfig
[2011.06.09 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ATI
[2011.09.05 15:43:44 | 000,000,000 | R--D | M] -- C:\Users\Matthias\AppData\Roaming\Brother
[2012.04.23 21:44:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Buhl Data Service
[2011.06.09 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\CyberLink
[2012.01.05 12:46:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2012.02.17 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\griffith
[2011.12.18 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2011.06.09 19:32:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities
[2011.06.09 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Intel Corporation
[2011.06.09 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Lenovo
[2011.06.09 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia
[2012.05.14 21:09:39 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2009.07.29 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs
[2012.04.22 13:54:47 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft
[2011.06.16 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla
[2012.04.22 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftGrid Client
[2011.12.02 21:59:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Syncdocs
[2012.02.04 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom
[2011.08.26 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TP
[2011.07.17 13:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
[2011.12.02 21:46:14 | 000,000,000 | -HSD | M] -- C:\Users\Matthias\AppData\Roaming\wyUpdate AU
 
< %APPDATA%\*.exe /s >
[2011.12.05 21:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 21:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\drivers\iaStor.sys
[2010.03.03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.05.11 00:26:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.05.11 00:26:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.05.11 00:26:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.05.11 00:26:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.05.11 00:16:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.05.11 00:16:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 15.05.2012 14:59
Ist rel. unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Youtek 15.05.2012 15:43
Code:
16:36:23.0322 5840        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
16:36:23.0946 5840        ============================================================
16:36:23.0946 5840        Current date / time: 2012/05/15 16:36:23.0946
16:36:23.0946 5840        SystemInfo:
16:36:23.0946 5840       
16:36:23.0946 5840        OS Version: 6.1.7601 ServicePack: 1.0
16:36:23.0946 5840        Product type: Workstation
16:36:23.0946 5840        ComputerName: MATTHIAS-PC
16:36:23.0946 5840        UserName: Matthias
16:36:23.0946 5840        Windows directory: C:\windows
16:36:23.0946 5840        System windows directory: C:\windows
16:36:23.0946 5840        Running under WOW64
16:36:23.0946 5840        Processor architecture: Intel x64
16:36:23.0946 5840        Number of processors: 8
16:36:23.0946 5840        Page size: 0x1000
16:36:23.0946 5840        Boot type: Normal boot
16:36:23.0946 5840        ============================================================
16:36:24.0742 5840        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:24.0773 5840        ============================================================
16:36:24.0773 5840        \Device\Harddisk0\DR0:
16:36:24.0773 5840        MBR partitions:
16:36:24.0773 5840        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:36:24.0773 5840        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x348AA000
16:36:24.0804 5840        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3490F000, BlocksNum 0x3CF4800
16:36:24.0804 5840        ============================================================
16:36:24.0851 5840        C: <-> \Device\Harddisk0\DR0\Partition1
16:36:24.0898 5840        D: <-> \Device\Harddisk0\DR0\Partition2
16:36:24.0898 5840        ============================================================
16:36:24.0898 5840        Initialize success
16:36:24.0898 5840        ============================================================
16:38:07.0421 5960        ============================================================
16:38:07.0421 5960        Scan started
16:38:07.0421 5960        Mode: Manual; SigCheck; TDLFS;
16:38:07.0421 5960        ============================================================
16:38:08.0669 5960        1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:38:08.0825 5960        1394ohci - ok
16:38:08.0903 5960        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:38:08.0950 5960        ACPI - ok
16:38:08.0981 5960        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:38:09.0059 5960        AcpiPmi - ok
16:38:09.0106 5960        ACPIVPC        (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
16:38:09.0168 5960        ACPIVPC - ok
16:38:09.0356 5960        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:09.0371 5960        AdobeFlashPlayerUpdateSvc - ok
16:38:09.0465 5960        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:38:09.0512 5960        adp94xx - ok
16:38:09.0558 5960        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:38:09.0605 5960        adpahci - ok
16:38:09.0636 5960        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:38:09.0668 5960        adpu320 - ok
16:38:09.0699 5960        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:38:09.0902 5960        AeLookupSvc - ok
16:38:09.0980 5960        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:38:10.0058 5960        AFD - ok
16:38:10.0089 5960        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:38:10.0120 5960        agp440 - ok
16:38:10.0151 5960        ALG            (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:38:10.0229 5960        ALG - ok
16:38:10.0276 5960        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:38:10.0292 5960        aliide - ok
16:38:10.0354 5960        AMD External Events Utility (95bb85f73f6c20b08ab83ed194c2fa1f) C:\windows\system32\atiesrxx.exe
16:38:10.0448 5960        AMD External Events Utility - ok
16:38:10.0479 5960        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:38:10.0510 5960        amdide - ok
16:38:10.0541 5960        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:38:10.0619 5960        AmdK8 - ok
16:38:11.0228 5960        amdkmdag        (2ae6aa3632589ac805432863d3605ea9) C:\windows\system32\DRIVERS\atikmdag.sys
16:38:11.0524 5960        amdkmdag - ok
16:38:11.0711 5960        amdkmdap        (206c28bfa8d52250d163b85e891527e5) C:\windows\system32\DRIVERS\atikmpag.sys
16:38:11.0774 5960        amdkmdap - ok
16:38:11.0805 5960        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:38:11.0836 5960        AmdPPM - ok
16:38:11.0883 5960        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:38:11.0914 5960        amdsata - ok
16:38:11.0945 5960        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:38:11.0976 5960        amdsbs - ok
16:38:11.0992 5960        amdxata        (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:38:12.0023 5960        amdxata - ok
16:38:12.0054 5960        AnyDVD          (30682a098e12e2c85fa65518e1618195) C:\windows\system32\Drivers\AnyDVD.sys
16:38:12.0086 5960        AnyDVD - ok
16:38:12.0117 5960        AppID          (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:38:12.0351 5960        AppID - ok
16:38:12.0382 5960        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:38:12.0476 5960        AppIDSvc - ok
16:38:12.0507 5960        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:38:12.0600 5960        Appinfo - ok
16:38:12.0710 5960        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:38:12.0725 5960        Apple Mobile Device - ok
16:38:12.0756 5960        arc            (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:38:12.0788 5960        arc - ok
16:38:12.0803 5960        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:38:12.0834 5960        arcsas - ok
16:38:12.0881 5960        aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
16:38:12.0897 5960        aswFsBlk - ok
16:38:12.0944 5960        aswMonFlt      (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
16:38:12.0975 5960        aswMonFlt - ok
16:38:12.0990 5960        aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
16:38:13.0022 5960        aswRdr - ok
16:38:13.0115 5960        aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
16:38:13.0162 5960        aswSnx - ok
16:38:13.0240 5960        aswSP          (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
16:38:13.0271 5960        aswSP - ok
16:38:13.0334 5960        aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
16:38:13.0349 5960        aswTdi - ok
16:38:13.0396 5960        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:38:13.0490 5960        AsyncMac - ok
16:38:13.0521 5960        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:38:13.0552 5960        atapi - ok
16:38:13.0692 5960        ATIAVPCI        (c5b7809742ad1b792bdd075b763b13a3) C:\windows\system32\DRIVERS\atinavrr.sys
16:38:13.0802 5960        ATIAVPCI - ok
16:38:13.0989 5960        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:38:14.0082 5960        AudioEndpointBuilder - ok
16:38:14.0098 5960        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:38:14.0176 5960        AudioSrv - ok
16:38:14.0332 5960        avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:38:14.0363 5960        avast! Antivirus - ok
16:38:14.0457 5960        avmaudio        (bd39d7cfd9d6a73396b618113a8e8d57) C:\windows\system32\DRIVERS\avmaudio.sys
16:38:14.0535 5960        avmaudio - ok
16:38:14.0566 5960        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:38:14.0660 5960        AxInstSV - ok
16:38:14.0738 5960        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:38:14.0800 5960        b06bdrv - ok
16:38:14.0862 5960        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:38:14.0909 5960        b57nd60a - ok
16:38:15.0252 5960        BCM43XX        (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
16:38:15.0408 5960        BCM43XX - ok
16:38:15.0549 5960        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:38:15.0596 5960        BDESVC - ok
16:38:15.0642 5960        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:38:15.0736 5960        Beep - ok
16:38:15.0845 5960        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:38:15.0939 5960        BFE - ok
16:38:16.0017 5960        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:38:16.0142 5960        BITS - ok
16:38:16.0220 5960        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:38:16.0266 5960        blbdrive - ok
16:38:16.0360 5960        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:38:16.0391 5960        Bonjour Service - ok
16:38:16.0422 5960        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:38:16.0469 5960        bowser - ok
16:38:16.0500 5960        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:38:16.0578 5960        BrFiltLo - ok
16:38:16.0594 5960        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:38:16.0625 5960        BrFiltUp - ok
16:38:16.0656 5960        Bridge0        (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
16:38:16.0688 5960        Bridge0 - ok
16:38:16.0734 5960        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:38:16.0828 5960        Browser - ok
16:38:16.0890 5960        BrSerIb        (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
16:38:16.0953 5960        BrSerIb - ok
16:38:17.0015 5960        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:38:17.0078 5960        Brserid - ok
16:38:17.0109 5960        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:38:17.0156 5960        BrSerWdm - ok
16:38:17.0171 5960        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:38:17.0218 5960        BrUsbMdm - ok
16:38:17.0234 5960        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:38:17.0265 5960        BrUsbSer - ok
16:38:17.0296 5960        BrUsbSIb        (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
16:38:17.0343 5960        BrUsbSIb - ok
16:38:17.0374 5960        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
16:38:17.0436 5960        BthEnum - ok
16:38:17.0468 5960        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:38:17.0514 5960        BTHMODEM - ok
16:38:17.0561 5960        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
16:38:17.0624 5960        BthPan - ok
16:38:17.0717 5960        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
16:38:17.0795 5960        BTHPORT - ok
16:38:17.0858 5960        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:38:17.0951 5960        bthserv - ok
16:38:17.0982 5960        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
16:38:18.0029 5960        BTHUSB - ok
16:38:18.0060 5960        btusbflt        (d3466f77c2c49c6e393ba5fba963a33e) C:\windows\system32\drivers\btusbflt.sys
16:38:18.0076 5960        btusbflt - ok
16:38:18.0123 5960        btwaudio        (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
16:38:18.0138 5960        btwaudio - ok
16:38:18.0185 5960        btwavdt        (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\drivers\btwavdt.sys
16:38:18.0201 5960        btwavdt - ok
16:38:18.0357 5960        btwdins        (a8c22acbe494d2f92fdb4c7edd09528c) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
16:38:18.0404 5960        btwdins - ok
16:38:18.0435 5960        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
16:38:18.0450 5960        btwl2cap - ok
16:38:18.0450 5960        btwrchid        (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
16:38:18.0482 5960        btwrchid - ok
16:38:18.0513 5960        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:38:18.0622 5960        cdfs - ok
16:38:18.0653 5960        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:38:18.0700 5960        cdrom - ok
16:38:18.0731 5960        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:38:18.0840 5960        CertPropSvc - ok
16:38:18.0872 5960        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:38:18.0903 5960        circlass - ok
16:38:18.0981 5960        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:38:19.0012 5960        CLFS - ok
16:38:19.0074 5960        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:19.0090 5960        clr_optimization_v2.0.50727_32 - ok
16:38:19.0152 5960        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:38:19.0168 5960        clr_optimization_v2.0.50727_64 - ok
16:38:19.0230 5960        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:19.0246 5960        clr_optimization_v4.0.30319_32 - ok
16:38:19.0293 5960        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:38:19.0308 5960        clr_optimization_v4.0.30319_64 - ok
16:38:19.0324 5960        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:38:19.0371 5960        CmBatt - ok
16:38:19.0402 5960        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:38:19.0418 5960        cmdide - ok
16:38:19.0496 5960        CNG            (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:38:19.0558 5960        CNG - ok
16:38:19.0574 5960        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:38:19.0605 5960        Compbatt - ok
16:38:19.0636 5960        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
16:38:19.0667 5960        CompositeBus - ok
16:38:19.0683 5960        COMSysApp - ok
16:38:19.0698 5960        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:38:19.0730 5960        crcdisk - ok
16:38:19.0776 5960        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
16:38:19.0870 5960        CryptSvc - ok
16:38:20.0057 5960        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:38:20.0104 5960        cvhsvc - ok
16:38:20.0166 5960        dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
16:38:20.0229 5960        dc3d - ok
16:38:20.0322 5960        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:38:20.0416 5960        DcomLaunch - ok
16:38:20.0494 5960        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:38:20.0588 5960        defragsvc - ok
16:38:20.0619 5960        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:38:20.0712 5960        DfsC - ok
16:38:20.0790 5960        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:38:20.0884 5960        Dhcp - ok
16:38:20.0915 5960        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:38:20.0993 5960        discache - ok
16:38:21.0040 5960        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:38:21.0071 5960        Disk - ok
16:38:21.0134 5960        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:38:21.0180 5960        Dnscache - ok
16:38:21.0227 5960        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:38:21.0336 5960        dot3svc - ok
16:38:21.0383 5960        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:38:21.0477 5960        DPS - ok
16:38:21.0508 5960        drmkaud        (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:38:21.0555 5960        drmkaud - ok
16:38:21.0680 5960        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:38:21.0742 5960        DXGKrnl - ok
16:38:21.0789 5960        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:38:21.0867 5960        EapHost - ok
16:38:22.0179 5960        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:38:22.0335 5960        ebdrv - ok
16:38:22.0475 5960        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:38:22.0538 5960        EFS - ok
16:38:22.0662 5960        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:38:22.0740 5960        ehRecvr - ok
16:38:22.0803 5960        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:38:22.0850 5960        ehSched - ok
16:38:22.0928 5960        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
16:38:22.0959 5960        ElbyCDIO - ok
16:38:23.0037 5960        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:38:23.0084 5960        elxstor - ok
16:38:23.0115 5960        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:38:23.0162 5960        ErrDev - ok
16:38:23.0255 5960        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:38:23.0364 5960        EventSystem - ok
16:38:23.0427 5960        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:38:23.0505 5960        exfat - ok
16:38:23.0536 5960        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:38:23.0630 5960        fastfat - ok
16:38:23.0723 5960        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:38:23.0786 5960        Fax - ok
16:38:23.0817 5960        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:38:23.0864 5960        fdc - ok
16:38:23.0895 5960        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:38:23.0988 5960        fdPHost - ok
16:38:24.0004 5960        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:38:24.0098 5960        FDResPub - ok
16:38:24.0113 5960        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:38:24.0144 5960        FileInfo - ok
16:38:24.0176 5960        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:38:24.0254 5960        Filetrace - ok
16:38:24.0285 5960        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:38:24.0300 5960        flpydisk - ok
16:38:24.0363 5960        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:38:24.0394 5960        FltMgr - ok
16:38:24.0550 5960        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:38:24.0644 5960        FontCache - ok
16:38:24.0706 5960        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:38:24.0722 5960        FontCache3.0.0.0 - ok
16:38:24.0815 5960        FsDepends      (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:38:24.0846 5960        FsDepends - ok
16:38:24.0878 5960        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:38:24.0893 5960        Fs_Rec - ok
16:38:24.0956 5960        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:38:24.0987 5960        fvevol - ok
16:38:25.0018 5960        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:38:25.0034 5960        gagp30kx - ok
16:38:25.0080 5960        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:38:25.0096 5960        GEARAspiWDM - ok
16:38:25.0205 5960        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:38:25.0314 5960        gpsvc - ok
16:38:25.0455 5960        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:38:25.0486 5960        gupdate - ok
16:38:25.0502 5960        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:38:25.0517 5960        gupdatem - ok
16:38:25.0548 5960        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:38:25.0611 5960        hcw85cir - ok
16:38:25.0689 5960        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:38:25.0736 5960        HdAudAddService - ok
16:38:25.0782 5960        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
16:38:25.0829 5960        HDAudBus - ok
16:38:25.0860 5960        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
16:38:25.0876 5960        HECIx64 - ok
16:38:25.0907 5960        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:38:25.0954 5960        HidBatt - ok
16:38:25.0970 5960        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:38:26.0016 5960        HidBth - ok
16:38:26.0048 5960        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:38:26.0094 5960        HidIr - ok
16:38:26.0110 5960        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
16:38:26.0204 5960        hidserv - ok
16:38:26.0250 5960        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:38:26.0282 5960        HidUsb - ok
16:38:26.0328 5960        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:38:26.0422 5960        hkmsvc - ok
16:38:26.0484 5960        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:38:26.0531 5960        HomeGroupListener - ok
16:38:26.0594 5960        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:38:26.0640 5960        HomeGroupProvider - ok
16:38:26.0687 5960        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:38:26.0703 5960        HpSAMD - ok
16:38:26.0812 5960        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:38:26.0906 5960        HTTP - ok
16:38:26.0937 5960        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:38:26.0968 5960        hwpolicy - ok
16:38:26.0999 5960        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
16:38:27.0030 5960        i8042prt - ok
16:38:27.0093 5960        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
16:38:27.0140 5960        iaStor - ok
16:38:27.0233 5960        IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:38:27.0264 5960        IAStorDataMgrSvc - ok
16:38:27.0327 5960        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:38:27.0374 5960        iaStorV - ok
16:38:27.0514 5960        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:38:27.0561 5960        idsvc - ok
16:38:28.0138 5960        igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
16:38:28.0403 5960        igfx - ok
16:38:28.0528 5960        IGRS            (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
16:38:28.0544 5960        IGRS - ok
16:38:28.0715 5960        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:38:28.0746 5960        iirsp - ok
16:38:28.0856 5960        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:38:28.0965 5960        IKEEXT - ok
16:38:29.0214 5960        IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\windows\system32\drivers\RTKVHD64.sys
16:38:29.0355 5960        IntcAzAudAddService - ok
16:38:29.0511 5960        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:38:29.0542 5960        intelide - ok
16:38:29.0573 5960        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:38:29.0620 5960        intelppm - ok
16:38:29.0651 5960        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:38:29.0745 5960        IPBusEnum - ok
16:38:29.0776 5960        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:38:29.0854 5960        IpFilterDriver - ok
16:38:29.0948 5960        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:38:30.0041 5960        iphlpsvc - ok
16:38:30.0088 5960        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:38:30.0119 5960        IPMIDRV - ok
16:38:30.0150 5960        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:38:30.0244 5960        IPNAT - ok
16:38:30.0416 5960        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:38:30.0462 5960        iPod Service - ok
16:38:30.0478 5960        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:38:30.0525 5960        IRENUM - ok
16:38:30.0572 5960        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:38:30.0603 5960        isapnp - ok
16:38:30.0665 5960        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:38:30.0696 5960        iScsiPrt - ok
16:38:30.0774 5960        JMCR            (3926c8c55a2cd2c94888be39b4beb629) C:\windows\system32\DRIVERS\jmcr.sys
16:38:30.0790 5960        JMCR - ok
16:38:30.0852 5960        k57nd60a        (9d7ea8c7215d8d4ae7be110eee61085d) C:\windows\system32\DRIVERS\k57nd60a.sys
16:38:30.0868 5960        k57nd60a - ok
16:38:30.0899 5960        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
16:38:30.0930 5960        kbdclass - ok
16:38:30.0946 5960        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:38:30.0993 5960        kbdhid - ok
16:38:31.0024 5960        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:38:31.0055 5960        KeyIso - ok
16:38:31.0086 5960        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:38:31.0102 5960        KSecDD - ok
16:38:31.0149 5960        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:38:31.0180 5960        KSecPkg - ok
16:38:31.0211 5960        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:38:31.0305 5960        ksthunk - ok
16:38:31.0367 5960        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:38:31.0476 5960        KtmRm - ok
16:38:31.0539 5960        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
16:38:31.0632 5960        LanmanServer - ok
16:38:31.0664 5960        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:38:31.0757 5960        LanmanWorkstation - ok
16:38:31.0898 5960        Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
16:38:31.0929 5960        Lenovo ReadyComm AppSvc - ok
16:38:32.0022 5960        Lenovo ReadyComm ConnSvc (04d9897eaaae535c4b7dd61574f1a021) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
16:38:32.0054 5960        Lenovo ReadyComm ConnSvc - ok
16:38:32.0132 5960        LHDmgr          (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
16:38:32.0163 5960        LHDmgr - ok
16:38:32.0194 5960        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:38:32.0288 5960        lltdio - ok
16:38:32.0350 5960        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:38:32.0444 5960        lltdsvc - ok
16:38:32.0459 5960        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:38:32.0553 5960        lmhosts - ok
16:38:32.0693 5960        LMS            (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:38:32.0709 5960        LMS - ok
16:38:32.0756 5960        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:38:32.0787 5960        LSI_FC - ok
16:38:32.0802 5960        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:38:32.0834 5960        LSI_SAS - ok
16:38:32.0849 5960        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:38:32.0880 5960        LSI_SAS2 - ok
16:38:32.0896 5960        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:38:32.0927 5960        LSI_SCSI - ok
16:38:32.0974 5960        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:38:33.0052 5960        luafv - ok
16:38:33.0146 5960        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
16:38:33.0177 5960        MBAMProtector - ok
16:38:33.0286 5960        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:38:33.0333 5960        MBAMService - ok
16:38:33.0364 5960        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:38:33.0426 5960        Mcx2Svc - ok
16:38:33.0458 5960        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:38:33.0489 5960        megasas - ok
16:38:33.0536 5960        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:38:33.0567 5960        MegaSR - ok
16:38:33.0598 5960        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:38:33.0692 5960        MMCSS - ok
16:38:33.0707 5960        Modem          (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:38:33.0785 5960        Modem - ok
16:38:33.0816 5960        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:38:33.0863 5960        monitor - ok
16:38:33.0910 5960        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:38:33.0926 5960        mouclass - ok
16:38:33.0972 5960        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:38:34.0004 5960        mouhid - ok
16:38:34.0035 5960        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:38:34.0066 5960        mountmgr - ok
16:38:34.0191 5960        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:38:34.0222 5960        MozillaMaintenance - ok
16:38:34.0269 5960        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:38:34.0316 5960        mpio - ok
16:38:34.0362 5960        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:38:34.0456 5960        mpsdrv - ok
16:38:34.0581 5960        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:38:34.0690 5960        MpsSvc - ok
16:38:34.0737 5960        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:38:34.0799 5960        MRxDAV - ok
16:38:34.0846 5960        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:38:34.0908 5960        mrxsmb - ok
16:38:34.0971 5960        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:38:35.0018 5960        mrxsmb10 - ok
16:38:35.0049 5960        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:38:35.0080 5960        mrxsmb20 - ok
16:38:35.0096 5960        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:38:35.0127 5960        msahci - ok
16:38:35.0174 5960        msdsm          (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:38:35.0205 5960        msdsm - ok
16:38:35.0252 5960        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:38:35.0314 5960        MSDTC - ok
16:38:35.0361 5960        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:38:35.0439 5960        Msfs - ok
16:38:35.0454 5960        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:38:35.0532 5960        mshidkmdf - ok
16:38:35.0532 5960        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:38:35.0564 5960        msisadrv - ok
16:38:35.0610 5960        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:38:35.0704 5960        MSiSCSI - ok
16:38:35.0720 5960        msiserver - ok
16:38:35.0735 5960        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:38:35.0829 5960        MSKSSRV - ok
16:38:35.0844 5960        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:38:35.0922 5960        MSPCLOCK - ok
16:38:35.0938 5960        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:38:36.0032 5960        MSPQM - ok
16:38:36.0094 5960        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:38:36.0141 5960        MsRPC - ok
16:38:36.0172 5960        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
16:38:36.0188 5960        mssmbios - ok
16:38:36.0219 5960        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:38:36.0312 5960        MSTEE - ok
16:38:36.0344 5960        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:38:36.0375 5960        MTConfig - ok
16:38:36.0406 5960        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:38:36.0437 5960        Mup - ok
16:38:36.0515 5960        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:38:36.0640 5960        napagent - ok
16:38:36.0687 5960        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:38:36.0749 5960        NativeWifiP - ok
16:38:36.0874 5960        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:38:36.0936 5960        NDIS - ok
16:38:36.0952 5960        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:38:37.0030 5960        NdisCap - ok
16:38:37.0046 5960        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:38:37.0124 5960        NdisTapi - ok
16:38:37.0155 5960        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:38:37.0248 5960        Ndisuio - ok
16:38:37.0295 5960        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:38:37.0373 5960        NdisWan - ok
16:38:37.0404 5960        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:38:37.0498 5960        NDProxy - ok
16:38:37.0514 5960        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:38:37.0623 5960        NetBIOS - ok
16:38:37.0670 5960        NetBT          (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:38:37.0763 5960        NetBT - ok
16:38:37.0794 5960        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:38:37.0826 5960        Netlogon - ok
16:38:37.0904 5960        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:38:37.0997 5960        Netman - ok
16:38:38.0091 5960        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:38:38.0200 5960        netprofm - ok
16:38:38.0294 5960        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:38:38.0309 5960        NetTcpPortSharing - ok
16:38:38.0777 5960        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
16:38:39.0011 5960        netw5v64 - ok
16:38:39.0167 5960        nfrd960        (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:38:39.0198 5960        nfrd960 - ok
16:38:39.0245 5960        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:38:39.0339 5960        NlaSvc - ok
16:38:39.0370 5960        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:38:39.0448 5960        Npfs - ok
16:38:39.0479 5960        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:38:39.0573 5960        nsi - ok
16:38:39.0604 5960        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:38:39.0698 5960        nsiproxy - ok
16:38:39.0900 5960        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:38:40.0010 5960        Ntfs - ok
16:38:40.0166 5960        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:38:40.0259 5960        Null - ok
16:38:40.0306 5960        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:38:40.0337 5960        nvraid - ok
16:38:40.0368 5960        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:38:40.0400 5960        nvstor - ok
16:38:40.0431 5960        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:38:40.0462 5960        nv_agp - ok
16:38:40.0509 5960        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:38:40.0540 5960        ohci1394 - ok
16:38:40.0665 5960        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:38:40.0680 5960        ose - ok
16:38:41.0164 5960        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:38:41.0398 5960        osppsvc - ok
16:38:41.0570 5960        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:38:41.0632 5960        p2pimsvc - ok
16:38:41.0710 5960        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:38:41.0741 5960        p2psvc - ok
16:38:41.0866 5960        Parport        (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:38:41.0897 5960        Parport - ok
16:38:41.0944 5960        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
16:38:41.0975 5960        partmgr - ok
16:38:42.0022 5960        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:38:42.0084 5960        PcaSvc - ok
16:38:42.0131 5960        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:38:42.0162 5960        pci - ok
16:38:42.0209 5960        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
16:38:42.0240 5960        pciide - ok
16:38:42.0287 5960        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:38:42.0318 5960        pcmcia - ok
16:38:42.0350 5960        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:38:42.0381 5960        pcw - ok
16:38:42.0459 5960        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:38:42.0568 5960        PEAUTH - ok
16:38:42.0693 5960        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:38:42.0724 5960        PerfHost - ok
16:38:42.0958 5960        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:38:43.0098 5960        pla - ok
16:38:43.0176 5960        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:38:43.0239 5960        PlugPlay - ok
16:38:43.0270 5960        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:38:43.0317 5960        PNRPAutoReg - ok
16:38:43.0364 5960        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:38:43.0410 5960        PNRPsvc - ok
16:38:43.0473 5960        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:38:43.0566 5960        PolicyAgent - ok
16:38:43.0629 5960        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:38:43.0722 5960        Power - ok
16:38:43.0832 5960        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:38:43.0910 5960        PptpMiniport - ok
16:38:43.0941 5960        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:38:43.0988 5960        Processor - ok
16:38:44.0034 5960        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
16:38:44.0128 5960        ProfSvc - ok
16:38:44.0175 5960        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:38:44.0206 5960        ProtectedStorage - ok
16:38:44.0253 5960        Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:38:44.0331 5960        Psched - ok
16:38:44.0409 5960        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys
16:38:44.0424 5960        PSI - ok
16:38:44.0424 5960        PS_MDP - ok
16:38:44.0627 5960        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:38:44.0721 5960        ql2300 - ok
16:38:44.0908 5960        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:38:44.0939 5960        ql40xx - ok
16:38:45.0002 5960        QWAVE          (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:38:45.0064 5960        QWAVE - ok
16:38:45.0080 5960        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:38:45.0126 5960        QWAVEdrv - ok
16:38:45.0142 5960        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:38:45.0220 5960        RasAcd - ok
16:38:45.0267 5960        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:38:45.0345 5960        RasAgileVpn - ok
16:38:45.0392 5960        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:38:45.0470 5960        RasAuto - ok
16:38:45.0516 5960        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:38:45.0594 5960        Rasl2tp - ok
16:38:45.0657 5960        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:38:45.0750 5960        RasMan - ok
16:38:45.0782 5960        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:38:45.0875 5960        RasPppoe - ok
16:38:45.0891 5960        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:38:45.0969 5960        RasSstp - ok
16:38:46.0031 5960        rdbss          (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:38:46.0125 5960        rdbss - ok
16:38:46.0156 5960        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:38:46.0203 5960        rdpbus - ok
16:38:46.0218 5960        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:38:46.0312 5960        RDPCDD - ok
16:38:46.0328 5960        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:38:46.0406 5960        RDPENCDD - ok
16:38:46.0421 5960        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:38:46.0499 5960        RDPREFMP - ok
16:38:46.0562 5960        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
16:38:46.0624 5960        RDPWD - ok
16:38:46.0686 5960        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:38:46.0718 5960        rdyboost - ok
16:38:46.0718 5960        ReadyComm.DirectRouter - ok
16:38:46.0780 5960        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:38:46.0874 5960        RemoteAccess - ok
16:38:46.0936 5960        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:38:47.0045 5960        RemoteRegistry - ok
16:38:47.0092 5960        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
16:38:47.0139 5960        RFCOMM - ok
16:38:47.0154 5960        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:38:47.0248 5960        RpcEptMapper - ok
16:38:47.0279 5960        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:38:47.0326 5960        RpcLocator - ok
16:38:47.0420 5960        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:38:47.0513 5960        RpcSs - ok
16:38:47.0560 5960        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:38:47.0638 5960        rspndr - ok
16:38:47.0700 5960        RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\windows\system32\drivers\RtHDMIVX.sys
16:38:47.0716 5960        RTHDMIAzAudService - ok
16:38:47.0763 5960        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:38:47.0778 5960        SamSs - ok
16:38:47.0841 5960        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:38:47.0872 5960        sbp2port - ok
16:38:47.0934 5960        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:38:48.0028 5960        SCardSvr - ok
16:38:48.0059 5960        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:38:48.0153 5960        scfilter - ok
16:38:48.0309 5960        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:38:48.0434 5960        Schedule - ok
16:38:48.0496 5960        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:38:48.0574 5960        SCPolicySvc - ok
16:38:48.0621 5960        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
16:38:48.0652 5960        sdbus - ok
16:38:48.0714 5960        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:38:48.0777 5960        SDRSVC - ok
16:38:48.0808 5960        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:38:48.0902 5960        secdrv - ok
16:38:48.0948 5960        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:38:49.0026 5960        seclogon - ok
16:38:49.0338 5960        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
16:38:49.0385 5960        Secunia PSI Agent - ok
16:38:49.0479 5960        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
16:38:49.0526 5960        Secunia Update Agent - ok
16:38:49.0682 5960        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:38:49.0775 5960        SENS - ok
16:38:49.0806 5960        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:38:49.0853 5960        SensrSvc - ok
16:38:49.0947 5960        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:38:49.0978 5960        Serenum - ok
16:38:50.0009 5960        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:38:50.0056 5960        Serial - ok
16:38:50.0087 5960        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:38:50.0134 5960        sermouse - ok
16:38:50.0196 5960        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:38:50.0306 5960        SessionEnv - ok
16:38:50.0321 5960        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:38:50.0384 5960        sffdisk - ok
16:38:50.0399 5960        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:38:50.0430 5960        sffp_mmc - ok
16:38:50.0446 5960        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:38:50.0493 5960        sffp_sd - ok
16:38:50.0524 5960        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:38:50.0555 5960        sfloppy - ok
16:38:50.0664 5960        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
16:38:50.0711 5960        Sftfs - ok
16:38:50.0883 5960        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:38:50.0914 5960        sftlist - ok
16:38:50.0961 5960        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:38:50.0992 5960        Sftplay - ok
16:38:51.0008 5960        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:38:51.0023 5960        Sftredir - ok
16:38:51.0054 5960        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
16:38:51.0070 5960        Sftvol - ok
16:38:51.0101 5960        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:38:51.0132 5960        sftvsa - ok
16:38:51.0242 5960        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:38:51.0335 5960        SharedAccess - ok
16:38:51.0413 5960        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:38:51.0507 5960        ShellHWDetection - ok
16:38:51.0538 5960        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:38:51.0554 5960        SiSRaid2 - ok
16:38:51.0585 5960        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:38:51.0616 5960        SiSRaid4 - ok
16:38:51.0710 5960        Slidebar Notifier Service (ad2fa5cb9e9ebf668786ccdae5cfe458) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
16:38:51.0725 5960        Slidebar Notifier Service - ok
16:38:51.0756 5960        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:38:51.0834 5960        Smb - ok
16:38:51.0897 5960        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:38:51.0944 5960        SNMPTRAP - ok
16:38:51.0990 5960        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:38:52.0006 5960        spldr - ok
16:38:52.0115 5960        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:38:52.0209 5960        Spooler - ok
16:38:52.0552 5960        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:38:52.0786 5960        sppsvc - ok
16:38:52.0911 5960        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:38:53.0020 5960        sppuinotify - ok
16:38:53.0129 5960        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:38:53.0192 5960        srv - ok
16:38:53.0238 5960        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:38:53.0301 5960        srv2 - ok
16:38:53.0348 5960        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:38:53.0363 5960        srvnet - ok
16:38:53.0426 5960        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:38:53.0535 5960        SSDPSRV - ok
16:38:53.0582 5960        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:38:53.0675 5960        SstpSvc - ok
16:38:53.0722 5960        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:38:53.0738 5960        stexstor - ok
16:38:53.0831 5960        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:38:53.0909 5960        stisvc - ok
16:38:53.0940 5960        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
16:38:53.0956 5960        swenum - ok
16:38:54.0034 5960        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:38:54.0143 5960        swprv - ok
16:38:54.0221 5960        SynTP          (c7e556d216cc864e24ffa797b5c1dd14) C:\windows\system32\DRIVERS\SynTP.sys
16:38:54.0252 5960        SynTP - ok
16:38:54.0471 5960        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:38:54.0580 5960        SysMain - ok
16:38:54.0736 5960        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:38:54.0798 5960        TabletInputService - ok
16:38:54.0861 5960        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:38:54.0970 5960        TapiSrv - ok
16:38:55.0017 5960        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:38:55.0095 5960        TBS - ok
16:38:55.0360 5960        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
16:38:55.0454 5960        Tcpip - ok
16:38:55.0797 5960        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
16:38:55.0890 5960        TCPIP6 - ok
16:38:56.0046 5960        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:38:56.0124 5960        tcpipreg - ok
16:38:56.0171 5960        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:38:56.0202 5960        TDPIPE - ok
16:38:56.0249 5960        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:38:56.0280 5960        TDTCP - ok
16:38:56.0327 5960        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:38:56.0421 5960        tdx - ok
16:38:56.0468 5960        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
16:38:56.0483 5960        TermDD - ok
16:38:56.0577 5960        TermService    (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:38:56.0686 5960        TermService - ok
16:38:56.0733 5960        Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:38:56.0780 5960        Themes - ok
16:38:56.0842 5960        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:38:56.0920 5960        THREADORDER - ok
16:38:57.0029 5960        TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:38:57.0045 5960        TomTomHOMEService - ok
16:38:57.0092 5960        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:38:57.0201 5960        TrkWks - ok
16:38:57.0279 5960        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:38:57.0341 5960        TrustedInstaller - ok
16:38:57.0435 5960        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:38:57.0497 5960        tssecsrv - ok
16:38:57.0544 5960        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:38:57.0575 5960        TsUsbFlt - ok
16:38:57.0825 5960        TuneUp.UtilitiesSvc (53c9d93d159ee9ff3e23a7bfafa9cf9e) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
16:38:57.0934 5960        TuneUp.UtilitiesSvc - ok
16:38:58.0043 5960        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
16:38:58.0059 5960        TuneUpUtilitiesDrv - ok
16:38:58.0230 5960        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:38:58.0324 5960        tunnel - ok
16:38:58.0371 5960        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:38:58.0402 5960        uagp35 - ok
16:38:58.0464 5960        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:38:58.0574 5960        udfs - ok
16:38:58.0636 5960        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:38:58.0683 5960        UI0Detect - ok
16:38:58.0730 5960        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:38:58.0745 5960        uliagpkx - ok
16:38:58.0792 5960        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
16:38:58.0839 5960        umbus - ok
16:38:58.0870 5960        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:38:58.0901 5960        UmPass - ok
16:38:59.0166 5960        UNS            (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:38:59.0291 5960        UNS - ok
16:38:59.0447 5960        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:38:59.0525 5960        upnphost - ok
16:38:59.0603 5960        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
16:38:59.0650 5960        USBAAPL64 - ok
16:38:59.0697 5960        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:38:59.0759 5960        usbccgp - ok
16:38:59.0790 5960        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:38:59.0837 5960        usbcir - ok
16:38:59.0868 5960        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
16:38:59.0915 5960        usbehci - ok
16:38:59.0978 5960        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:39:00.0024 5960        usbhub - ok
16:39:00.0056 5960        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:39:00.0102 5960        usbohci - ok
16:39:00.0134 5960        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:39:00.0180 5960        usbprint - ok
16:39:00.0212 5960        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:39:00.0258 5960        usbscan - ok
16:39:00.0321 5960        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:39:00.0368 5960        USBSTOR - ok
16:39:00.0399 5960        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:39:00.0430 5960        usbuhci - ok
16:39:00.0570 5960        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
16:39:00.0633 5960        usbvideo - ok
16:39:00.0680 5960        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:39:00.0773 5960        UxSms - ok
16:39:00.0804 5960        UxTuneUp        (951a30e6efb1a2a2d3bb842807661863) C:\windows\System32\uxtuneup.dll
16:39:00.0836 5960        UxTuneUp - ok
16:39:00.0867 5960        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:39:00.0898 5960        VaultSvc - ok
16:39:00.0945 5960        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:39:00.0960 5960        vdrvroot - ok
16:39:01.0054 5960        vds            (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:39:01.0148 5960        vds - ok
16:39:01.0194 5960        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:39:01.0226 5960        vga - ok
16:39:01.0257 5960        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:39:01.0335 5960        VgaSave - ok
16:39:01.0397 5960        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:39:01.0444 5960        vhdmp - ok
16:39:01.0460 5960        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:39:01.0491 5960        viaide - ok
16:39:01.0553 5960        vm332avs        (f9126b4a657924f523e45c3ca8081b5e) C:\windows\system32\Drivers\vm332avs.sys
16:39:01.0584 5960        vm332avs - ok
16:39:01.0616 5960        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:39:01.0647 5960        volmgr - ok
16:39:01.0709 5960        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:39:01.0740 5960        volmgrx - ok
16:39:01.0772 5960        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:39:01.0818 5960        volsnap - ok
16:39:01.0865 5960        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:39:01.0896 5960        vsmraid - ok
16:39:02.0084 5960        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:39:02.0224 5960        VSS - ok
16:39:02.0442 5960        vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
16:39:02.0489 5960        vToolbarUpdater10.2.0 - ok
16:39:02.0692 5960        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:39:02.0739 5960        vwifibus - ok
16:39:02.0770 5960        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:39:02.0801 5960        vwififlt - ok
16:39:02.0832 5960        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:39:02.0879 5960        vwifimp - ok
16:39:02.0973 5960        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:39:03.0082 5960        W32Time - ok
16:39:03.0129 5960        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:39:03.0176 5960        WacomPen - ok
16:39:03.0222 5960        WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:39:03.0300 5960        WANARP - ok
16:39:03.0300 5960        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:39:03.0378 5960        Wanarpv6 - ok
16:39:03.0566 5960        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:39:03.0644 5960        WatAdminSvc - ok
16:39:03.0831 5960        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:39:03.0956 5960        wbengine - ok
16:39:04.0143 5960        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:39:04.0190 5960        WbioSrvc - ok
16:39:04.0283 5960        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:39:04.0346 5960        wcncsvc - ok
16:39:04.0361 5960        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:39:04.0408 5960        WcsPlugInService - ok
16:39:04.0502 5960        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:39:04.0517 5960        Wd - ok
16:39:04.0611 5960        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:39:04.0658 5960        Wdf01000 - ok
16:39:04.0736 5960        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:39:04.0845 5960        WdiServiceHost - ok
16:39:04.0860 5960        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:39:04.0907 5960        WdiSystemHost - ok
16:39:04.0954 5960        wdmirror        (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
16:39:04.0970 5960        wdmirror - ok
16:39:05.0048 5960        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:39:05.0126 5960        WebClient - ok
16:39:05.0172 5960        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:39:05.0266 5960        Wecsvc - ok
16:39:05.0313 5960        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:39:05.0406 5960        wercplsupport - ok
16:39:05.0438 5960        WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:39:05.0531 5960        WerSvc - ok
16:39:05.0562 5960        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:39:05.0640 5960        WfpLwf - ok
16:39:05.0703 5960        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
16:39:05.0750 5960        WimFltr - ok
16:39:05.0781 5960        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:39:05.0796 5960        WIMMount - ok
16:39:05.0890 5960        WinDefend - ok
16:39:05.0906 5960        WinHttpAutoProxySvc - ok
16:39:06.0015 5960        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:39:06.0108 5960        Winmgmt - ok
16:39:06.0311 5960        WinRM          (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:39:06.0483 5960        WinRM - ok
16:39:06.0670 5960        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
16:39:06.0717 5960        WinUsb - ok
16:39:06.0826 5960        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:39:06.0904 5960        Wlansvc - ok
16:39:06.0966 5960        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:39:06.0998 5960        wlcrasvc - ok
16:39:07.0232 5960        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:39:07.0325 5960        wlidsvc - ok
16:39:07.0497 5960        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:39:07.0528 5960        WmiAcpi - ok
16:39:07.0622 5960        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:39:07.0668 5960        wmiApSrv - ok
16:39:07.0746 5960        WMPNetworkSvc - ok
16:39:07.0793 5960        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:39:07.0824 5960        WPCSvc - ok
16:39:07.0871 5960        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:39:07.0902 5960        WPDBusEnum - ok
16:39:07.0949 5960        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:39:08.0043 5960        ws2ifsl - ok
16:39:08.0090 5960        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
16:39:08.0152 5960        wscsvc - ok
16:39:08.0152 5960        WSearch - ok
16:39:08.0230 5960        wsvd            (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
16:39:08.0246 5960        wsvd - ok
16:39:08.0480 5960        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
16:39:08.0651 5960        wuauserv - ok
16:39:08.0807 5960        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:39:08.0901 5960        WudfPf - ok
16:39:08.0979 5960        WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:39:09.0057 5960        WUDFRd - ok
16:39:09.0104 5960        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:39:09.0197 5960        wudfsvc - ok
16:39:09.0244 5960        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:39:09.0322 5960        WwanSvc - ok
16:39:09.0384 5960        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:39:09.0525 5960        \Device\Harddisk0\DR0 - ok
16:39:09.0540 5960        Boot (0x1200)  (1a5499a489a93a5b85a162e15dcad1d4) \Device\Harddisk0\DR0\Partition0
16:39:09.0540 5960        \Device\Harddisk0\DR0\Partition0 - ok
16:39:09.0572 5960        Boot (0x1200)  (fcf53448d3a816c272f840ea22e26eb9) \Device\Harddisk0\DR0\Partition1
16:39:09.0572 5960        \Device\Harddisk0\DR0\Partition1 - ok
16:39:09.0618 5960        Boot (0x1200)  (ecc39624a5beebb39a8c8dcaf999ff6c) \Device\Harddisk0\DR0\Partition2
16:39:09.0618 5960        \Device\Harddisk0\DR0\Partition2 - ok
16:39:09.0618 5960        ============================================================
16:39:09.0618 5960        Scan finished
16:39:09.0618 5960        ============================================================
16:39:09.0634 1156        Detected object count: 0
16:39:09.0634 1156        Actual detected object count: 0

cosinus 15.05.2012 19:47
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Youtek 15.05.2012 20:25
Combofix Logfile:
Code:
ComboFix 12-05-15.04 - Matthias 15.05.2012  21:06:19.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4029.2360 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthias\4.0
c:\windows\s.bat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-15 bis 2012-05-15  ))))))))))))))))))))))))))))))
.
.
2012-05-15 19:16 . 2012-05-15 19:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-15 19:11 . 2012-05-15 19:11        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B51E308-0298-4F5B-937B-B81FB7AFB76D}\offreg.dll
2012-05-15 08:46 . 2012-05-15 08:48        --------        d-----w-        c:\users\Standard
2012-05-15 08:33 . 2012-05-15 08:33        --------        d-----w-        c:\program files (x86)\FileHippo.com
2012-05-15 08:29 . 2012-05-15 08:29        --------        d-----w-        c:\users\Matthias\AppData\Local\Secunia PSI
2012-05-15 08:29 . 2012-05-15 08:29        --------        d-----w-        c:\program files (x86)\Secunia
2012-05-15 08:17 . 2012-03-06 23:04        337240        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-05-15 08:17 . 2012-03-06 23:01        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-05-15 08:17 . 2012-03-06 23:02        53080        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-05-15 08:17 . 2012-03-06 23:01        59224        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-05-15 08:17 . 2012-03-06 23:15        258520        ----a-w-        c:\windows\system32\aswBoot.exe
2012-05-15 08:17 . 2012-03-06 23:04        819032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-05-15 08:17 . 2012-03-06 23:01        69976        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-05-15 08:17 . 2012-03-06 23:15        41184        ----a-w-        c:\windows\avastSS.scr
2012-05-15 08:17 . 2012-03-06 23:15        201352        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-05-15 08:16 . 2012-05-15 08:16        --------        d-----w-        c:\programdata\AVAST Software
2012-05-15 08:16 . 2012-05-15 08:16        --------        d-----w-        c:\program files\AVAST Software
2012-05-15 07:56 . 2012-04-13 08:46        8917360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B51E308-0298-4F5B-937B-B81FB7AFB76D}\mpengine.dll
2012-05-14 19:58 . 2012-05-14 19:58        --------        d-----w-        c:\program files (x86)\ESET
2012-05-14 19:09 . 2012-05-14 19:09        --------        d-----w-        c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-05-14 19:09 . 2012-05-14 19:09        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-14 19:09 . 2012-05-14 19:09        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-14 19:09 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-12 13:02 . 2010-11-20 13:24        345088        ----a-w-        c:\windows\system32\utilman.exe
2012-05-11 17:27 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-11 17:27 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-11 17:27 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-11 17:27 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 17:27 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:27 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:26 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:26 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:26 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:26 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:26 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:26 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:21 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-06 10:22 . 2012-05-06 10:22        --------        d-----w-        c:\users\Matthias\AppData\Local\Pop Art Studio 6.2
2012-04-26 19:10 . 2012-04-26 19:10        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 19:10 . 2012-04-26 19:10        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 19:10 . 2012-04-26 19:10        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 19:44 . 2012-04-23 19:44        --------        d-----w-        c:\users\Matthias\AppData\Roaming\Buhl Data Service
2012-04-19 15:27 . 2012-04-22 11:54        --------        d-----w-        C:\EasyFit
2012-04-19 15:27 . 2012-04-19 15:27        --------        d-----w-        c:\windows\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 07:40 . 2012-04-09 06:36        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 07:40 . 2011-06-17 06:29        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 07:40 . 2012-04-14 16:51        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-26 23:42 . 2012-03-26 23:42        138360        ----a-w-        c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-26 23:42 . 2012-03-26 23:42        138360        ----a-w-        c:\windows\system32\drivers\AnyDVD.sys
2012-03-01 06:46 . 2012-04-12 14:37        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 14:37        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 14:37        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 14:37        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 14:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:37        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:37        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 14:40        2311168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 14:40        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 14:40        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 14:40        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 14:40        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:40        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:40        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:40        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2011-08-17 19:18        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 16:49        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:49        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:49        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:49        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 08:39        1869152        ----a-w-        c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Matthias\AppData\Local\Apps\2.0\5DY8XN5W.10T\WK1MNX5E.NH5\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-07-30 147456]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-19 6033016]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"332BigDog"=c:\program files (x86)\USB Camera2\VM332_STI.EXE
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"MuteSync"=c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R4 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs        REG_MULTI_SZ          ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 07:40]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 10:59]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 10:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15        135408        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={586E81BF-9D15-4ABC-AECE-3A70E96FC514}&mid=dac42fd0189647d194813d1cbf3a05d0-12682e749f182146867c1e92ae1af7c87d0b9d66&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\756aosek.default\
FF - prefs.js: browser.search.selectedEngine - Suche
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bead0e4a6-e975-43cc-b872-ea67ffc49d48%7D&mid=dac42fd0189647d194813d1cbf3a05d0-12682e749f182146867c1e92ae1af7c87d0b9d66&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-14%2020%3A41%3A06&sap=ku&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-15  21:21:52
ComboFix-quarantined-files.txt  2012-05-15 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 402.166.456.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 401.699.741.696 Bytes frei
.
- - End Of File - - D51CA5A0958C531325E41840D1699ED7
--- --- ---

@cosinus

nur mal so zwischendurch....vielen, vielen Dank das du mir bei der Sache so hilfst. Bin dir echt dankbar das du dir die Zeit nimmst :daumenhoc:applaus:

cosinus 16.05.2012 12:01
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Youtek 16.05.2012 13:08
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-16 13:49:32
-----------------------------
13:49:32.384    OS Version: Windows x64 6.1.7601 Service Pack 1
13:49:32.384    Number of processors: 8 586 0x1E05
13:49:32.384    ComputerName: MATTHIAS-PC  UserName: Matthias
13:49:34.927    Initialize success
13:49:35.036    AVAST engine defs: 12051600
13:50:19.653    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:50:19.669    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:50:19.669    Disk 0 MBR read successfully
13:50:19.684    Disk 0 MBR scan
13:50:19.684    Disk 0 Windows VISTA default MBR code
13:50:19.700    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
13:50:19.715    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      430420 MB offset 411648
13:50:19.731    Disk 0 Partition - 00    0F Extended LBA            31210 MB offset 881911808
13:50:19.762    Disk 0 Partition 3 00    12  Compaq diag NTFS        15109 MB offset 945829888
13:50:19.809    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS        31209 MB offset 881913856
13:50:19.856    Disk 0 scanning C:\windows\system32\drivers
13:50:28.233    Service scanning
13:51:22.630    Modules scanning
13:51:22.646    Disk 0 trace - called modules:
13:51:22.662    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:51:22.677    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b82790]
13:51:22.693    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b6c050]
13:51:25.142    AVAST engine scan C:\windows
13:51:29.510    AVAST engine scan C:\windows\system32
13:53:52.516    AVAST engine scan C:\windows\system32\drivers
13:54:05.090    AVAST engine scan C:\Users\Matthias
14:00:16.173    AVAST engine scan C:\ProgramData
14:01:16.545    Scan finished successfully
14:06:39.586    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
14:06:39.601    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19