Trojaner-Board - Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen (https://www.trojaner-board.de/154403-windows-7-64bit-virus-trojaner-rotkit-wegzubekokmen.html)

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Hallo, ich habe jetzt schon seit bestimmt einer Woche das Problem, dass mein PC und Laptop befallen sind. Schon Kaspersky, Avira und AVG mit jeweiligem Rescue Disks zur Hilfe genommen, aber die Malware umgeht das alles.

FRST64:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02

Ran by ADMIN (administrator) on ADMIN-PC on 27-05-2014 01:46:26

Running from E:\scans

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

() E:\scans\Defogger.exe
 
 

==================== Registry (Whitelisted) ==================
 
 

==================== Internet (Whitelisted) ====================
 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
 

FireFox:

========
 

==================== Services (Whitelisted) =================
 
 

==================== Drivers (Whitelisted) ====================
 

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-27 02:36 - 2014-05-27 01:43 - 00000000 ____D () C:\Windows\Panther

2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST

2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable

2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-05-27 01:43 - 2014-05-27 01:46 - 00000000 ____D () C:\Users\ADMIN

2014-05-27 01:43 - 2014-05-27 01:44 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore

2014-05-27 01:43 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-05-27 01:43 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2014-05-27 01:39 - 2014-05-27 01:45 - 00007696 _____ () C:\Windows\WindowsUpdate.log
 

==================== One Month Modified Files and Folders =======
 

2014-05-27 02:36 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG

2014-05-27 02:36 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST

2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable

2014-05-27 01:46 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN

2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-05-27 01:45 - 2014-05-27 01:39 - 00007696 _____ () C:\Windows\WindowsUpdate.log

2014-05-27 01:45 - 2009-07-14 06:51 - 00022393 _____ () C:\Windows\setupact.log

2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-05-27 01:44 - 2014-05-27 01:43 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-27 01:43 - 2014-05-27 02:36 - 00000000 ____D () C:\Windows\Panther

2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery

2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore

2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery

2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT

2014-05-27 01:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-27 01:42 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-27 01:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2014-05-27 01:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-27 01:40 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log

2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-05-27 01:37 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
 
 

LastRegBack: 2014-05-27 01:36
 

==================== End Of Log ============================

--- --- ---

[/CODE]

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02

Ran by ADMIN at 2014-05-27 01:46:45

Running from E:\scans

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe

Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-05-26 22:28 - 2014-05-26 22:28 - 00050477 _____ () E:\scans\Defogger.exe
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: Ethernet-Controller

Description: Ethernet-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: Netzwerkcontroller

Description: Netzwerkcontroller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: SM-Bus-Controller

Description: SM-Bus-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: PCI-Kommunikationscontroller (einfach)

Description: PCI-Kommunikationscontroller (einfach)

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (05/27/2014 01:42:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 
 

Microsoft Office Sessions:

=========================

Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 21%

Total physical RAM: 4076.67 MB

Available physical RAM: 3211.14 MB

Total Pagefile: 8151.54 MB

Available Pagefile: 7258.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:95 GB) (Free:80.71 GB) NTFS

Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:213.79 GB) NTFS

Drive e: () (Removable) (Total:3.69 GB) (Free:1.75 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=95 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=347 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 

==================== End Of Log ============================

GMER:

Code:



GMER Logfile:
 

        Code:


        
GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-05-27 02:50:42

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB

Running: h735myn9s.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\aglorpod.sys
 
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\System32\svchost.exe [224:716]  000007fef7ba9688
 

---- EOF - GMER 2.1 ----

 
--- --- ---

Nachtrag: OTL

Code:

OTL logfile created on: 27.05.2014 02:51:12 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = F:\scans

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,43% Memory free

7,96 Gb Paging File | 7,23 Gb Available in Paging File | 90,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 95,00 Gb Total Space | 80,67 Gb Free Space | 84,91% Space Free | Partition Type: NTFS

Drive D: | 340,31 Gb Total Space | 213,79 Gb Free Space | 62,82% Space Free | Partition Type: NTFS

Drive F: | 3,69 Gb Total Space | 1,75 Gb Free Space | 47,51% Space Free | Partition Type: FAT32

 

Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2014.05.26 00:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\scans\OTL.exe

PRC - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014.05.27 02:36:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2014.05.27 02:34:50 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.05.27 02:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014.05.27 02:34:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014.05.27 02:34:32 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014.05.27 02:34:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014.05.27 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Programs

[2014.05.27 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics

[2014.05.27 02:10:09 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Diagnostics

[2014.05.27 02:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014.05.27 01:46:23 | 000,000,000 | ---D | C] -- C:\FRST

[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Searches

[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2014.05.27 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Identities

[2014.05.27 01:43:43 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Contacts

[2014.05.27 01:43:42 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\VirtualStore

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Vorlagen

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Verlauf

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Temporary Internet Files

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Startmenü

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\SendTo

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Recent

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Netzwerkumgebung

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Lokale Einstellungen

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Videos

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Musik

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Eigene Dateien

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Bilder

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Druckumgebung

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Cookies

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Anwendungsdaten

[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Anwendungsdaten

[2014.05.27 01:43:29 | 000,000,000 | --SD | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Videos

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Saved Games

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Pictures

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Music

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Links

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Favorites

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Downloads

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Documents

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Desktop

[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2014.05.27 01:43:29 | 000,000,000 | -H-D | C] -- C:\Users\ADMIN\AppData

[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Temp

[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Microsoft

[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Recovery

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Programme

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2014.05.27 01:39:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2014.05.27 01:37:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2014.05.27 01:36:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information

 
 ========== Files - Modified Within 30 Days ==========

 

[2014.05.27 02:36:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.05.27 02:34:59 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014.05.27 02:34:59 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2014.05.27 02:34:59 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014.05.27 02:34:59 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2014.05.27 02:34:59 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014.05.27 02:34:34 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014.05.27 02:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014.05.27 02:12:37 | 3206,025,216 | -HS- | M] () -- C:\hiberfil.sys

[2014.05.27 02:12:14 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014.05.27 02:12:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014.05.27 01:46:08 | 000,000,000 | ---- | M] () -- C:\Users\ADMIN\defogger_reenable

[2014.05.27 01:45:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2014.05.27 01:42:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2014.05.27 02:34:34 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014.05.27 01:46:08 | 000,000,000 | ---- | C] () -- C:\Users\ADMIN\defogger_reenable

[2014.05.27 01:45:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2014.05.27 01:44:03 | 000,001,405 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2014.05.27 01:43:57 | 000,001,439 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2014.05.27 01:40:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2014.05.27 01:40:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2014.05.27 01:36:51 | 3206,025,216 | -HS- | C] () -- C:\hiberfil.sys

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

 
 ========== Purity Check ==========

 

 
 

< End of report >

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Vielen Dank für deine Hilfe. Habe jetzt beides ausgeführt, es wird aber nichts gefunden. Hier die Logs:

Code:

15:28:45.0796 0x0a24  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03

15:28:50.0632 0x0a24  ============================================================

15:28:50.0632 0x0a24  Current date / time: 2014/05/27 15:28:50.0632

15:28:50.0632 0x0a24  SystemInfo:

15:28:50.0632 0x0a24  

15:28:50.0632 0x0a24  OS Version: 6.1.7601 ServicePack: 1.0

15:28:50.0632 0x0a24  Product type: Workstation

15:28:50.0632 0x0a24  ComputerName: ADMIN-PC

15:28:50.0632 0x0a24  UserName: ADMIN

15:28:50.0632 0x0a24  Windows directory: C:\Windows

15:28:50.0632 0x0a24  System windows directory: C:\Windows

15:28:50.0632 0x0a24  Running under WOW64

15:28:50.0632 0x0a24  Processor architecture: Intel x64

15:28:50.0632 0x0a24  Number of processors: 4

15:28:50.0632 0x0a24  Page size: 0x1000

15:28:50.0632 0x0a24  Boot type: Normal boot

15:28:50.0632 0x0a24  ============================================================

15:28:52.0067 0x0a24  KLMD registered as C:\Windows\system32\drivers\83123767.sys

15:28:52.0130 0x0a24  System UUID: {C0BB3A22-3905-349D-43B2-13731DA10A43}

15:28:52.0535 0x0a24  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:28:52.0551 0x0a24  Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:28:52.0551 0x0a24  ============================================================

15:28:52.0551 0x0a24  \Device\Harddisk0\DR0:

15:28:52.0551 0x0a24  MBR partitions:

15:28:52.0551 0x0a24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:28:52.0551 0x0a24  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBE02800

15:28:52.0566 0x0a24  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC33000, BlocksNum 0x2A8A0800

15:28:52.0566 0x0a24  \Device\Harddisk1\DR2:

15:28:52.0566 0x0a24  MBR partitions:

15:28:52.0566 0x0a24  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x762BC1

15:28:52.0566 0x0a24  ============================================================

15:28:52.0613 0x0a24  C: <-> \Device\Harddisk0\DR0\Partition2

15:28:52.0660 0x0a24  D: <-> \Device\Harddisk0\DR0\Partition3

15:28:52.0660 0x0a24  ============================================================

15:28:52.0660 0x0a24  Initialize success

15:28:52.0660 0x0a24  ============================================================

15:29:18.0946 0x0908  ============================================================

15:29:18.0946 0x0908  Scan started

15:29:18.0946 0x0908  Mode: Manual; SigCheck; TDLFS; 

15:29:18.0946 0x0908  ============================================================

15:29:18.0946 0x0908  KSN ping started

15:29:21.0629 0x0908  KSN ping finished: true

15:29:22.0082 0x0908  ================ Scan system memory ========================

15:29:22.0082 0x0908  System memory - ok

15:29:22.0082 0x0908  ================ Scan services =============================

15:29:22.0253 0x0908  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

15:29:22.0347 0x0908  1394ohci - ok

15:29:22.0362 0x0908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

15:29:22.0378 0x0908  ACPI - ok

15:29:22.0394 0x0908  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

15:29:22.0425 0x0908  AcpiPmi - ok

15:29:22.0472 0x0908  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

15:29:22.0487 0x0908  adp94xx - ok

15:29:22.0503 0x0908  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys

15:29:22.0518 0x0908  adpahci - ok

15:29:22.0518 0x0908  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

15:29:22.0534 0x0908  adpu320 - ok

15:29:22.0565 0x0908  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

15:29:22.0612 0x0908  AeLookupSvc - ok

15:29:22.0628 0x0908  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys

15:29:22.0784 0x0908  AFD - ok

15:29:22.0815 0x0908  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys

15:29:22.0830 0x0908  agp440 - ok

15:29:22.0862 0x0908  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe

15:29:22.0908 0x0908  ALG - ok

15:29:22.0924 0x0908  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys

15:29:22.0940 0x0908  aliide - ok

15:29:22.0940 0x0908  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys

15:29:22.0940 0x0908  amdide - ok

15:29:22.0971 0x0908  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

15:29:22.0986 0x0908  AmdK8 - ok

15:29:22.0986 0x0908  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

15:29:23.0018 0x0908  AmdPPM - ok

15:29:23.0033 0x0908  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

15:29:23.0049 0x0908  amdsata - ok

15:29:23.0064 0x0908  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

15:29:23.0064 0x0908  amdsbs - ok

15:29:23.0080 0x0908  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

15:29:23.0080 0x0908  amdxata - ok

15:29:23.0096 0x0908  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys

15:29:23.0142 0x0908  AppID - ok

15:29:23.0158 0x0908  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

15:29:23.0205 0x0908  AppIDSvc - ok

15:29:23.0220 0x0908  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll

15:29:23.0283 0x0908  Appinfo - ok

15:29:23.0314 0x0908  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll

15:29:23.0345 0x0908  AppMgmt - ok

15:29:23.0392 0x0908  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys

15:29:23.0423 0x0908  arc - ok

15:29:23.0423 0x0908  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys

15:29:23.0439 0x0908  arcsas - ok

15:29:23.0470 0x0908  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

15:29:23.0501 0x0908  AsyncMac - ok

15:29:23.0501 0x0908  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys

15:29:23.0517 0x0908  atapi - ok

15:29:23.0595 0x0908  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:29:23.0720 0x0908  AudioEndpointBuilder - ok

15:29:23.0735 0x0908  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

15:29:23.0766 0x0908  AudioSrv - ok

15:29:23.0813 0x0908  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll

15:29:23.0907 0x0908  AxInstSV - ok

15:29:23.0985 0x0908  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

15:29:24.0078 0x0908  b06bdrv - ok

15:29:24.0203 0x0908  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

15:29:24.0281 0x0908  b57nd60a - ok

15:29:24.0390 0x0908  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll

15:29:24.0468 0x0908  BDESVC - ok

15:29:24.0484 0x0908  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys

15:29:24.0546 0x0908  Beep - ok

15:29:24.0624 0x0908  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll

15:29:24.0687 0x0908  BFE - ok

15:29:24.0765 0x0908  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll

15:29:24.0827 0x0908  BITS - ok

15:29:24.0843 0x0908  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

15:29:24.0874 0x0908  blbdrive - ok

15:29:24.0905 0x0908  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

15:29:24.0936 0x0908  bowser - ok

15:29:24.0952 0x0908  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

15:29:24.0999 0x0908  BrFiltLo - ok

15:29:25.0014 0x0908  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

15:29:25.0030 0x0908  BrFiltUp - ok

15:29:25.0077 0x0908  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll

15:29:25.0139 0x0908  Browser - ok

15:29:25.0155 0x0908  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

15:29:25.0280 0x0908  Brserid - ok

15:29:25.0295 0x0908  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

15:29:25.0358 0x0908  BrSerWdm - ok

15:29:25.0373 0x0908  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

15:29:25.0467 0x0908  BrUsbMdm - ok

15:29:25.0482 0x0908  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

15:29:25.0514 0x0908  BrUsbSer - ok

15:29:25.0514 0x0908  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

15:29:25.0592 0x0908  BTHMODEM - ok

15:29:25.0638 0x0908  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll

15:29:25.0701 0x0908  bthserv - ok

15:29:25.0716 0x0908  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

15:29:25.0779 0x0908  cdfs - ok

15:29:25.0794 0x0908  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

15:29:25.0794 0x0908  cdrom - ok

15:29:25.0826 0x0908  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll

15:29:25.0857 0x0908  CertPropSvc - ok

15:29:25.0904 0x0908  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys

15:29:25.0950 0x0908  circlass - ok

15:29:26.0013 0x0908  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys

15:29:26.0028 0x0908  CLFS - ok

15:29:26.0075 0x0908  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:29:26.0075 0x0908  clr_optimization_v2.0.50727_32 - ok

15:29:26.0122 0x0908  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:29:26.0138 0x0908  clr_optimization_v2.0.50727_64 - ok

15:29:26.0169 0x0908  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

15:29:26.0200 0x0908  CmBatt - ok

15:29:26.0231 0x0908  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys

15:29:26.0247 0x0908  cmdide - ok

15:29:26.0294 0x0908  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys

15:29:26.0325 0x0908  CNG - ok

15:29:26.0356 0x0908  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

15:29:26.0356 0x0908  Compbatt - ok

15:29:26.0372 0x0908  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

15:29:26.0403 0x0908  CompositeBus - ok

15:29:26.0418 0x0908  COMSysApp - ok

15:29:26.0465 0x0908  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

15:29:26.0481 0x0908  crcdisk - ok

15:29:26.0512 0x0908  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

15:29:26.0637 0x0908  CryptSvc - ok

15:29:26.0652 0x0908  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys

15:29:26.0730 0x0908  CSC - ok

15:29:26.0777 0x0908  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll

15:29:26.0824 0x0908  CscService - ok

15:29:26.0902 0x0908  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll

15:29:26.0980 0x0908  DcomLaunch - ok

15:29:27.0011 0x0908  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll

15:29:27.0058 0x0908  defragsvc - ok

15:29:27.0074 0x0908  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

15:29:27.0120 0x0908  DfsC - ok

15:29:27.0152 0x0908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll

15:29:27.0198 0x0908  Dhcp - ok

15:29:27.0214 0x0908  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys

15:29:27.0261 0x0908  discache - ok

15:29:27.0292 0x0908  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys

15:29:27.0323 0x0908  Disk - ok

15:29:27.0339 0x0908  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys

15:29:27.0417 0x0908  dmvsc - ok

15:29:27.0479 0x0908  [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache        C:\Windows\System32\dnsrslvr.dll

15:29:27.0557 0x0908  Dnscache - ok

15:29:27.0573 0x0908  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll

15:29:27.0682 0x0908  dot3svc - ok

15:29:27.0698 0x0908  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll

15:29:27.0729 0x0908  DPS - ok

15:29:27.0776 0x0908  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

15:29:27.0807 0x0908  drmkaud - ok

15:29:27.0869 0x0908  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

15:29:27.0900 0x0908  DXGKrnl - ok

15:29:27.0932 0x0908  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll

15:29:27.0978 0x0908  EapHost - ok

15:29:28.0088 0x0908  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys

15:29:28.0197 0x0908  ebdrv - ok

15:29:28.0212 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe

15:29:28.0228 0x0908  EFS - ok

15:29:28.0337 0x0908  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

15:29:28.0415 0x0908  ehRecvr - ok

15:29:28.0446 0x0908  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe

15:29:28.0478 0x0908  ehSched - ok

15:29:28.0524 0x0908  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

15:29:28.0556 0x0908  elxstor - ok

15:29:28.0556 0x0908  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

15:29:28.0571 0x0908  ErrDev - ok

15:29:28.0712 0x0908  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll

15:29:28.0774 0x0908  EventSystem - ok

15:29:28.0790 0x0908  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys

15:29:28.0821 0x0908  exfat - ok

15:29:28.0852 0x0908  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

15:29:28.0899 0x0908  fastfat - ok

15:29:28.0946 0x0908  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe

15:29:28.0992 0x0908  Fax - ok

15:29:29.0008 0x0908  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys

15:29:29.0055 0x0908  fdc - ok

15:29:29.0086 0x0908  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll

15:29:29.0133 0x0908  fdPHost - ok

15:29:29.0133 0x0908  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll

15:29:29.0164 0x0908  FDResPub - ok

15:29:29.0180 0x0908  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

15:29:29.0195 0x0908  FileInfo - ok

15:29:29.0195 0x0908  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

15:29:29.0226 0x0908  Filetrace - ok

15:29:29.0226 0x0908  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

15:29:29.0242 0x0908  flpydisk - ok

15:29:29.0242 0x0908  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

15:29:29.0258 0x0908  FltMgr - ok

15:29:29.0304 0x0908  [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache       C:\Windows\system32\FntCache.dll

15:29:29.0367 0x0908  FontCache - ok

15:29:29.0460 0x0908  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:29:29.0492 0x0908  FontCache3.0.0.0 - ok

15:29:29.0507 0x0908  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

15:29:29.0523 0x0908  FsDepends - ok

15:29:29.0554 0x0908  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

15:29:29.0554 0x0908  Fs_Rec - ok

15:29:29.0570 0x0908  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

15:29:29.0585 0x0908  fvevol - ok

15:29:29.0616 0x0908  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

15:29:29.0616 0x0908  gagp30kx - ok

15:29:29.0663 0x0908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll

15:29:29.0710 0x0908  gpsvc - ok

15:29:29.0710 0x0908  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

15:29:29.0741 0x0908  hcw85cir - ok

15:29:29.0788 0x0908  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:29:29.0819 0x0908  HdAudAddService - ok

15:29:29.0835 0x0908  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

15:29:29.0866 0x0908  HDAudBus - ok

15:29:29.0882 0x0908  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

15:29:29.0897 0x0908  HidBatt - ok

15:29:29.0913 0x0908  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

15:29:29.0928 0x0908  HidBth - ok

15:29:29.0928 0x0908  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys

15:29:29.0944 0x0908  HidIr - ok

15:29:29.0975 0x0908  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll

15:29:30.0006 0x0908  hidserv - ok

15:29:30.0038 0x0908  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

15:29:30.0053 0x0908  HidUsb - ok

15:29:30.0084 0x0908  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll

15:29:30.0116 0x0908  hkmsvc - ok

15:29:30.0147 0x0908  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:29:30.0178 0x0908  HomeGroupListener - ok

15:29:30.0209 0x0908  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:29:30.0240 0x0908  HomeGroupProvider - ok

15:29:30.0272 0x0908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

15:29:30.0272 0x0908  HpSAMD - ok

15:29:30.0303 0x0908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

15:29:30.0365 0x0908  HTTP - ok

15:29:30.0381 0x0908  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

15:29:30.0381 0x0908  hwpolicy - ok

15:29:30.0381 0x0908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

15:29:30.0396 0x0908  i8042prt - ok

15:29:30.0412 0x0908  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

15:29:30.0428 0x0908  iaStorV - ok

15:29:30.0506 0x0908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:29:30.0537 0x0908  idsvc - ok

15:29:30.0568 0x0908  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

15:29:30.0568 0x0908  iirsp - ok

15:29:30.0646 0x0908  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll

15:29:30.0693 0x0908  IKEEXT - ok

15:29:30.0708 0x0908  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys

15:29:30.0724 0x0908  intelide - ok

15:29:30.0740 0x0908  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

15:29:30.0755 0x0908  intelppm - ok

15:29:30.0786 0x0908  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

15:29:30.0833 0x0908  IPBusEnum - ok

15:29:30.0864 0x0908  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:29:30.0896 0x0908  IpFilterDriver - ok

15:29:30.0927 0x0908  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

15:29:30.0974 0x0908  iphlpsvc - ok

15:29:30.0989 0x0908  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

15:29:31.0020 0x0908  IPMIDRV - ok

15:29:31.0020 0x0908  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

15:29:31.0067 0x0908  IPNAT - ok

15:29:31.0083 0x0908  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys

15:29:31.0098 0x0908  IRENUM - ok

15:29:31.0098 0x0908  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

15:29:31.0114 0x0908  isapnp - ok

15:29:31.0130 0x0908  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

15:29:31.0145 0x0908  iScsiPrt - ok

15:29:31.0161 0x0908  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

15:29:31.0176 0x0908  kbdclass - ok

15:29:31.0192 0x0908  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

15:29:31.0208 0x0908  kbdhid - ok

15:29:31.0223 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe

15:29:31.0239 0x0908  KeyIso - ok

15:29:31.0254 0x0908  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

15:29:31.0270 0x0908  KSecDD - ok

15:29:31.0270 0x0908  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

15:29:31.0286 0x0908  KSecPkg - ok

15:29:31.0286 0x0908  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

15:29:31.0317 0x0908  ksthunk - ok

15:29:31.0332 0x0908  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll

15:29:31.0379 0x0908  KtmRm - ok

15:29:31.0395 0x0908  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll

15:29:31.0442 0x0908  LanmanServer - ok

15:29:31.0473 0x0908  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:29:31.0520 0x0908  LanmanWorkstation - ok

15:29:31.0551 0x0908  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

15:29:31.0598 0x0908  lltdio - ok

15:29:31.0613 0x0908  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

15:29:31.0660 0x0908  lltdsvc - ok

15:29:31.0676 0x0908  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll

15:29:31.0722 0x0908  lmhosts - ok

15:29:31.0816 0x0908  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

15:29:31.0988 0x0908  LMS - ok

15:29:32.0112 0x0908  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

15:29:32.0128 0x0908  LSI_FC - ok

15:29:32.0144 0x0908  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

15:29:32.0144 0x0908  LSI_SAS - ok

15:29:32.0144 0x0908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

15:29:32.0159 0x0908  LSI_SAS2 - ok

15:29:32.0159 0x0908  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

15:29:32.0175 0x0908  LSI_SCSI - ok

15:29:32.0190 0x0908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys

15:29:32.0222 0x0908  luafv - ok

15:29:32.0253 0x0908  [ 9D9ED48F841EA37AA5310D54B9E5D3C7, 147DBEBE08A49486F91B30DE3606AC3B7D765DA751DF6880FA5A2D8FBAA2E2A2 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys

15:29:32.0300 0x0908  mbamchameleon - ok

15:29:32.0331 0x0908  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

15:29:32.0362 0x0908  MBAMProtector - ok

15:29:32.0456 0x0908  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

15:29:32.0487 0x0908  MBAMScheduler - ok

15:29:32.0534 0x0908  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

15:29:32.0549 0x0908  MBAMService - ok

15:29:32.0565 0x0908  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

15:29:32.0596 0x0908  MBAMWebAccessControl - ok

15:29:32.0627 0x0908  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

15:29:32.0658 0x0908  Mcx2Svc - ok

15:29:32.0658 0x0908  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys

15:29:32.0674 0x0908  megasas - ok

15:29:32.0690 0x0908  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

15:29:32.0690 0x0908  MegaSR - ok

15:29:32.0736 0x0908  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys

15:29:32.0768 0x0908  MEIx64 - ok

15:29:32.0783 0x0908  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll

15:29:32.0814 0x0908  MMCSS - ok

15:29:32.0814 0x0908  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys

15:29:32.0861 0x0908  Modem - ok

15:29:32.0877 0x0908  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

15:29:32.0908 0x0908  monitor - ok

15:29:32.0908 0x0908  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

15:29:32.0924 0x0908  mouclass - ok

15:29:32.0939 0x0908  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

15:29:32.0955 0x0908  mouhid - ok

15:29:32.0970 0x0908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

15:29:32.0986 0x0908  mountmgr - ok

15:29:33.0017 0x0908  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:29:33.0017 0x0908  MozillaMaintenance - ok

15:29:33.0033 0x0908  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys

15:29:33.0048 0x0908  mpio - ok

15:29:33.0064 0x0908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

15:29:33.0095 0x0908  mpsdrv - ok

15:29:33.0142 0x0908  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll

15:29:33.0189 0x0908  MpsSvc - ok

15:29:33.0204 0x0908  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

15:29:33.0236 0x0908  MRxDAV - ok

15:29:33.0251 0x0908  [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

15:29:33.0282 0x0908  mrxsmb - ok

15:29:33.0298 0x0908  [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:29:33.0329 0x0908  mrxsmb10 - ok

15:29:33.0329 0x0908  [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:29:33.0360 0x0908  mrxsmb20 - ok

15:29:33.0376 0x0908  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys

15:29:33.0376 0x0908  msahci - ok

15:29:33.0392 0x0908  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

15:29:33.0407 0x0908  msdsm - ok

15:29:33.0423 0x0908  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe

15:29:33.0438 0x0908  MSDTC - ok

15:29:33.0454 0x0908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

15:29:33.0485 0x0908  Msfs - ok

15:29:33.0532 0x0908  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

15:29:33.0610 0x0908  mshidkmdf - ok

15:29:33.0610 0x0908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

15:29:33.0610 0x0908  msisadrv - ok

15:29:33.0641 0x0908  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

15:29:33.0688 0x0908  MSiSCSI - ok

15:29:33.0688 0x0908  msiserver - ok

15:29:33.0704 0x0908  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

15:29:33.0750 0x0908  MSKSSRV - ok

15:29:33.0782 0x0908  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

15:29:33.0844 0x0908  MSPCLOCK - ok

15:29:33.0844 0x0908  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

15:29:33.0875 0x0908  MSPQM - ok

15:29:33.0906 0x0908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

15:29:33.0922 0x0908  MsRPC - ok

15:29:33.0922 0x0908  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

15:29:33.0938 0x0908  mssmbios - ok

15:29:33.0953 0x0908  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

15:29:34.0016 0x0908  MSTEE - ok

15:29:34.0016 0x0908  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

15:29:34.0031 0x0908  MTConfig - ok

15:29:34.0047 0x0908  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys

15:29:34.0062 0x0908  Mup - ok

15:29:34.0094 0x0908  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll

15:29:34.0140 0x0908  napagent - ok

15:29:34.0203 0x0908  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

15:29:34.0265 0x0908  NativeWifiP - ok

15:29:34.0312 0x0908  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys

15:29:34.0328 0x0908  NDIS - ok

15:29:34.0343 0x0908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

15:29:34.0374 0x0908  NdisCap - ok

15:29:34.0390 0x0908  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

15:29:34.0421 0x0908  NdisTapi - ok

15:29:34.0421 0x0908  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

15:29:34.0468 0x0908  Ndisuio - ok

15:29:34.0468 0x0908  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

15:29:34.0515 0x0908  NdisWan - ok

15:29:34.0530 0x0908  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

15:29:34.0562 0x0908  NDProxy - ok

15:29:34.0562 0x0908  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

15:29:34.0593 0x0908  NetBIOS - ok

15:29:34.0608 0x0908  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

15:29:34.0640 0x0908  NetBT - ok

15:29:34.0655 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe

15:29:34.0671 0x0908  Netlogon - ok

15:29:34.0702 0x0908  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll

15:29:34.0733 0x0908  Netman - ok

15:29:34.0764 0x0908  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll

15:29:34.0811 0x0908  netprofm - ok

15:29:34.0842 0x0908  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:29:34.0858 0x0908  NetTcpPortSharing - ok

15:29:35.0076 0x0908  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys

15:29:35.0217 0x0908  netw5v64 - ok

15:29:35.0264 0x0908  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

15:29:35.0295 0x0908  nfrd960 - ok

15:29:35.0342 0x0908  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll

15:29:35.0388 0x0908  NlaSvc - ok

15:29:35.0388 0x0908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

15:29:35.0420 0x0908  Npfs - ok

15:29:35.0435 0x0908  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll

15:29:35.0482 0x0908  nsi - ok

15:29:35.0482 0x0908  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

15:29:35.0513 0x0908  nsiproxy - ok

15:29:35.0576 0x0908  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

15:29:35.0607 0x0908  Ntfs - ok

15:29:35.0622 0x0908  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys

15:29:35.0700 0x0908  Null - ok

15:29:35.0747 0x0908  [ F2662FDC20518EE8A8EED4F61BA42349, 4E8810345AA7D878DC21AE0A2E6ED201FC90EE112D6D13961A8D697A98716B3F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys

15:29:35.0810 0x0908  NVHDA - ok

15:29:35.0841 0x0908  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

15:29:35.0856 0x0908  nvraid - ok

15:29:35.0872 0x0908  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys

15:29:35.0888 0x0908  nvstor - ok

15:29:35.0903 0x0908  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

15:29:35.0903 0x0908  nv_agp - ok

15:29:35.0919 0x0908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

15:29:35.0950 0x0908  ohci1394 - ok

15:29:35.0981 0x0908  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

15:29:36.0028 0x0908  p2pimsvc - ok

15:29:36.0044 0x0908  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll

15:29:36.0075 0x0908  p2psvc - ok

15:29:36.0090 0x0908  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys

15:29:36.0106 0x0908  Parport - ok

15:29:36.0106 0x0908  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

15:29:36.0122 0x0908  partmgr - ok

15:29:36.0137 0x0908  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll

15:29:36.0168 0x0908  PcaSvc - ok

15:29:36.0168 0x0908  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys

15:29:36.0184 0x0908  pci - ok

15:29:36.0184 0x0908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys

15:29:36.0200 0x0908  pciide - ok

15:29:36.0215 0x0908  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

15:29:36.0231 0x0908  pcmcia - ok

15:29:36.0231 0x0908  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys

15:29:36.0246 0x0908  pcw - ok

15:29:36.0262 0x0908  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

15:29:36.0324 0x0908  PEAUTH - ok

15:29:36.0402 0x0908  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

15:29:36.0480 0x0908  PeerDistSvc - ok

15:29:36.0543 0x0908  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe

15:29:36.0590 0x0908  PerfHost - ok

15:29:36.0683 0x0908  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll

15:29:36.0746 0x0908  pla - ok

15:29:36.0792 0x0908  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

15:29:36.0855 0x0908  PlugPlay - ok

15:29:36.0870 0x0908  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

15:29:36.0886 0x0908  PNRPAutoReg - ok

15:29:36.0902 0x0908  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

15:29:36.0917 0x0908  PNRPsvc - ok

15:29:36.0964 0x0908  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

15:29:37.0026 0x0908  PolicyAgent - ok

15:29:37.0042 0x0908  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll

15:29:37.0089 0x0908  Power - ok

15:29:37.0120 0x0908  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

15:29:37.0214 0x0908  PptpMiniport - ok

15:29:37.0214 0x0908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys

15:29:37.0245 0x0908  Processor - ok

15:29:37.0260 0x0908  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll

15:29:37.0307 0x0908  ProfSvc - ok

15:29:37.0323 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe

15:29:37.0338 0x0908  ProtectedStorage - ok

15:29:37.0354 0x0908  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

15:29:37.0401 0x0908  Psched - ok

15:29:37.0510 0x0908  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

15:29:37.0541 0x0908  ql2300 - ok

15:29:37.0557 0x0908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

15:29:37.0572 0x0908  ql40xx - ok

15:29:37.0604 0x0908  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll

15:29:37.0650 0x0908  QWAVE - ok

15:29:37.0666 0x0908  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

15:29:37.0682 0x0908  QWAVEdrv - ok

15:29:37.0697 0x0908  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

15:29:37.0744 0x0908  RasAcd - ok

15:29:37.0760 0x0908  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

15:29:37.0791 0x0908  RasAgileVpn - ok

15:29:37.0806 0x0908  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll

15:29:37.0853 0x0908  RasAuto - ok

15:29:37.0869 0x0908  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

15:29:37.0900 0x0908  Rasl2tp - ok

15:29:37.0947 0x0908  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll

15:29:38.0025 0x0908  RasMan - ok

15:29:38.0040 0x0908  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

15:29:38.0103 0x0908  RasPppoe - ok

15:29:38.0196 0x0908  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

15:29:38.0274 0x0908  RasSstp - ok

15:29:38.0306 0x0908  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

15:29:38.0368 0x0908  rdbss - ok

15:29:38.0368 0x0908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

15:29:38.0384 0x0908  rdpbus - ok

15:29:38.0399 0x0908  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

15:29:38.0430 0x0908  RDPCDD - ok

15:29:38.0446 0x0908  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

15:29:38.0462 0x0908  RDPDR - ok

15:29:38.0493 0x0908  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

15:29:38.0524 0x0908  RDPENCDD - ok

15:29:38.0540 0x0908  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

15:29:38.0571 0x0908  RDPREFMP - ok

15:29:38.0586 0x0908  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

15:29:38.0618 0x0908  RDPWD - ok

15:29:38.0633 0x0908  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

15:29:38.0633 0x0908  rdyboost - ok

15:29:38.0664 0x0908  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll

15:29:38.0696 0x0908  RemoteAccess - ok

15:29:38.0727 0x0908  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

15:29:38.0758 0x0908  RemoteRegistry - ok

15:29:38.0774 0x0908  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

15:29:38.0820 0x0908  RpcEptMapper - ok

15:29:38.0820 0x0908  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe

15:29:38.0852 0x0908  RpcLocator - ok

15:29:38.0867 0x0908  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll

15:29:38.0914 0x0908  RpcSs - ok

15:29:38.0945 0x0908  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

15:29:38.0976 0x0908  rspndr - ok

15:29:39.0039 0x0908  [ EA5532868BA76923D75BCB2A1448D810, C1489714C9BC95BB76134E6B8F28C5A3D044E9B2857F01BFEEEE7C8A25C74E7D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys

15:29:39.0101 0x0908  RTL8167 - ok

15:29:39.0117 0x0908  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

15:29:39.0164 0x0908  s3cap - ok

15:29:39.0179 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe

15:29:39.0195 0x0908  SamSs - ok

15:29:39.0210 0x0908  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

15:29:39.0226 0x0908  sbp2port - ok

15:29:39.0257 0x0908  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

15:29:39.0288 0x0908  SCardSvr - ok

15:29:39.0304 0x0908  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

15:29:39.0351 0x0908  scfilter - ok

15:29:39.0398 0x0908  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll

15:29:39.0460 0x0908  Schedule - ok

15:29:39.0476 0x0908  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll

15:29:39.0507 0x0908  SCPolicySvc - ok

15:29:39.0522 0x0908  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

15:29:39.0569 0x0908  SDRSVC - ok

15:29:39.0600 0x0908  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys

15:29:39.0663 0x0908  secdrv - ok

15:29:39.0663 0x0908  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll

15:29:39.0694 0x0908  seclogon - ok

15:29:39.0710 0x0908  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll

15:29:39.0756 0x0908  SENS - ok

15:29:39.0772 0x0908  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll

15:29:39.0803 0x0908  SensrSvc - ok

15:29:39.0803 0x0908  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys

15:29:39.0819 0x0908  Serenum - ok

15:29:39.0850 0x0908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys

15:29:39.0866 0x0908  Serial - ok

15:29:39.0881 0x0908  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys

15:29:39.0912 0x0908  sermouse - ok

15:29:39.0944 0x0908  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll

15:29:40.0006 0x0908  SessionEnv - ok

15:29:40.0006 0x0908  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

15:29:40.0022 0x0908  sffdisk - ok

15:29:40.0022 0x0908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

15:29:40.0053 0x0908  sffp_mmc - ok

15:29:40.0068 0x0908  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

15:29:40.0084 0x0908  sffp_sd - ok

15:29:40.0084 0x0908  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

15:29:40.0115 0x0908  sfloppy - ok

15:29:40.0131 0x0908  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

15:29:40.0178 0x0908  SharedAccess - ok

15:29:40.0209 0x0908  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:29:40.0256 0x0908  ShellHWDetection - ok

15:29:40.0271 0x0908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

15:29:40.0287 0x0908  SiSRaid2 - ok

15:29:40.0287 0x0908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

15:29:40.0302 0x0908  SiSRaid4 - ok

15:29:40.0302 0x0908  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

15:29:40.0349 0x0908  Smb - ok

15:29:40.0380 0x0908  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

15:29:40.0412 0x0908  SNMPTRAP - ok

15:29:40.0412 0x0908  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys

15:29:40.0412 0x0908  spldr - ok

15:29:40.0458 0x0908  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe

15:29:40.0490 0x0908  Spooler - ok

15:29:40.0646 0x0908  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe

15:29:40.0786 0x0908  sppsvc - ok

15:29:40.0802 0x0908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

15:29:40.0833 0x0908  sppuinotify - ok

15:29:40.0864 0x0908  [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv             C:\Windows\system32\DRIVERS\srv.sys

15:29:40.0911 0x0908  srv - ok

15:29:40.0911 0x0908  [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

15:29:40.0958 0x0908  srv2 - ok

15:29:40.0958 0x0908  [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

15:29:41.0004 0x0908  srvnet - ok

15:29:41.0036 0x0908  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

15:29:41.0067 0x0908  SSDPSRV - ok

15:29:41.0067 0x0908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll

15:29:41.0098 0x0908  SstpSvc - ok

15:29:41.0114 0x0908  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys

15:29:41.0114 0x0908  stexstor - ok

15:29:41.0160 0x0908  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll

15:29:41.0207 0x0908  stisvc - ok

15:29:41.0223 0x0908  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

15:29:41.0238 0x0908  storflt - ok

15:29:41.0254 0x0908  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll

15:29:41.0301 0x0908  StorSvc - ok

15:29:41.0332 0x0908  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys

15:29:41.0348 0x0908  storvsc - ok

15:29:41.0348 0x0908  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

15:29:41.0348 0x0908  swenum - ok

15:29:41.0379 0x0908  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll

15:29:41.0426 0x0908  swprv - ok

15:29:41.0488 0x0908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll

15:29:41.0566 0x0908  SysMain - ok

15:29:41.0566 0x0908  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:29:41.0597 0x0908  TabletInputService - ok

15:29:41.0628 0x0908  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll

15:29:41.0675 0x0908  TapiSrv - ok

15:29:41.0675 0x0908  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll

15:29:41.0706 0x0908  TBS - ok

15:29:41.0800 0x0908  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

15:29:41.0862 0x0908  Tcpip - ok

15:29:41.0909 0x0908  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

15:29:41.0940 0x0908  TCPIP6 - ok

15:29:41.0956 0x0908  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

15:29:41.0987 0x0908  tcpipreg - ok

15:29:42.0018 0x0908  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

15:29:42.0050 0x0908  TDPIPE - ok

15:29:42.0050 0x0908  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

15:29:42.0081 0x0908  TDTCP - ok

15:29:42.0081 0x0908  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

15:29:42.0112 0x0908  tdx - ok

15:29:42.0112 0x0908  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

15:29:42.0128 0x0908  TermDD - ok

15:29:42.0159 0x0908  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll

15:29:42.0221 0x0908  TermService - ok

15:29:42.0237 0x0908  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll

15:29:42.0252 0x0908  Themes - ok

15:29:42.0268 0x0908  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll

15:29:42.0299 0x0908  THREADORDER - ok

15:29:42.0330 0x0908  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll

15:29:42.0377 0x0908  TrkWks - ok

15:29:42.0408 0x0908  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:29:42.0471 0x0908  TrustedInstaller - ok

15:29:42.0486 0x0908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

15:29:42.0533 0x0908  tssecsrv - ok

15:29:42.0549 0x0908  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

15:29:42.0580 0x0908  TsUsbFlt - ok

15:29:42.0580 0x0908  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

15:29:42.0596 0x0908  TsUsbGD - ok

15:29:42.0627 0x0908  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

15:29:42.0674 0x0908  tunnel - ok

15:29:42.0674 0x0908  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys

15:29:42.0674 0x0908  uagp35 - ok

15:29:42.0689 0x0908  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

15:29:42.0736 0x0908  udfs - ok

15:29:42.0767 0x0908  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe

15:29:42.0783 0x0908  UI0Detect - ok

15:29:42.0798 0x0908  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

15:29:42.0814 0x0908  uliagpkx - ok

15:29:42.0845 0x0908  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

15:29:42.0876 0x0908  umbus - ok

15:29:42.0892 0x0908  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys

15:29:42.0908 0x0908  UmPass - ok

15:29:42.0923 0x0908  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll

15:29:42.0954 0x0908  UmRdpService - ok

15:29:43.0095 0x0908  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

15:29:43.0188 0x0908  UNS - ok

15:29:43.0298 0x0908  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll

15:29:43.0376 0x0908  upnphost - ok

15:29:43.0391 0x0908  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

15:29:43.0407 0x0908  usbccgp - ok

15:29:43.0422 0x0908  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

15:29:43.0438 0x0908  usbcir - ok

15:29:43.0438 0x0908  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

15:29:43.0469 0x0908  usbehci - ok

15:29:43.0485 0x0908  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

15:29:43.0500 0x0908  usbhub - ok

15:29:43.0516 0x0908  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

15:29:43.0532 0x0908  usbohci - ok

15:29:43.0532 0x0908  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys

15:29:43.0563 0x0908  usbprint - ok

15:29:43.0578 0x0908  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:29:43.0610 0x0908  USBSTOR - ok

15:29:43.0610 0x0908  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

15:29:43.0625 0x0908  usbuhci - ok

15:29:43.0656 0x0908  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

15:29:43.0688 0x0908  usbvideo - ok

15:29:43.0703 0x0908  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll

15:29:43.0750 0x0908  UxSms - ok

15:29:43.0750 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe

15:29:43.0766 0x0908  VaultSvc - ok

15:29:43.0797 0x0908  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

15:29:43.0812 0x0908  vdrvroot - ok

15:29:43.0828 0x0908  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe

15:29:43.0875 0x0908  vds - ok

15:29:43.0890 0x0908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

15:29:43.0906 0x0908  vga - ok

15:29:43.0906 0x0908  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys

15:29:43.0937 0x0908  VgaSave - ok

15:29:43.0953 0x0908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

15:29:43.0953 0x0908  vhdmp - ok

15:29:43.0984 0x0908  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys

15:29:43.0984 0x0908  viaide - ok

15:29:44.0000 0x0908  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys

15:29:44.0015 0x0908  vmbus - ok

15:29:44.0015 0x0908  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

15:29:44.0031 0x0908  VMBusHID - ok

15:29:44.0031 0x0908  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

15:29:44.0046 0x0908  volmgr - ok

15:29:44.0062 0x0908  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

15:29:44.0078 0x0908  volmgrx - ok

15:29:44.0093 0x0908  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys

15:29:44.0109 0x0908  volsnap - ok

15:29:44.0109 0x0908  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

15:29:44.0124 0x0908  vsmraid - ok

15:29:44.0187 0x0908  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe

15:29:44.0265 0x0908  VSS - ok

15:29:44.0280 0x0908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

15:29:44.0296 0x0908  vwifibus - ok

15:29:44.0343 0x0908  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll

15:29:44.0374 0x0908  W32Time - ok

15:29:44.0390 0x0908  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

15:29:44.0405 0x0908  WacomPen - ok

15:29:44.0421 0x0908  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

15:29:44.0452 0x0908  WANARP - ok

15:29:44.0468 0x0908  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

15:29:44.0483 0x0908  Wanarpv6 - ok

15:29:44.0546 0x0908  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe

15:29:44.0608 0x0908  wbengine - ok

15:29:44.0639 0x0908  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

15:29:44.0655 0x0908  WbioSrvc - ok

15:29:44.0670 0x0908  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll

15:29:44.0702 0x0908  wcncsvc - ok

15:29:44.0717 0x0908  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:29:44.0748 0x0908  WcsPlugInService - ok

15:29:44.0780 0x0908  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys

15:29:44.0780 0x0908  Wd - ok

15:29:44.0811 0x0908  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

15:29:44.0826 0x0908  Wdf01000 - ok

15:29:44.0858 0x0908  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll

15:29:44.0951 0x0908  WdiServiceHost - ok

15:29:44.0967 0x0908  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll

15:29:44.0982 0x0908  WdiSystemHost - ok

15:29:45.0029 0x0908  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll

15:29:45.0092 0x0908  WebClient - ok

15:29:45.0107 0x0908  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll

15:29:45.0154 0x0908  Wecsvc - ok

15:29:45.0170 0x0908  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

15:29:45.0201 0x0908  wercplsupport - ok

15:29:45.0216 0x0908  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll

15:29:45.0248 0x0908  WerSvc - ok

15:29:45.0279 0x0908  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

15:29:45.0341 0x0908  WfpLwf - ok

15:29:45.0357 0x0908  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

15:29:45.0357 0x0908  WIMMount - ok

15:29:45.0372 0x0908  WinDefend - ok

15:29:45.0372 0x0908  WinHttpAutoProxySvc - ok

15:29:45.0435 0x0908  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

15:29:45.0497 0x0908  Winmgmt - ok

15:29:45.0575 0x0908  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll

15:29:45.0653 0x0908  WinRM - ok

15:29:45.0747 0x0908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll

15:29:45.0794 0x0908  Wlansvc - ok

15:29:45.0794 0x0908  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

15:29:45.0825 0x0908  WmiAcpi - ok

15:29:45.0856 0x0908  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

15:29:45.0887 0x0908  wmiApSrv - ok

15:29:45.0903 0x0908  WMPNetworkSvc - ok

15:29:45.0918 0x0908  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll

15:29:45.0950 0x0908  WPCSvc - ok

15:29:45.0950 0x0908  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

15:29:45.0981 0x0908  WPDBusEnum - ok

15:29:45.0996 0x0908  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

15:29:46.0028 0x0908  ws2ifsl - ok

15:29:46.0043 0x0908  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll

15:29:46.0059 0x0908  wscsvc - ok

15:29:46.0059 0x0908  WSearch - ok

15:29:46.0199 0x0908  [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv        C:\Windows\system32\wuaueng.dll

15:29:46.0277 0x0908  wuauserv - ok

15:29:46.0308 0x0908  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

15:29:46.0340 0x0908  WudfPf - ok

15:29:46.0371 0x0908  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

15:29:46.0418 0x0908  WUDFRd - ok

15:29:46.0433 0x0908  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

15:29:46.0464 0x0908  wudfsvc - ok

15:29:46.0496 0x0908  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll

15:29:46.0527 0x0908  WwanSvc - ok

15:29:46.0527 0x0908  ================ Scan global ===============================

15:29:46.0558 0x0908  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

15:29:46.0574 0x0908  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll

15:29:46.0589 0x0908  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll

15:29:46.0620 0x0908  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

15:29:46.0667 0x0908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

15:29:46.0667 0x0908  [ Global ] - ok

15:29:46.0667 0x0908  ================ Scan MBR ==================================

15:29:46.0683 0x0908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:29:46.0995 0x0908  \Device\Harddisk0\DR0 - ok

15:29:47.0010 0x0908  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2

15:29:47.0198 0x0908  \Device\Harddisk1\DR2 - ok

15:29:47.0198 0x0908  ================ Scan VBR ==================================

15:29:47.0198 0x0908  [ 89D1AB1233242CFD4E0FE3FBBA9BD118 ] \Device\Harddisk0\DR0\Partition1

15:29:47.0213 0x0908  \Device\Harddisk0\DR0\Partition1 - ok

15:29:47.0213 0x0908  [ 869E5E48A1836D1DC3F649BD4C4485C6 ] \Device\Harddisk0\DR0\Partition2

15:29:47.0213 0x0908  \Device\Harddisk0\DR0\Partition2 - ok

15:29:47.0260 0x0908  [ 1B361C7270178149C181330B95D10C53 ] \Device\Harddisk0\DR0\Partition3

15:29:47.0260 0x0908  \Device\Harddisk0\DR0\Partition3 - ok

15:29:47.0276 0x0908  [ 45D471AD77DF25E105CDBD57E718F50A ] \Device\Harddisk1\DR2\Partition1

15:29:47.0276 0x0908  \Device\Harddisk1\DR2\Partition1 - ok

15:29:47.0354 0x0908  Win FW state via NFP2: enabled

15:29:49.0694 0x0908  ============================================================

15:29:49.0694 0x0908  Scan finished

15:29:49.0694 0x0908  ============================================================

15:29:49.0709 0x0a80  Detected object count: 0

15:29:49.0709 0x0a80  Actual detected object count: 0

15:30:11.0191 0x04e8  Deinitialize success

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org
 

Database version: v2014.05.27.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

ADMIN :: ADMIN-PC [administrator]
 

27.05.2014 15:34:01

mbar-log-2014-05-27 (15-34-01).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 240990

Time elapsed: 6 minute(s), 44 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

+systemlog

Code:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 

(c) Malwarebytes Corporation 2011-2012
 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 

Account is Administrative
 

Internet Explorer version: 8.0.7601.17514
 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4274700288, free: 3449090048
 

=======================================
 
 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 

(c) Malwarebytes Corporation 2011-2012
 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 

Account is Administrative
 

Internet Explorer version: 8.0.7601.17514
 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4274700288, free: 3460562944
 

Downloaded database version: v2014.05.27.05

Downloaded database version: v2014.05.21.01

=======================================

Initializing...

------------ Kernel report ------------

     05/27/2014 15:33:57

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\vgapnp.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\wininet.dll

\Windows\System32\sechost.dll

\Windows\System32\ws2_32.dll

\Windows\System32\usp10.dll

\Windows\System32\imagehlp.dll

\Windows\System32\normaliz.dll

\Windows\System32\gdi32.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\difxapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\ole32.dll

\Windows\System32\iertutil.dll

\Windows\System32\msctf.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imm32.dll

\Windows\System32\urlmon.dll

\Windows\System32\psapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\kernel32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\shell32.dll

\Windows\System32\user32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\nsi.dll

\Windows\System32\lpk.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xfffffa80039dd640

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000080\

Lower Device Object: 0xfffffa80050e4720

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004722060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa80044b8060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004722b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80044b8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AECDB9E2
 

Partition information:
 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

    Partition file system is NTFS

    Partition is bootable
 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848  Numsec = 199239680
 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 199448574  Numsec = 728358914
 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0
 

Disk Size: 500107862016 bytes

Sector size: 512 bytes
 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004214b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80050e4720, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7BCF32
 

Partition information:
 

    Partition 0 type is Other (0xb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 7744449
 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0
 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0
 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0
 

Disk Size: 3965190144 bytes

Sector size: 512 bytes
 

Done!

Scan finished

=======================================
 
 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removal finished

Was genau hast Du eigentlich für probleme?

Sämtliche Änderungen die ich vornehme werden beim Neustart rückgängig gemacht. Berechtigungen, die ich setze sind weg, Dienste die ich ausschalte schalten sich wieder ein. Administrative Freigaben sind aktiviert, lassen sich nicht abstellen, meine Registry-Datei ist 250mb groß, obwohl ich das System neu aufgespielt habe, darin sind die seltsamsten Einträge - Kann ich die vielleicht irgendwo hochladen, damit du dir daon ein Bild machen kannst? Achja, Remotedienste sind natürlich auch an und laut AVZ ist auch der anonyme login freigegeben - Ich wei0 nicht was ich noch machen soll!

Hier die AVZ4-Log

Code:

AVZ Antiviral Toolkit log; AVZ version is 4.43

Scanning started at 28.05.2014 14:10:22

Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.05.2014 04:00

Heuristic microprograms loaded: 405

PVS microprograms loaded: 9

Digital signatures of system files loaded: 663640

Heuristic analyzer mode: Maximum heuristics mode

Malware removal mode: enabled

Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

1.1 Searching for user-mode API hooks

 Analysis: kernel32.dll, export table found in section .text

 Analysis: ntdll.dll, export table found in section .text

 Analysis: user32.dll, export table found in section .text

 Analysis: advapi32.dll, export table found in section .text

 Analysis: ws2_32.dll, export table found in section .text

 Analysis: wininet.dll, export table found in section .text

 Analysis: rasapi32.dll, export table found in section .text

 Analysis: urlmon.dll, export table found in section .text

 Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

 Error loading driver - operation interrupted [C000036B]

1.4 Searching for masking processes and drivers

 Checking not performed: extended monitoring driver (AVZPM) is not installed

1.5 Checking IRP handlers

 Error loading driver - operation interrupted [C000036B]

2. Scanning RAM

 Number of processes found: 16

 Number of modules loaded: 334

Scanning RAM - complete

3. Scanning disks

4. Checking  Winsock Layered Service Provider (SPI/LSP)

 LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious software

 In the database 317 port descriptions

 Opened at this PC: 36 TCP ports and 8 UDP ports

 Checking - complete; no suspicious ports detected

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)

>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)

>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

Checking - complete

Files scanned: 1574, extracted from archives: 923, malicious software found 0, suspicions - 0

Scanning finished at 28.05.2014 14:12:16

Time of scanning: 00:01:56

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address hxxp://forum.kaspersky.com/index.php?showforum=19

For automatic scanning of files from the AVZ quarantine you can use the service hxxp://virusdetector.ru/

Network diagnostics

 DNS & Ping

  Host "yandex.ru", IP="213.180.204.11,93.158.134.11,213.180.193.11", Ping=OK (0,64,213.180.204.11)

  Host "google.ru", IP="173.194.112.23,173.194.112.24,173.194.112.31", Ping=OK (0,13,173.194.112.23)

  Host "google.com", IP="173.194.112.9,173.194.112.14,173.194.112.0,173.194.112.1,173.194.112.2,173.194.112.3,173.194.112.4,173.194.112.5,173.194.112.6,173.194.112.7,173.194.112.8", Ping=OK (0,14,173.194.112.9)

  Host "www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,18,195.27.252.18)

  Host "www.kaspersky.ru", IP="195.27.252.110", Ping=OK (0,21,195.27.252.110)

  Host "dnl-03.geo.kaspersky.com", IP="212.73.221.202", Ping=OK (0,20,212.73.221.202)

  Host "dnl-11.geo.kaspersky.com", IP="80.239.174.38", Ping=OK (0,24,80.239.174.38)

  Host "activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)

  Host "odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,68,217.20.147.94)

  Host "vk.com", IP="87.240.143.241,87.240.131.117,87.240.131.118", Ping=OK (0,49,87.240.143.241)

  Host "vkontakte.ru", IP="87.240.156.167,87.240.156.168,87.240.156.166", Ping=OK (0,53,87.240.156.167)

  Host "twitter.com", IP="199.16.156.230,199.16.156.6,199.16.156.102,199.16.156.198", Ping=OK (0,126,199.16.156.230)

  Host "facebook.com", IP="173.252.110.27", Ping=OK (0,114,173.252.110.27)

  Host "ru-ru.facebook.com", IP="173.252.73.52,69.171.237.20", Ping=OK (0,164,173.252.73.52)

 IE Setup

  AutoConfigURL=""

  AutoConfigProxy="wininet.dll"

  ProxyOverride=""

  ProxyServer=""

Network TCP/IP settings
 

 System Analysis - complete

und OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:12:00 on 28.05.2014
 

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit

Default Browser: Mozilla Corporation Firefox 29.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[x] Trusted entries

[x] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[x] Non-startable services

[x] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "Microsoft Corporation" - C:\Windows\system32\autochk.exe  (File signed by Microsoft)
 

[Common]

-----( %SystemRoot%\Tasks )-----

-----( HKCU\SOFTWARE\Classes\exefile\shell\open\command )-----

-----( HKCU\SOFTWARE\Microsoft\Command Processor )-----

-----( HKCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps )-----

-----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )-----

"{Default}" - ? - "%1" %*  (System default value)

-----( HKLM\SOFTWARE\Microsoft\Command Processor )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options )-----

-----( HKLM\SOFTWARE\Microsoft\Windows Script Host\Locations )-----

-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )-----
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"appwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\appwiz.cpl  (File signed by Microsoft)

"bthprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\bthprops.cpl  (File signed by Microsoft)

"collab.cpl" - "Microsoft Corporation" - C:\Windows\system32\collab.cpl  (File signed by Microsoft)

"desk.cpl" - "Microsoft Corporation" - C:\Windows\system32\desk.cpl  (File signed by Microsoft)

"Firewall.cpl" - "Microsoft Corporation" - C:\Windows\system32\Firewall.cpl  (File signed by Microsoft)

"hdwwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\hdwwiz.cpl  (File signed by Microsoft)

"inetcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\inetcpl.cpl  (File signed by Microsoft)

"infocardcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\infocardcpl.cpl  (File signed by Microsoft)

"intl.cpl" - "Microsoft Corporation" - C:\Windows\system32\intl.cpl  (File signed by Microsoft)

"irprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\irprops.cpl  (File signed by Microsoft)

"joy.cpl" - "Microsoft Corporation" - C:\Windows\system32\joy.cpl  (File signed by Microsoft)

"main.cpl" - "Microsoft Corporation" - C:\Windows\system32\main.cpl  (File signed by Microsoft)

"mmsys.cpl" - "Microsoft Corporation" - C:\Windows\system32\mmsys.cpl  (File signed by Microsoft)

"ncpa.cpl" - "Microsoft Corporation" - C:\Windows\system32\ncpa.cpl  (File signed by Microsoft)

"powercfg.cpl" - "Microsoft Corporation" - C:\Windows\system32\powercfg.cpl  (File signed by Microsoft)

"sysdm.cpl" - "Microsoft Corporation" - C:\Windows\system32\sysdm.cpl  (File signed by Microsoft)

"TabletPC.cpl" - "Microsoft Corporation" - C:\Windows\system32\TabletPC.cpl  (File signed by Microsoft)

"telephon.cpl" - "Microsoft Corporation" - C:\Windows\system32\telephon.cpl  (File signed by Microsoft)

"timedate.cpl" - "Microsoft Corporation" - C:\Windows\system32\timedate.cpl  (File signed by Microsoft)

"wscui.cpl" - "Microsoft Corporation" - C:\Windows\system32\wscui.cpl  (File signed by Microsoft)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"1394 OHCI Compliant Host Controller" (1394ohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\1394ohci.sys  (File signed by Microsoft)

"1394 OHCI Compliant Host Controller (Legacy)" (ohci1394) - "Microsoft Corporation" - C:\Windows\system32\drivers\ohci1394.sys  (File signed by Microsoft)

"@%systemroot%\system32\appidsvc.dll,-102" (AppID) - "Microsoft Corporation" - C:\Windows\system32\drivers\appid.sys  (File signed by Microsoft)

"@%systemroot%\system32\browser.dll,-102" (bowser) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bowser.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\clfs.sys,-100" (CLFS) - "Microsoft Corporation" - C:\Windows\System32\CLFS.sys  (File signed by Microsoft)

"@%systemroot%\system32\cscsvc.dll,-202" (CSC) - "Microsoft Corporation" - C:\Windows\System32\drivers\csc.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\afd.sys,-1000" (AFD) - "Microsoft Corporation" - C:\Windows\system32\drivers\afd.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\dfsc.sys,-101" (DfsC) - "Microsoft Corporation" - C:\Windows\System32\Drivers\dfsc.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\discache.sys,-102" (discache) - "Microsoft Corporation" - C:\Windows\System32\drivers\discache.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\fileinfo.sys,-100" (FileInfo) - "Microsoft Corporation" - C:\Windows\System32\drivers\fileinfo.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\filetrace.sys,-10001" (Filetrace) - "Microsoft Corporation" - C:\Windows\System32\drivers\filetrace.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\fltmgr.sys,-10001" (FltMgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\fltmgr.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\fsdepends.sys,-10001" (FsDepends) - "Microsoft Corporation" - C:\Windows\System32\drivers\FsDepends.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\fvevol.sys,-100" (fvevol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fvevol.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\http.sys,-1" (HTTP) - "Microsoft Corporation" - C:\Windows\System32\drivers\HTTP.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\hwpolicy.sys,-101" (hwpolicy) - "Microsoft Corporation" - C:\Windows\System32\drivers\hwpolicy.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\irenum.sys,-100" (IRENUM) - "Microsoft Corporation" - C:\Windows\System32\drivers\irenum.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\luafv.sys,-100" (luafv) - "Microsoft Corporation" - C:\Windows\system32\drivers\luafv.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\mountmgr.sys,-100" (mountmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\mountmgr.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100" (mshidkmdf) - "Microsoft Corporation" - C:\Windows\System32\drivers\mshidkmdf.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\mup.sys,-101" (Mup) - "Microsoft Corporation" - C:\Windows\System32\Drivers\mup.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\ndis.sys,-200" (NDIS) - "Microsoft Corporation" - C:\Windows\System32\drivers\ndis.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\netbt.sys,-2" (NetBT) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbt.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\nsiproxy.sys,-2" (nsiproxy) - "Microsoft Corporation" - C:\Windows\System32\drivers\nsiproxy.sys  (File signed by Microsoft)

"@%SystemRoot%\System32\drivers\pacer.sys,-101" (Psched) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\pacer.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\partmgr.sys,-100" (partmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\partmgr.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\qwavedrv.sys,-1" (QWAVEdrv) - "Microsoft Corporation" - C:\Windows\system32\drivers\qwavedrv.sys  (File signed by Microsoft)

"@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100" (RDPCDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\RDPCDD.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\RDPENCDD.sys,-101" (RDPENCDD) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpencdd.sys  (File signed by Microsoft)

"@%systemroot%\system32\drivers\RdpRefMp.sys,-101" (RDPREFMP) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdprefmp.sys  (File signed by Microsoft)

"@%SystemRoot%\System32\drivers\scfilter.sys,-11" (scfilter) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\scfilter.sys  (File signed by Microsoft)

"@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101" (tssecsrv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tssecsrv.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000" (TsUsbFlt) - "Microsoft Corporation" - C:\Windows\System32\drivers\tsusbflt.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\drivers\volmgrx.sys,-100" (volmgrx) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgrx.sys  (File signed by Microsoft)

"@%systemroot%\System32\drivers\ws2ifsl.sys,-1000" (ws2ifsl) - "Microsoft Corporation" - C:\Windows\system32\drivers\ws2ifsl.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\FirewallAPI.dll,-23092" (mpsdrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\mpsdrv.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32000" (AsyncMac) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\asyncmac.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32001" (NdisTapi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndistapi.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32002" (NdisWan) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiswan.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32005" (Rasl2tp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasl2tp.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32006" (PptpMiniport) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspptp.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32007" (RasPppoe) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspppoe.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32011" (WANARP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32012" (Wanarpv6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys  (File signed by Microsoft)

"@%systemroot%\system32\rascfg.dll,-32013" (IpFilterDriver) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ipfltdrv.sys  (File signed by Microsoft)

"@%systemroot%\system32\srvsvc.dll,-102" (srv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv.sys  (File signed by Microsoft)

"@%systemroot%\system32\srvsvc.dll,-104" (srv2) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv2.sys  (File signed by Microsoft)

"@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rassstp.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\tcpipcfg.dll,-50003" (Tcpip) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpip.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tdx.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\tcpipcfg.dll,-50005" (Smb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\smb.sys  (File signed by Microsoft)

"@%SystemRoot%\system32\vmstorfltres.dll,-1000" (storflt) - "Microsoft Corporation" - C:\Windows\System32\drivers\vmstorfl.sys  (File signed by Microsoft)

"@%systemroot%\system32\webclnt.dll,-104" (MRxDAV) - "Microsoft Corporation" - C:\Windows\system32\drivers\mrxdav.sys  (File signed by Microsoft)

"@%systemroot%\system32\wkssvc.dll,-1000" (rdbss) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdbss.sys  (File signed by Microsoft)

"@%systemroot%\system32\wkssvc.dll,-1002" (mrxsmb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb.sys  (File signed by Microsoft)

"@%systemroot%\system32\wkssvc.dll,-1004" (mrxsmb10) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb10.sys  (File signed by Microsoft)

"@%systemroot%\system32\wkssvc.dll,-1006" (mrxsmb20) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb20.sys  (File signed by Microsoft)

"ACPI Power Meter Driver" (AcpiPmi) - "Microsoft Corporation" - C:\Windows\system32\drivers\acpipmi.sys  (File signed by Microsoft)

"adp94xx" (adp94xx) - "Adaptec, Inc." - C:\Windows\system32\drivers\adp94xx.sys  (File signed by Microsoft)

"adpahci" (adpahci) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpahci.sys  (File signed by Microsoft)

"adpu320" (adpu320) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpu320.sys  (File signed by Microsoft)

"aliide" (aliide) - "Acer Laboratories Inc." - C:\Windows\system32\drivers\aliide.sys  (File signed by Microsoft)

"AMD K8 Processor Driver" (AmdK8) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdk8.sys  (File signed by Microsoft)

"AMD Processor Driver" (AmdPPM) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdppm.sys  (File signed by Microsoft)

"amdide" (amdide) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdide.sys  (File signed by Microsoft)

"amdsata" (amdsata) - "Advanced Micro Devices" - C:\Windows\system32\drivers\amdsata.sys  (File signed by Microsoft)

"amdsbs" (amdsbs) - "AMD Technologies Inc." - C:\Windows\system32\drivers\amdsbs.sys  (File signed by Microsoft)

"amdxata" (amdxata) - "Advanced Micro Devices" - C:\Windows\System32\drivers\amdxata.sys  (File signed by Microsoft)

"arc" (arc) - "Adaptec, Inc." - C:\Windows\system32\drivers\arc.sys  (File signed by Microsoft)

"arcsas" (arcsas) - "Adaptec, Inc." - C:\Windows\system32\drivers\arcsas.sys  (File signed by Microsoft)

"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys

"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr2.sys

"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys

"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys

"aswStm" (aswStm) - "AVAST Software" - C:\Windows\system32\drivers\aswStm.sys

"avast! HardwareID" (aswHwid) - ? - C:\Windows\system32\drivers\aswHwid.sys

"avast! Revert" (aswRvrt) - ? - C:\Windows\system32\drivers\aswRvrt.sys

"avast! VM Monitor" (aswVmm) - ? - C:\Windows\system32\drivers\aswVmm.sys

"AVZ-RK Kernel Driver" (uzmynzgy) - ? - C:\Windows\system32\Drivers\uzmynzgy.sys  (File not found)

"Beep" (Beep) - "Microsoft Corporation" - C:\Windows\system32\drivers\Beep.sys  (File signed by Microsoft)

"blbdrive" (blbdrive) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\blbdrive.sys  (File signed by Microsoft)

"Bluetooth Serial Communications Driver" (BTHMODEM) - "Microsoft Corporation" - C:\Windows\system32\drivers\bthmodem.sys  (File signed by Microsoft)

"Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" (b57nd60a) - "Broadcom Corporation" - C:\Windows\System32\DRIVERS\b57nd60a.sys  (File signed by Microsoft)

"Broadcom NetXtreme II 10 GigE VBD" (ebdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\evbda.sys  (File signed by Microsoft)

"Broadcom NetXtreme II VBD" (b06bdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\bxvbda.sys  (File signed by Microsoft)

"Brother MFC Serial Port Interface Driver (WDM)" (Brserid) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\Brserid.sys  (File signed by Microsoft)

"Brother MFC USB Fax Only Modem" (BrUsbMdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbMdm.sys  (File signed by Microsoft)

"Brother MFC USB Serial WDM Driver" (BrUsbSer) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbSer.sys  (File signed by Microsoft)

"Brother USB Mass-Storage Lower Filter Driver" (BrFiltLo) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltLo.sys  (File signed by Microsoft)

"Brother USB Mass-Storage Upper Filter Driver" (BrFiltUp) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltUp.sys  (File signed by Microsoft)

"Brother WDM Serial driver" (BrSerWdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrSerWdm.sys  (File signed by Microsoft)

"BTHORM" (BTHORM) - "Toolwiz.com" - C:\Windows\System32\Drivers\BTHORM.sys

"Busenumeratortreiber für Verbundgeräte" (CompositeBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CompositeBus.sys  (File signed by Microsoft)

"CD-ROM-Laufwerktreiber" (cdrom) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdrom.sys  (File signed by Microsoft)

"CD/DVD File System Reader" (cdfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdfs.sys  (File signed by Microsoft)

"cmdide" (cmdide) - "CMD Technology, Inc." - C:\Windows\system32\drivers\cmdide.sys  (File signed by Microsoft)

"CNG" (CNG) - "Microsoft Corporation" - C:\Windows\System32\Drivers\cng.sys  (File signed by Microsoft)

"Consumer IR Devices" (circlass) - "Microsoft Corporation" - C:\Windows\system32\drivers\circlass.sys  (File signed by Microsoft)

"Crcdisk Filter Driver" (crcdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\crcdisk.sys  (File signed by Microsoft)

"dmvsc" (dmvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\dmvsc.sys  (File signed by Microsoft)

"eHome Infrared Receiver (USBCIR)" (usbcir) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbcir.sys  (File signed by Microsoft)

"elxstor" (elxstor) - "Emulex" - C:\Windows\system32\drivers\elxstor.sys  (File signed by Microsoft)

"Enumerator-Treiber für Microsoft Virtual Drive" (vdrvroot) - "Microsoft Corporation" - C:\Windows\System32\drivers\vdrvroot.sys  (File signed by Microsoft)

"exFAT File System Driver" (exfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\exfat.sys  (File signed by Microsoft)

"FAT12/16/32 File System Driver" (fastfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\fastfat.sys  (File signed by Microsoft)

"Floppy Disk Controller Driver" (fdc) - "Microsoft Corporation" - C:\Windows\system32\drivers\fdc.sys  (File signed by Microsoft)

"Floppy Disk Driver" (flpydisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\flpydisk.sys  (File signed by Microsoft)

"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\Windows\system32\drivers\Fs_Rec.sys  (File signed by Microsoft)

"Hauppauge Consumer Infrared Receiver" (hcw85cir) - "Hauppauge Computer Works, Inc." - C:\Windows\system32\drivers\hcw85cir.sys  (File signed by Microsoft)

"HID UPS Battery Driver" (HidBatt) - "Microsoft Corporation" - C:\Windows\system32\drivers\HidBatt.sys  (File signed by Microsoft)

"High-Capacity Floppy Disk Drive" (sfloppy) - "Microsoft Corporation" - C:\Windows\system32\drivers\sfloppy.sys  (File signed by Microsoft)

"HpSAMD" (HpSAMD) - "Hewlett-Packard Company" - C:\Windows\system32\drivers\HpSAMD.sys  (File signed by Microsoft)

"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\i8042prt.sys  (File signed by Microsoft)

"iaStorV" (iaStorV) - "Intel Corporation" - C:\Windows\system32\drivers\iaStorV.sys  (File signed by Microsoft)

"IDE-Kanal" (atapi) - "Microsoft Corporation" - C:\Windows\System32\drivers\atapi.sys  (File signed by Microsoft)

"iirsp" (iirsp) - "Intel Corp./ICP vortex GmbH" - C:\Windows\system32\drivers\iirsp.sys  (File signed by Microsoft)

"Intel AGP Bus Filter" (agp440) - "Microsoft Corporation" - C:\Windows\system32\drivers\agp440.sys  (File signed by Microsoft)

"Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\Windows\System32\DRIVERS\iaStor.sys  (File signed by Microsoft)

"Intel(R) Management Engine Interface" (MEIx64) - "Intel Corporation" - C:\Windows\System32\DRIVERS\HECIx64.sys  (File signed by Microsoft)

"Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\intelppm.sys  (File signed by Microsoft)

"intelide" (intelide) - "Microsoft Corporation" - C:\Windows\system32\drivers\intelide.sys  (File signed by Microsoft)

"Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter" (AMPPAL) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AMPPAL.sys  (File signed by Microsoft)

"IP Network Address Translator" (IPNAT) - "Microsoft Corporation" - C:\Windows\System32\drivers\ipnat.sys  (File signed by Microsoft)

"IPMIDRV" (IPMIDRV) - "Microsoft Corporation" - C:\Windows\system32\drivers\IPMIDrv.sys  (File signed by Microsoft)

"isapnp" (isapnp) - "Microsoft Corporation" - C:\Windows\system32\drivers\isapnp.sys  (File signed by Microsoft)

"iScsiPort Driver" (iScsiPrt) - "Microsoft Corporation" - C:\Windows\system32\drivers\msiscsi.sys  (File signed by Microsoft)

"Kernel Mode Driver Frameworks service" (Wdf01000) - "Microsoft Corporation" - C:\Windows\System32\drivers\Wdf01000.sys  (File signed by Microsoft)

"Kernel Streaming Thunks" (ksthunk) - "Microsoft Corporation" - C:\Windows\system32\drivers\ksthunk.sys  (File signed by Microsoft)

"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecdd.sys  (File signed by Microsoft)

"KSecPkg" (KSecPkg) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecpkg.sys  (File signed by Microsoft)

"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\Windows\System32\drivers\disk.sys  (File signed by Microsoft)

"LDDM Graphics Subsystem" (DXGKrnl) - "Microsoft Corporation" - C:\Windows\System32\drivers\dxgkrnl.sys  (File signed by Microsoft)

"Link-Layer Topology Discovery Mapper I/O Driver" (lltdio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\lltdio.sys  (File signed by Microsoft)

"Link-Layer Topology Discovery Responder" (rspndr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rspndr.sys  (File signed by Microsoft)

"LSI_FC" (LSI_FC) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_fc.sys  (File signed by Microsoft)

"LSI_SAS" (LSI_SAS) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas.sys  (File signed by Microsoft)

"LSI_SAS2" (LSI_SAS2) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas2.sys  (File signed by Microsoft)

"LSI_SCSI" (LSI_SCSI) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_scsi.sys  (File signed by Microsoft)

"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouhid.sys  (File signed by Microsoft)

"Mausklassentreiber" (mouclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouclass.sys  (File signed by Microsoft)

"megasas" (megasas) - "LSI Corporation" - C:\Windows\system32\drivers\megasas.sys  (File signed by Microsoft)

"MegaSR" (MegaSR) - "LSI Corporation, Inc." - C:\Windows\system32\drivers\MegaSR.sys  (File signed by Microsoft)

"Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst" (HdAudAddService) - "Microsoft Corporation" - C:\Windows\System32\drivers\HdAudio.sys  (File signed by Microsoft)

"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\Windows\System32\drivers\ACPI.sys  (File signed by Microsoft)

"Microsoft AGPv3.5 Filter" (uagp35) - "Microsoft Corporation" - C:\Windows\system32\drivers\uagp35.sys  (File signed by Microsoft)

"Microsoft Bluetooth HID Miniport" (HidBth) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidbth.sys  (File signed by Microsoft)

"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\compbatt.sys  (File signed by Microsoft)

"Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms" (gagp30kx) - "Microsoft Corporation" - C:\Windows\system32\drivers\gagp30kx.sys  (File signed by Microsoft)

"Microsoft Hardware Error Device Driver" (ErrDev) - "Microsoft Corporation" - C:\Windows\system32\drivers\errdev.sys  (File signed by Microsoft)

"Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\hidusb.sys  (File signed by Microsoft)

"Microsoft Infrared HID Driver" (HidIr) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidir.sys  (File signed by Microsoft)

"Microsoft Input Configuration Driver" (MTConfig) - "Microsoft Corporation" - C:\Windows\system32\drivers\MTConfig.sys  (File signed by Microsoft)

"Microsoft IPv6 Protocol Driver" (TCPIP6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tcpip.sys  (File signed by Microsoft)

"Microsoft Monitor-Klassenfunktionstreiber-Dienst" (monitor) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\monitor.sys  (File signed by Microsoft)

"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPCLOCK.sys  (File signed by Microsoft)

"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPQM.sys  (File signed by Microsoft)

"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbccgp.sys  (File signed by Microsoft)

"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSKSSRV.sys  (File signed by Microsoft)

"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSTEE.sys  (File signed by Microsoft)

"Microsoft Trusted Audio Drivers" (drmkaud) - "Microsoft Corporation" - C:\Windows\System32\drivers\drmkaud.sys  (File signed by Microsoft)

"Microsoft UMPass Driver" (UmPass) - "Microsoft Corporation" - C:\Windows\system32\drivers\umpass.sys  (File signed by Microsoft)

"Microsoft USB Open Host Controller Miniport Driver" (usbohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbohci.sys  (File signed by Microsoft)

"Microsoft USB PRINTER Class" (usbprint) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbprint.sys  (File signed by Microsoft)

"Microsoft USB Universal Host Controller Miniport Driver" (usbuhci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbuhci.sys  (File signed by Microsoft)

"Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbhub.sys  (File signed by Microsoft)

"Microsoft Virtual WiFi Miniport Service" (vwifimp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifimp.sys  (File signed by Microsoft)

"Microsoft Windows Management Interface for ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wmiacpi.sys  (File signed by Microsoft)

"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mssmbios.sys  (File signed by Microsoft)

"Microsoft-Tunnelminiport-Adaptertreiber" (tunnel) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tunnel.sys  (File signed by Microsoft)

"Microsoft-UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\HDAudBus.sys  (File signed by Microsoft)

"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbehci.sys  (File signed by Microsoft)

"Modem" (Modem) - "Microsoft Corporation" - C:\Windows\System32\drivers\modem.sys  (File signed by Microsoft)

"mpio" (mpio) - "Microsoft Corporation" - C:\Windows\system32\drivers\mpio.sys  (File signed by Microsoft)

"msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys  (File signed by Microsoft)

"msdsm" (msdsm) - "Microsoft Corporation" - C:\Windows\system32\drivers\msdsm.sys  (File signed by Microsoft)

"Msfs" (Msfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Msfs.sys  (File signed by Microsoft)

"msisadrv" (msisadrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\msisadrv.sys  (File signed by Microsoft)

"MsRPC" (MsRPC) - "Microsoft Corporation" - C:\Windows\system32\drivers\MsRPC.sys  (File signed by Microsoft)

"NativeWiFi Filter" (NativeWifiP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\nwifi.sys  (File signed by Microsoft)

"NDIS Capture LightWeight Filter" (NdisCap) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiscap.sys  (File signed by Microsoft)

"NDIS Usermode I/O Protocol" (Ndisuio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndisuio.sys  (File signed by Microsoft)

"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\Windows\system32\drivers\NDProxy.sys  (File signed by Microsoft)

"NetBIOS Interface" (NetBIOS) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbios.sys  (File signed by Microsoft)

"nfrd960" (nfrd960) - "IBM Corporation" - C:\Windows\system32\drivers\nfrd960.sys  (File signed by Microsoft)

"Npfs" (Npfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Npfs.sys  (File signed by Microsoft)

"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Ntfs.sys  (File signed by Microsoft)

"Null" (Null) - "Microsoft Corporation" - C:\Windows\system32\drivers\Null.sys  (File signed by Microsoft)

"NVIDIA nForce AGP Bus Filter" (nv_agp) - "Microsoft Corporation" - C:\Windows\system32\drivers\nv_agp.sys  (File signed by Microsoft)

"nvraid" (nvraid) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvraid.sys  (File signed by Microsoft)

"nvstor" (nvstor) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvstor.sys  (File signed by Microsoft)

"Parallel port driver" (Parport) - "Microsoft Corporation" - C:\Windows\system32\drivers\parport.sys  (File signed by Microsoft)

"PCI-Bus-Treiber" (pci) - "Microsoft Corporation" - C:\Windows\System32\drivers\pci.sys  (File signed by Microsoft)

"pciide" (pciide) - "Microsoft Corporation" - C:\Windows\system32\drivers\pciide.sys  (File signed by Microsoft)

"pcmcia" (pcmcia) - "Microsoft Corporation" - C:\Windows\system32\drivers\pcmcia.sys  (File signed by Microsoft)

"PEAUTH" (PEAUTH) - "Microsoft Corporation" - C:\Windows\System32\drivers\peauth.sys  (File signed by Microsoft)

"Performance Counters for Windows Driver" (pcw) - "Microsoft Corporation" - C:\Windows\System32\drivers\pcw.sys  (File signed by Microsoft)

"Processor Driver" (Processor) - "Microsoft Corporation" - C:\Windows\system32\drivers\processr.sys  (File signed by Microsoft)

"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf_amd64.sys

"ql2300" (ql2300) - "QLogic Corporation" - C:\Windows\system32\drivers\ql2300.sys  (File signed by Microsoft)

"ql40xx" (ql40xx) - "QLogic Corporation" - C:\Windows\system32\drivers\ql40xx.sys  (File signed by Microsoft)

"Qualcomm Atheros Extensible Wireless LAN device driver" (athr) - "Qualcomm Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\athrx.sys  (File signed by Microsoft)

"RDP Winstation Driver" (RDPWD) - "Microsoft Corporation" - C:\Windows\system32\drivers\RDPWD.sys  (File signed by Microsoft)

"ReadyBoost" (rdyboost) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdyboost.sys  (File signed by Microsoft)

"Realtek 8167 NT Driver" (RTL8167) - "Realtek                                            " - C:\Windows\System32\DRIVERS\Rt64win7.sys  (File signed by Microsoft)

"Remote Access Auto Connection Driver" (RasAcd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasacd.sys  (File signed by Microsoft)

"Remote Desktop Device Redirector Bus Driver" (rdpbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdpbus.sys  (File signed by Microsoft)

"Remote Desktop Generic USB Device" (TsUsbGD) - "Microsoft Corporation" - C:\Windows\system32\drivers\TsUsbGD.sys  (File signed by Microsoft)

"s3cap" (s3cap) - "Microsoft Corporation" - C:\Windows\system32\drivers\vms3cap.sys  (File signed by Microsoft)

"sbp2port" (sbp2port) - "Microsoft Corporation" - C:\Windows\system32\drivers\sbp2port.sys  (File signed by Microsoft)

"Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys  (File signed by Microsoft)

"Security Processor Loader Driver" (spldr) - "Microsoft Corporation" - C:\Windows\system32\drivers\spldr.sys  (File signed by Microsoft)

"Serenum Filter Driver" (Serenum) - "Microsoft Corporation" - C:\Windows\system32\drivers\serenum.sys  (File signed by Microsoft)

"Serial" (Serial) - "Microsoft Corporation" - C:\Windows\system32\drivers\serial.sys  (File signed by Microsoft)

"Serial Mouse Driver" (sermouse) - "Microsoft Corporation" - C:\Windows\system32\drivers\sermouse.sys  (File signed by Microsoft)

"Service for NVIDIA High Definition Audio Driver" (NVHDA) - "NVIDIA Corporation" - C:\Windows\System32\drivers\nvhda64v.sys  (File signed by Microsoft)

"SFF Storage Class Driver" (sffdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffdisk.sys  (File signed by Microsoft)

"SFF Storage Protocol Driver for MMC" (sffp_mmc) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_mmc.sys  (File signed by Microsoft)

"SFF Storage Protocol Driver for SDBus" (sffp_sd) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_sd.sys  (File signed by Microsoft)

"SiSRaid2" (SiSRaid2) - "Silicon Integrated Systems Corp." - C:\Windows\system32\drivers\SiSRaid2.sys  (File signed by Microsoft)

"SiSRaid4" (SiSRaid4) - "Silicon Integrated Systems" - C:\Windows\system32\drivers\sisraid4.sys  (File signed by Microsoft)

"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\swenum.sys  (File signed by Microsoft)

"Speichervolumes" (volsnap) - "Microsoft Corporation" - C:\Windows\System32\drivers\volsnap.sys  (File signed by Microsoft)

"srvnet" (srvnet) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srvnet.sys  (File signed by Microsoft)

"stexstor" (stexstor) - "Promise Technology" - C:\Windows\system32\drivers\stexstor.sys  (File signed by Microsoft)

"storvsc" (storvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\storvsc.sys  (File signed by Microsoft)

"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdhid.sys  (File signed by Microsoft)

"Tastaturklassentreiber" (kbdclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdclass.sys  (File signed by Microsoft)

"TCP/IP Registry Compatibility" (tcpipreg) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpipreg.sys  (File signed by Microsoft)

"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdpipe.sys  (File signed by Microsoft)

"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdtcp.sys  (File signed by Microsoft)

"Terminal Server Device Redirector Driver" (RDPDR) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpdr.sys  (File signed by Microsoft)

"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\termdd.sys  (File signed by Microsoft)

"Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku" (CmBatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CmBatt.sys  (File signed by Microsoft)

"Treiber für Volume-Manager" (volmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgr.sys  (File signed by Microsoft)

"udfs" (udfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\udfs.sys  (File signed by Microsoft)

"Uli AGP Bus Filter" (uliagpkx) - "Microsoft Corporation" - C:\Windows\system32\drivers\uliagpkx.sys  (File signed by Microsoft)

"UMBusenumerator-Treiber" (umbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\umbus.sys  (File signed by Microsoft)

"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\USBSTOR.SYS  (File signed by Microsoft)

"USB-Videogerät (WDM)" (usbvideo) - "Microsoft Corporation" - C:\Windows\System32\Drivers\usbvideo.sys  (File signed by Microsoft)

"User Mode Driver Frameworks Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\Windows\System32\drivers\WudfPf.sys  (File signed by Microsoft)

"vga" (vga) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vgapnp.sys  (File signed by Microsoft)

"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\Windows\System32\drivers\vga.sys  (File signed by Microsoft)

"vhdmp" (vhdmp) - "Microsoft Corporation" - C:\Windows\system32\drivers\vhdmp.sys  (File signed by Microsoft)

"viaide" (viaide) - "VIA Technologies, Inc." - C:\Windows\system32\drivers\viaide.sys  (File signed by Microsoft)

"Virtual WiFi Filter Driver" (VWiFiFlt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwififlt.sys  (File signed by Microsoft)

"Virtueller WiFi-Bustreiber" (vwifibus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifibus.sys  (File signed by Microsoft)

"vmbus" (vmbus) - "Microsoft Corporation" - C:\Windows\system32\drivers\vmbus.sys  (File signed by Microsoft)

"VMBusHID" (VMBusHID) - "Microsoft Corporation" - C:\Windows\system32\drivers\VMBusHID.sys  (File signed by Microsoft)

"vsmraid" (vsmraid) - "VIA Technologies Inc.,Ltd" - C:\Windows\system32\drivers\vsmraid.sys  (File signed by Microsoft)

"Wacom Serial Pen HID Driver" (WacomPen) - "Microsoft Corporation" - C:\Windows\system32\drivers\wacompen.sys  (File signed by Microsoft)

"WAN Miniport (IKEv2)" (RasAgileVpn) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\AgileVpn.sys  (File signed by Microsoft)

"Wd" (Wd) - "Microsoft Corporation" - C:\Windows\system32\drivers\wd.sys  (File signed by Microsoft)

"WFP Lightweight Filter" (WfpLwf) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wfplwf.sys  (File signed by Microsoft)

"WIMMount" (WIMMount) - "Microsoft Corporation" - C:\Windows\System32\drivers\wimmount.sys  (File signed by Microsoft)

"WUDFRd" (WUDFRd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\WUDFRd.sys  (File signed by Microsoft)
 

[Explorer]

-----( HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----

-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP  (File signed by Microsoft)

>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig  (File signed by Microsoft)

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows" - "Microsoft Corporation" - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE  (File signed by Microsoft)

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /ShowWMP  (File signed by Microsoft)

{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI  (File signed by Microsoft)

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install  (File signed by Microsoft)

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll  (File signed by Microsoft)

{89820200-ECBD-11cf-8B85-00AA005B4383} "Web Platform Customizations" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings  (File signed by Microsoft)

{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll  (File signed by Microsoft)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

-----( HKLM\Software\Classes\Protocols\Filter )-----

{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll  (File signed by Microsoft)

{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\inetcomm.dll  (File signed by Microsoft)

{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)

{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)

{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)

{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll  (File signed by Microsoft)

{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll  (File signed by Microsoft)

{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)

{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll  (File signed by Microsoft)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll

{00C6D95F-329C-409a-81D7-C46C66EA7F33} "DefaultLocation" - "Microsoft Corporation" - C:\Windows\System32\shdocvw.dll  (File signed by Microsoft)

{80009818-f38f-4af1-87b5-eadab9433e58} "MF ADTS Property Handler" - "Microsoft Corporation" - C:\Windows\System32\mf.dll  (File signed by Microsoft)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\Windows\SysWOW64\ieframe.dll  (File signed by Microsoft)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
 

[Known DLLs]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----

"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Authentication packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll  (File signed by Microsoft)

"Notification packages" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\kerberos.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\schannel.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\wdigest.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\tspkg.dll  (File signed by Microsoft)

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\pku2u.dll  (File signed by Microsoft)

-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----

"SecurityProviders" - "Microsoft Corporation" - C:\Windows\system32\credssp.dll  (File signed by Microsoft)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )-----

-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )-----

-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )-----

-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows )-----

-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )-----

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )-----

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"WinPatrol" - "BillP Studios" - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices )-----

-----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff )-----

-----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"Shell" - "Microsoft Corporation" - C:\Windows\explorer.exe  (File signed by Microsoft)

"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe  (File signed by Microsoft)

-----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )-----

-----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )-----

-----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown )-----

-----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup )-----

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - "Microsoft Corporation" - C:\Windows\system32\rdpclip.exe  (File signed by Microsoft)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"AvastUI.exe" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

"THGuard" - "Mischel Internet Security" - "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"

"TrojanScanner" - "Simply Super Software" - C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices )-----

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce )-----
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Microsoft Terminal Services" - "Microsoft Corporation" - C:\Windows\System32\drprov.dll  (File signed by Microsoft)

"Microsoft Windows Network" - "Microsoft Corporation" - C:\Windows\System32\ntlanman.dll  (File signed by Microsoft)

"Web Client Network" - "Microsoft Corporation" - C:\Windows\System32\davclnt.dll  (File signed by Microsoft)
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"WSD Port" - "Microsoft Corporation" - C:\Windows\system32\WSDMon.dll  (File signed by Microsoft)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - "Microsoft Corporation" - C:\Windows\ehome\ehRecvr.exe  (File signed by Microsoft)

"@%SystemRoot%\ehome\ehres.dll,-15501" (Mcx2Svc) - "Microsoft Corporation" - C:\Windows\system32\Mcx2Svc.dll  (File signed by Microsoft)

"@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - "Microsoft Corporation" - C:\Windows\ehome\ehsched.exe  (File signed by Microsoft)

"@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193" (idsvc) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe  (File signed by Microsoft)

"@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201" (NetTcpPortSharing) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe  (File signed by Microsoft)

"@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\aelupsvc.dll,-1" (AeLookupSvc) - "Microsoft Corporation" - C:\Windows\System32\aelupsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\Alg.exe,-112" (ALG) - "Microsoft Corporation" - C:\Windows\System32\alg.exe  (File signed by Microsoft)

"@%systemroot%\system32\appidsvc.dll,-100" (AppIDSvc) - "Microsoft Corporation" - C:\Windows\System32\appidsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\appinfo.dll,-100" (Appinfo) - "Microsoft Corporation" - C:\Windows\System32\appinfo.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\audiosrv.dll,-200" (AudioSrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\AxInstSV.dll,-103" (AxInstSV) - "Microsoft Corporation" - C:\Windows\System32\AxInstSV.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\bdesvc.dll,-100" (BDESVC) - "Microsoft Corporation" - C:\Windows\System32\bdesvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\bfe.dll,-1001" (BFE) - "Microsoft Corporation" - C:\Windows\System32\bfe.dll  (File signed by Microsoft)

"@%systemroot%\system32\browser.dll,-100" (Browser) - "Microsoft Corporation" - C:\Windows\System32\browser.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\bthserv.dll,-101" (bthserv) - "Microsoft Corporation" - C:\Windows\system32\bthserv.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\certprop.dll,-11" (CertPropSvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\certprop.dll,-13" (SCPolicySvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\cryptsvc.dll,-1001" (CryptSvc) - "Microsoft Corporation" - C:\Windows\system32\cryptsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\cscsvc.dll,-200" (CscService) - "Microsoft Corporation" - C:\Windows\System32\cscsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\defragsvc.dll,-101" (defragsvc) - "Microsoft Corporation" - C:\Windows\System32\defragsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\dhcpcore.dll,-100" (Dhcp) - "Microsoft Corporation" - C:\Windows\system32\dhcpcore.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\dnsapi.dll,-101" (Dnscache) - "Microsoft Corporation" - C:\Windows\System32\dnsrslvr.dll  (File signed by Microsoft)

"@%systemroot%\system32\dot3svc.dll,-1102" (dot3svc) - "Microsoft Corporation" - C:\Windows\System32\dot3svc.dll  (File signed by Microsoft)

"@%systemroot%\system32\dps.dll,-500" (DPS) - "Microsoft Corporation" - C:\Windows\system32\dps.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\dwm.exe,-2000" (UxSms) - "Microsoft Corporation" - C:\Windows\System32\uxsms.dll  (File signed by Microsoft)

"@%systemroot%\system32\eapsvc.dll,-1" (EapHost) - "Microsoft Corporation" - C:\Windows\System32\eapsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\efssvc.dll,-100" (EFS) - "Microsoft Corporation" - C:\Windows\System32\lsass.exe  (File signed by Microsoft)

"@%systemroot%\system32\fdPHost.dll,-100" (fdPHost) - "Microsoft Corporation" - C:\Windows\system32\fdPHost.dll  (File signed by Microsoft)

"@%systemroot%\system32\fdrespub.dll,-100" (FDResPub) - "Microsoft Corporation" - C:\Windows\system32\fdrespub.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\FirewallAPI.dll,-23090" (MpsSvc) - "Microsoft Corporation" - C:\Windows\system32\mpssvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\FntCache.dll,-100" (FontCache) - "Microsoft Corporation" - C:\Windows\system32\FntCache.dll  (File signed by Microsoft)

"@%systemroot%\system32\fxsresm.dll,-118" (Fax) - "Microsoft Corporation" - C:\Windows\system32\fxssvc.exe  (File signed by Microsoft)

"@%SystemRoot%\System32\hidserv.dll,-101" (hidserv) - "Microsoft Corporation" - C:\Windows\system32\hidserv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\ikeext.dll,-501" (IKEEXT) - "Microsoft Corporation" - C:\Windows\System32\ikeext.dll  (File signed by Microsoft)

"@%systemroot%\system32\IPBusEnum.dll,-102" (IPBusEnum) - "Microsoft Corporation" - C:\Windows\system32\ipbusenum.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\iphlpsvc.dll,-500" (iphlpsvc) - "Microsoft Corporation" - C:\Windows\System32\iphlpsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\ipnathlp.dll,-106" (SharedAccess) - "Microsoft Corporation" - C:\Windows\System32\ipnathlp.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\iscsidsc.dll,-5000" (MSiSCSI) - "Microsoft Corporation" - C:\Windows\system32\iscsiexe.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\kmsvc.dll,-6" (hkmsvc) - "Microsoft Corporation" - C:\Windows\system32\kmsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\ListSvc.dll,-100" (HomeGroupListener) - "Microsoft Corporation" - C:\Windows\system32\ListSvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\lltdres.dll,-1" (lltdsvc) - "Microsoft Corporation" - C:\Windows\System32\lltdsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\lmhsvc.dll,-101" (lmhosts) - "Microsoft Corporation" - C:\Windows\System32\lmhsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - "Microsoft Corporation" - C:\Windows\system32\locator.exe  (File signed by Microsoft)

"@%systemroot%\system32\mmcss.dll,-100" (MMCSS) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll  (File signed by Microsoft)

"@%systemroot%\system32\mmcss.dll,-102" (THREADORDER) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll  (File signed by Microsoft)

"@%Systemroot%\system32\mprdim.dll,-200" (RemoteAccess) - "Microsoft Corporation" - C:\Windows\System32\mprdim.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\msimsg.dll,-27" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe  (File signed by Microsoft)

"@%SystemRoot%\System32\netlogon.dll,-102" (Netlogon) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\netman.dll,-109" (Netman) - "Microsoft Corporation" - C:\Windows\System32\netman.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\netprofm.dll,-202" (netprofm) - "Microsoft Corporation" - C:\Windows\System32\netprofm.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\nlasvc.dll,-1" (NlaSvc) - "Microsoft Corporation" - C:\Windows\System32\nlasvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\nsisvc.dll,-200" (nsi) - "Microsoft Corporation" - C:\Windows\system32\nsisvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\p2psvc.dll,-8006" (p2psvc) - "Microsoft Corporation" - C:\Windows\system32\p2psvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pcasvc.dll,-1" (PcaSvc) - "Microsoft Corporation" - C:\Windows\System32\pcasvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\peerdistsvc.dll,-9000" (PeerDistSvc) - "Microsoft Corporation" - C:\Windows\system32\peerdistsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\pla.dll,-500" (pla) - "Microsoft Corporation" - C:\Windows\system32\pla.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pnrpauto.dll,-8002" (PNRPAutoReg) - "Microsoft Corporation" - C:\Windows\system32\pnrpauto.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pnrpsvc.dll,-8000" (PNRPsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pnrpsvc.dll,-8004" (p2pimsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\polstore.dll,-5010" (PolicyAgent) - "Microsoft Corporation" - C:\Windows\System32\ipsecsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\PresentationHost.exe,-3309" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe  (File signed by Microsoft)

"@%systemroot%\system32\profsvc.dll,-300" (ProfSvc) - "Microsoft Corporation" - C:\Windows\system32\profsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\provsvc.dll,-100" (HomeGroupProvider) - "Microsoft Corporation" - C:\Windows\system32\provsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\psbase.dll,-300" (ProtectedStorage) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\qagentrt.dll,-6" (napagent) - "Microsoft Corporation" - C:\Windows\system32\qagentRT.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\qmgr.dll,-1000" (BITS) - "Microsoft Corporation" - C:\Windows\System32\qmgr.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\qwave.dll,-1" (QWAVE) - "Microsoft Corporation" - C:\Windows\system32\qwave.dll  (File signed by Microsoft)

"@%Systemroot%\system32\rasauto.dll,-200" (RasAuto) - "Microsoft Corporation" - C:\Windows\System32\rasauto.dll  (File signed by Microsoft)

"@%Systemroot%\system32\rasmans.dll,-200" (RasMan) - "Microsoft Corporation" - C:\Windows\System32\rasmans.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\samsrv.dll,-1" (SamSs) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)

"@%SystemRoot%\System32\SCardSvr.dll,-1" (SCardSvr) - "Microsoft Corporation" - C:\Windows\System32\SCardSvr.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\schedsvc.dll,-100" (Schedule) - "Microsoft Corporation" - C:\Windows\system32\schedsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\sdrsvc.dll,-107" (SDRSVC) - "Microsoft Corporation" - C:\Windows\System32\SDRSVC.dll  (File signed by Microsoft)

"@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - "Microsoft Corporation" - C:\Windows\system32\SearchIndexer.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\seclogon.dll,-7001" (seclogon) - "Microsoft Corporation" - C:\Windows\system32\seclogon.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\Sens.dll,-200" (SENS) - "Microsoft Corporation" - C:\Windows\System32\sens.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\sensrsvc.dll,-1000" (SensrSvc) - "Microsoft Corporation" - C:\Windows\system32\sensrsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\SessEnv.dll,-1026" (SessionEnv) - "Microsoft Corporation" - C:\Windows\system32\sessenv.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe  (File signed by Microsoft)

"@%systemroot%\system32\spoolsv.exe,-1" (Spooler) - "Microsoft Corporation" - C:\Windows\System32\spoolsv.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\sppsvc.exe,-101" (sppsvc) - "Microsoft Corporation" - C:\Windows\system32\sppsvc.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\sppuinotify.dll,-103" (sppuinotify) - "Microsoft Corporation" - C:\Windows\system32\sppuinotify.dll  (File signed by Microsoft)

"@%systemroot%\system32\srvsvc.dll,-100" (LanmanServer) - "Microsoft Corporation" - C:\Windows\system32\srvsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\ssdpsrv.dll,-100" (SSDPSRV) - "Microsoft Corporation" - C:\Windows\System32\ssdpsrv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\sstpsvc.dll,-200" (SstpSvc) - "Microsoft Corporation" - C:\Windows\system32\sstpsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\StorSvc.dll,-100" (StorSvc) - "Microsoft Corporation" - C:\Windows\system32\storsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\swprv.dll,-103" (swprv) - "Microsoft Corporation" - C:\Windows\System32\swprv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\sysmain.dll,-1000" (SysMain) - "Microsoft Corporation" - C:\Windows\system32\sysmain.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\TabSvc.dll,-100" (TabletInputService) - "Microsoft Corporation" - C:\Windows\System32\TabSvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\tapisrv.dll,-10100" (TapiSrv) - "Microsoft Corporation" - C:\Windows\System32\tapisrv.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\tbssvc.dll,-100" (TBS) - "Microsoft Corporation" - C:\Windows\System32\tbssvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\termsrv.dll,-268" (TermService) - "Microsoft Corporation" - C:\Windows\System32\termsrv.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\trkwks.dll,-1" (TrkWks) - "Microsoft Corporation" - C:\Windows\System32\trkwks.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\umpnpmgr.dll,-100" (PlugPlay) - "Microsoft Corporation" - C:\Windows\system32\umpnpmgr.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\umpo.dll,-100" (Power) - "Microsoft Corporation" - C:\Windows\system32\umpo.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\umrdp.dll,-1000" (UmRdpService) - "Microsoft Corporation" - C:\Windows\System32\umrdp.dll  (File signed by Microsoft)

"@%systemroot%\system32\upnphost.dll,-213" (upnphost) - "Microsoft Corporation" - C:\Windows\System32\upnphost.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\vaultsvc.dll,-1003" (VaultSvc) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe  (File signed by Microsoft)

"@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\w32time.dll,-200" (W32Time) - "Microsoft Corporation" - C:\Windows\system32\w32time.dll  (File signed by Microsoft)

"@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe  (File signed by Microsoft)

"@%Systemroot%\system32\wbem\wmisvc.dll,-205" (Winmgmt) - "Microsoft Corporation" - C:\Windows\system32\wbem\WMIsvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\wbengine.exe,-104" (wbengine) - "Microsoft Corporation" - C:\Windows\system32\wbengine.exe  (File signed by Microsoft)

"@%systemroot%\system32\wbiosrvc.dll,-100" (WbioSrvc) - "Microsoft Corporation" - C:\Windows\System32\wbiosrvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wcncsvc.dll,-3" (wcncsvc) - "Microsoft Corporation" - C:\Windows\System32\wcncsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\WcsPlugInService.dll,-200" (WcsPlugInService) - "Microsoft Corporation" - C:\Windows\System32\WcsPlugInService.dll  (File signed by Microsoft)

"@%systemroot%\system32\wdi.dll,-500" (WdiSystemHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll  (File signed by Microsoft)

"@%systemroot%\system32\wdi.dll,-502" (WdiServiceHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll  (File signed by Microsoft)

"@%systemroot%\system32\webclnt.dll,-100" (WebClient) - "Microsoft Corporation" - C:\Windows\System32\webclnt.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wecsvc.dll,-200" (Wecsvc) - "Microsoft Corporation" - C:\Windows\system32\wecsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wercplsupport.dll,-101" (wercplsupport) - "Microsoft Corporation" - C:\Windows\System32\wercplsupport.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wersvc.dll,-100" (WerSvc) - "Microsoft Corporation" - C:\Windows\System32\WerSvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wevtsvc.dll,-200" (eventlog) - "Microsoft Corporation" - C:\Windows\System32\svchost.exe  (File signed by Microsoft)

"@%SystemRoot%\system32\wiaservc.dll,-9" (stisvc) - "Microsoft Corporation" - C:\Windows\System32\wiaservc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\winhttp.dll,-100" (WinHttpAutoProxySvc) - "Microsoft Corporation" - C:\Windows\system32\winhttp.dll  (File signed by Microsoft)

"@%systemroot%\system32\wkssvc.dll,-100" (LanmanWorkstation) - "Microsoft Corporation" - C:\Windows\System32\wkssvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wlansvc.dll,-257" (Wlansvc) - "Microsoft Corporation" - C:\Windows\System32\wlansvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wpcsvc.dll,-100" (WPCSvc) - "Microsoft Corporation" - C:\Windows\System32\wpcsvc.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wpdbusenum.dll,-100" (WPDBusEnum) - "Microsoft Corporation" - C:\Windows\system32\wpdbusenum.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wscsvc.dll,-200" (wscsvc) - "Microsoft Corporation" - C:\Windows\System32\wscsvc.dll  (File signed by Microsoft)

"@%Systemroot%\system32\wsmsvc.dll,-101" (WinRM) - "Microsoft Corporation" - C:\Windows\system32\WsmSvc.dll  (File signed by Microsoft)

"@%systemroot%\system32\wuaueng.dll,-105" (wuauserv) - "Microsoft Corporation" - C:\Windows\system32\wuaueng.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wudfsvc.dll,-1000" (wudfsvc) - "Microsoft Corporation" - C:\Windows\System32\WUDFSvc.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wwansvc.dll,-257" (WwanSvc) - "Microsoft Corporation" - C:\Windows\System32\wwansvc.dll  (File signed by Microsoft)

"@%systemroot%\sysWow64\perfhost.exe,-2" (PerfHost) - "Microsoft Corporation" - C:\Windows\SysWow64\perfhost.exe  (File signed by Microsoft)

"@%windir%\system32\RpcEpMap.dll,-1001" (RpcEptMapper) - "Microsoft Corporation" - C:\Windows\System32\RpcEpMap.dll  (File signed by Microsoft)

"@appmgmts.dll,-3250" (AppMgmt) - "Microsoft Corporation" - C:\Windows\System32\appmgmts.dll  (File signed by Microsoft)

"@comres.dll,-2450" (EventSystem) - "Microsoft Corporation" - C:\Windows\system32\es.dll  (File signed by Microsoft)

"@comres.dll,-2797" (MSDTC) - "Microsoft Corporation" - C:\Windows\System32\msdtc.exe  (File signed by Microsoft)

"@comres.dll,-2946" (KtmRm) - "Microsoft Corporation" - C:\Windows\system32\msdtckrm.dll  (File signed by Microsoft)

"@comres.dll,-947" (COMSysApp) - "Microsoft Corporation" - C:\Windows\system32\dllhost.exe  (File signed by Microsoft)

"@gpapi.dll,-112" (gpsvc) - "Microsoft Corporation" - C:\Windows\System32\gpsvc.dll  (File signed by Microsoft)

"@keyiso.dll,-100" (KeyIso) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)

"@oleres.dll,-5010" (RpcSs) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll  (File signed by Microsoft)

"@oleres.dll,-5012" (DcomLaunch) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll  (File signed by Microsoft)

"@regsvc.dll,-1" (RemoteRegistry) - "Microsoft Corporation" - C:\Windows\system32\regsvc.dll  (File signed by Microsoft)

"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

"Microsoft .NET Framework NGEN v2.0.50727_X64" (clr_optimization_v2.0.50727_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe  (File signed by Microsoft)

"Microsoft .NET Framework NGEN v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  (File signed by Microsoft)

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe

"ZAtheros Wlan Agent" (ZAtheros Wlan Agent) - "Atheros" - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

-----( HKCU\Control Panel\IOProcs )-----

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"VmApplet" - "Microsoft Corporation" - C:\Windows\system32\SystemPropertiesPerformance.exe  (File signed by Microsoft)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\Windows\system32\dot3gpclnt.dll  (File signed by Microsoft)

{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} "CP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)

{8A28E2C5-8D06-49A4-A08C-632DAA493E17} "Deployed Printer Connections" - "Microsoft Corporation" - C:\Windows\system32\gpprnext.dll  (File signed by Microsoft)

{FB2CA36D-0B40-4307-821B-A13B252DE56C} "Enterprise QoS" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)

{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\Windows\system32\fdeploy.dll  (File signed by Microsoft)

{F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)

{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)

{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)

{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)

{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)

{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP Security" - "Microsoft Corporation" - C:\Windows\System32\polstore.dll  (File signed by Microsoft)

{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft Disk Quota" - "Microsoft Corporation" - C:\Windows\System32\dskquota.dll  (File signed by Microsoft)

{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\Windows\System32\cscobj.dll  (File signed by Microsoft)

{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS Packet Scheduler" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)

{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Scripts" - "Microsoft Corporation" - C:\Windows\system32\gpscript.dll  (File signed by Microsoft)

{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll  (File signed by Microsoft)

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Software Installation" - "Microsoft Corporation" - C:\Windows\system32\appmgmts.dll  (File signed by Microsoft)

{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} "TCPIP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)

{7933F41E-56F8-41d6-A31C-4148A711EE93} "Windows Search Group Policy Extension" - "Microsoft Corporation" - C:\Windows\System32\srchadmin.dll  (File signed by Microsoft)

{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Wireless Group Policy" - "Microsoft Corporation" - C:\Windows\system32\wlgpclnt.dll  (File signed by Microsoft)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

-----( HKLM\System\CurrentControlSet\Control\BootVerificationProgram )-----
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"@%SystemRoot%\system32\napinsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\napinsp.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\nlasvc.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\NLAapi.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pnrpnsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\pnrpnsp.dll,-1001" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll  (File signed by Microsoft)

"@%SystemRoot%\system32\wshtcpip.dll,-60103" - "Microsoft Corporation" - C:\Windows\System32\mswsock.dll  (File signed by Microsoft)

"NTDS" - "Microsoft Corporation" - C:\Windows\System32\winrnr.dll  (File signed by Microsoft)

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"@%SystemRoot%\System32\wship6.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wship6.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wship6.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshqos.dll,-100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshqos.dll,-101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshqos.dll,-102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshqos.dll,-103" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshtcpip.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshtcpip.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

"@%SystemRoot%\System32\wshtcpip.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Achja, eben festgestellt, meine Firefox-Sync Daten sind weg! Alle Lesezeichen und Passwörter... Firefox liefert nur noch die Standardbookmarks .... SO EINE SCH**

Mir ist auch aufgefallen, dass die Scans von Malwarebytes z. B. einfach durchlaufen ohne, dass wirklich was gescannt wird. So als ob die Malware dem Programm sagt, dass es die nfizierten Dateien überspringen soll.

und das Problem hast Du auf 2 Geräten?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

hier der scan, p.s. mir ist eingefallen,dass ich kurz bevor die probleme angefangen haben meinen usb-stick ins notebook einer kommilitonin getan hab. jetzt halt dich fest, sie hat noch zu mir gemeint, dass es ja der selbe ist den sie hat :O also doch eine bios infektion möglich? habe die ganze nacht nicht geschlafen, habe verschiedene linux-distros ausprobiert, aber beide sind verseucht mit IRGENDWAS ssh-ebury + sonstwas - ich bin fix und alle! BITTE HILFE MIR!

[/CODE]
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02

Ran by SYSTEM on MININT-U6GNBK4 on 30-05-2014 10:12:38

Running from F:\scans

Platform: WIN_7 Service Pack 1 (X64) OS Language: German Standard

Boot Mode: Recovery

Attention: Could not load system hive.

Attention: System hive is missing.
 
 
 
 

==================== Registry (Whitelisted) ==================
 

ATTENTION: Software hive is missing.
 

==================== Services (Whitelisted) =================
 
 

==================== Drivers (Whitelisted) ====================
 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 
 

==================== One Month Modified Files and Folders =======
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.

C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.

C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 13%

Total physical RAM: 4075.55 MB

Available physical RAM: 3538.27 MB

Total Pagefile: 4073.75 MB

Available Pagefile: 3521.49 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB
 

==================== Drives ================================
 

Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:212.62 GB) NTFS

Drive e: (GRMCPRXVOL_DE_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF

Drive f: () (Removable) (Total:3.69 GB) (Free:1.23 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:95 GB) (Free:69.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)

Partition 1: (Active) - (Size=95 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=347 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 

==================== End Of Log ============================

--- --- ---

Zitat:

also doch eine bios infektion möglich?

ich weiß nicht was ihr alle immer trinkt. Es gibt keine BIOS Infektion. Punkt. Im Labor, vielleicht, aber nicht drausen in der freien Wildbahn.....

FRST Scan bitte nochmal, die Registry konnte nicht geladen werden. Was ist mit meiner Frage wegen den beiden Rechnern?

Hallo, musste die Windows Partition nochmal formatieren, weil ich dummerweise selbst versucht habe etwas zu unternehmen, was dem System wohl geschadet hat. Zu deiner Frage, ja habe auf beiden Rechnern das Problem, auf meinem PC habe ich jetzt Linux am Laufen, meine Windows CD wird gar nicht mehr erkannt, auch andere CDs zum Beispiel die Ultimate Boot CD wird übergangen Kann ich dagegen irgendwas tun? - Habe mich zum Thema Rootkit eingelesen und habe jetzt die Frage, ob man bei einem Kernel-Rootkit überhaupt etwas machen kann? Ob das Schadprogramm, das sich unter Windows eingenistet hat etwas mit meinen Laufwerken machen kann? Zum Beispiel listet /dev/log/ logs auf die zum Teil 12GB groß sind!! udev.log ist 12.000 Zeilen lang - Die FRST-Log werde ich heute Abend posten - Ist es möglich einen Rookit zu entfernen, der sich so tief in den PC eingefressen hat?

Danke für deine Mühe soweit.

Vielleicht ist einfach das Laufwerk für die Tonne? Es gibt nix was nen Formatieren überlebt, wenn es korrekt gemacht wurde.

hier die log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 9 days old and could be outdated)

Ran by SYSTEM on MININT-63G3J2Q on 03-06-2014 18:57:46

Running from G:\scan

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
 
 

==================== Registry (Whitelisted) ==================
 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
 

==================== Services (Whitelisted) =================
 

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)

S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] ()

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] ()

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-03 17:41 - 2014-06-03 17:43 - 00001043 ____H () C:\Windows\EPMBatch.ept

2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk

2014-06-03 17:36 - 2013-10-09 14:34 - 03381832 _____ () C:\Windows\System32\BootMan.exe

2014-06-03 17:36 - 2013-10-09 14:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe

2014-06-03 17:36 - 2013-03-07 08:49 - 00100936 _____ () C:\Windows\System32\setupempdrvx64.exe

2014-06-03 17:36 - 2013-03-07 08:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe

2014-06-03 17:36 - 2013-03-07 08:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll

2014-06-03 17:36 - 2013-03-07 08:49 - 00017480 _____ () C:\Windows\System32\epmntdrv.sys

2014-06-03 17:36 - 2013-03-07 08:49 - 00016256 _____ () C:\Windows\System32\EuEpmGdi.dll

2014-06-03 17:36 - 2013-03-07 08:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys

2014-06-03 17:36 - 2013-03-07 08:49 - 00009800 _____ () C:\Windows\System32\EuGdiDrv.sys

2014-06-03 17:36 - 2013-03-07 08:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys

2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS

2014-06-03 17:29 - 2014-06-03 17:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 17:29 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-06-03 17:29 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-06-03 17:29 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!

2014-06-03 17:22 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2014-06-03 17:22 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2014-06-03 17:22 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2014-06-03 17:22 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll

2014-06-03 17:22 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll

2014-06-03 17:22 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2014-06-03 17:22 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2014-06-03 17:22 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2014-06-03 17:22 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip

2014-06-03 17:13 - 2014-06-03 17:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert

2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll

2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll

2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys

2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard

2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert

2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe

2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk

2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk

2014-06-03 17:10 - 2014-06-03 17:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe

2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software

2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software

2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek

2014-06-03 17:05 - 2011-01-26 20:35 - 00425064 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys

2014-06-03 17:05 - 2011-01-26 20:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll

2014-06-03 17:05 - 2011-01-26 20:35 - 00074272 _____ () C:\Windows\System32\RtNicProp64.dll

2014-06-03 17:01 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla

2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla

2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla

2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-03 16:11 - 2014-06-03 18:57 - 00000000 ____D () C:\FRST

2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-06-03 16:08 - 2014-06-03 16:09 - 00000000 ____D () C:\users\CD

2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore

2014-06-03 05:23 - 2014-06-03 16:08 - 00000000 ____D () C:\Windows\Panther

2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK

2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old

2014-06-03 04:27 - 2014-06-03 17:55 - 01300441 _____ () C:\Windows\WindowsUpdate.log

2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-06-01 01:12 - 2014-06-01 01:23 - 00000229 _____ () C:\mbr.log

2014-06-01 01:06 - 2014-05-26 21:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe

2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log

2014-06-01 00:35 - 2014-06-01 00:36 - 00000000 ____D () C:\AdwCleaner

2014-05-31 23:34 - 2014-06-03 16:08 - 00000000 ____D () C:\Recovery

2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme

2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-30 13:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr
 

==================== One Month Modified Files and Folders =======
 

2014-06-03 18:57 - 2014-06-03 16:11 - 00000000 ____D () C:\FRST

2014-06-03 17:55 - 2014-06-03 04:27 - 01300441 _____ () C:\Windows\WindowsUpdate.log

2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-03 17:52 - 2014-06-03 17:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-03 17:50 - 2010-11-21 07:21 - 00643866 _____ () C:\Windows\System32\perfh007.dat

2014-06-03 17:50 - 2010-11-21 07:21 - 00126394 _____ () C:\Windows\System32\perfc007.dat

2014-06-03 17:50 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-06-03 17:47 - 2014-06-03 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-06-03 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-03 17:45 - 2009-07-14 05:51 - 00022504 _____ () C:\Windows\setupact.log

2014-06-03 17:43 - 2014-06-03 17:41 - 00001043 ____H () C:\Windows\EPMBatch.ept

2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk

2014-06-03 17:36 - 2014-06-03 17:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert

2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS

2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!

2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip

2014-06-03 17:21 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll

2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll

2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys

2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard

2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert

2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe

2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk

2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk

2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe

2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys

2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software

2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software

2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek

2014-06-03 17:05 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\System32\restore

2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla

2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla

2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla

2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-06-03 16:09 - 2014-06-03 16:08 - 00000000 ____D () C:\users\CD

2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore

2014-06-03 16:08 - 2014-06-03 05:23 - 00000000 ____D () C:\Windows\Panther

2014-06-03 16:08 - 2014-05-31 23:34 - 00000000 ____D () C:\Recovery

2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default

2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Recovery

2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT

2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK

2014-06-03 05:23 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG

2014-06-03 05:23 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template

2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old

2014-06-03 04:33 - 2009-07-14 05:45 - 00274464 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-06-03 04:27 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log

2014-06-03 04:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\sysprep

2014-06-03 04:24 - 2010-11-21 07:27 - 00000000 ____D () C:\Windows\CSC

2014-06-01 01:23 - 2014-06-01 01:12 - 00000229 _____ () C:\mbr.log

2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log

2014-06-01 00:36 - 2014-06-01 00:35 - 00000000 ____D () C:\AdwCleaner

2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme

2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-26 21:26 - 2014-06-01 01:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe

2014-05-12 06:26 - 2014-06-03 17:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-05-12 06:26 - 2014-06-03 17:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-05-12 06:25 - 2014-06-03 17:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
 

Some content of TEMP:

====================

C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== Restore Points  =========================
 

Restore point made on: 2014-06-01 08:54:27

Restore point made on: 2014-06-03 17:05:36

Restore point made on: 2014-06-03 17:09:44

Restore point made on: 2014-06-03 17:15:26

Restore point made on: 2014-06-03 17:22:08

Restore point made on: 2014-06-03 17:27:45
 

==================== Memory info =========================== 
 

Percentage of memory in use: 13%

Total physical RAM: 4075.55 MB

Available physical RAM: 3538.39 MB

Total Pagefile: 4073.75 MB

Available Pagefile: 3529.78 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB
 

==================== Drives ================================
 

Drive c: (lol) (Fixed) (Total:95 GB) (Free:70.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Daten) (Fixed) (Total:370.66 GB) (Free:242.79 GB) NTFS

Drive e: () (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32

Drive g: () (Removable) (Total:3.69 GB) (Free:2.07 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)

Partition 1: (Not Active) - (Size=100 MB) - (Type=0B)

Partition 2: (Active) - (Size=95 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=371 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 
 

LastRegBack: 2014-06-03 04:24
 

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

> The current controlset is ControlSet001

davon gibt es verschiedene, evtl. das problem?

Nein, das ist normal. Bitte FRST vom Desktop aus laufen lassen.

Habe mittels knoppix ein Systemcheck gemacht, könntest du mal speziell über die geladenen Module, Treiber und Speicher schauen? gparted hat auch eine versteckte primäre Partition gefunden, die ich bisher noch gar nicht gesehen habe

Code:

Computer

Summary

Computer

Processor        2x Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Memory        3617MB (224MB used)

Operating System        Debian GNU/Linux 7.1

User Name        knoppix (Knoppix User)

Date/Time        Mi 04 Jun 2014 16:14:26 CEST

Display

Resolution        1366x768 pixels

OpenGL Renderer        Gallium 0.4 on NVD9

X11 Vendor        The X.Org Foundation

Multimedia

Audio Adapter        HDA-Intel - HDA Intel PCH

Audio Adapter        HDA-Intel - HDA NVidia

Input Devices

Lid Switch        

Power Button        

Sleep Button        

Power Button        

Video Bus        

AT Translated Set 2 keyboard        

Microsoft Microsoft® Nano Transceiver v2.0        

Microsoft Microsoft® Nano Transceiver v2.0        

Microsoft Microsoft® Nano Transceiver v2.0        

ETPS/2 Elantech Touchpad        

WebCam SCB-0385N        

Printers

No printers found        

SCSI Disks

ATA Hitachi HTS54505        

TSSTcorp CDDVDW TS-L633J        

Operating System

Version

Kernel        Linux 3.9.6 (i686)

Compiled        #25 SMP PREEMPT Sat Jun 15 15:27:01 CEST 2013

C Library        Unknown

Default C Compiler        GNU C Compiler version 4.7.2 (Debian 4.7.2-5)

Distribution        Debian GNU/Linux 7.1

Current Session

Computer Name        Microknoppix

User Name        knoppix (Knoppix User)

Home Directory        /home/knoppix

Desktop Environment        Unknown (Window Manager: compiz)

Misc

Uptime        5 minutes

Load Average        0,00, 0,00, 0,00

Kernel Modules

Loaded Modules

parport_pc        PC-style parallel port driver

ppdev        

lp        

parport        

ipv6        IPv6 protocol stack for Linux

coretemp        Intel Core temperature monitor

kvm_intel        

kvm        

uvcvideo        USB Video Class driver

videobuf2_vmalloc        vmalloc memory handling routines for videobuf2

videobuf2_memops        common memory handling routines for videobuf2

videobuf2_core        Driver helper framework for Video for Linux 2

samsung_laptop        Samsung Backlight driver

videodev        Device registrar for Video4Linux drivers v2

media        Device node registration for media drivers

crc32_pclmul        

arc4        ARC4 Cipher Algorithm

ath9k        Support for Atheros 802.11n wireless LAN cards.

ath9k_common        Shared library for Atheros wireless 802.11n LAN cards.

ath9k_hw        Support for Atheros 802.11n wireless LAN cards.

ath        Shared library for Atheros wireless LAN cards.

mac80211        IEEE 802.11 subsystem

cfg80211        wireless configuration support

r8169        RealTek RTL-8169 Gigabit Ethernet driver

snd_hda_codec_hdmi        HDMI HD-audio codec

mii        MII hardware support library

lpc_ich        LPC interface for Intel ICH

snd_hda_codec_realtek        Realtek HD-audio codec

i2c_i801        I801 SMBus driver

joydev        Joystick device interfaces

snd_hda_intel        Intel HDA driver

snd_hda_codec        HDA codec core

nouveau        nVidia Riva/TNT/GeForce/Quadro/Tesla

mxm_wmi        MXM WMI Driver

wmi        ACPI-WMI Mapping Driver

ttm        TTM memory manager subsystem (for DRM device)

drm_kms_helper        DRM KMS helper

Boots

Boots

Wed Jun 4 16:09        3.9.6|-

Languages

Available Languages

be_BY        Belarusian locale for Belarus

be_BY.cp1251        Belarusian locale for Belarus

be_BY.utf8        Belarusian locale for Belarus

bg_BG        Bulgarian locale for Bulgaria

bg_BG.cp1251        Bulgarian locale for Bulgaria

bg_BG.utf8        Bulgarian locale for Bulgaria

cs_CZ        Czech locale for the Czech Republic

cs_CZ.iso88592        Czech locale for the Czech Republic

cs_CZ.utf8        Czech locale for the Czech Republic

czech        Czech locale for the Czech Republic

da_DK        Danish locale for Denmark

da_DK.iso88591        Danish locale for Denmark

da_DK.utf8        Danish locale for Denmark

danish        Danish locale for Denmark

dansk        Danish locale for Denmark

de_AT@euro        German locale for Austria with Euro

de_AT.iso885915        German locale for Austria with Euro

de_AT.utf8        German locale for Austria

de_CH        German locale for Switzerland

de_CH.iso88591        German locale for Switzerland

de_CH.utf8        German locale for Switzerland

de_DE        German locale for Germany

de_DE@euro        German locale for Germany with Euro

de_DE.iso88591        German locale for Germany

de_DE.iso885915        German locale for Germany with Euro

de_DE.utf8        German locale for Germany

deutsch        German locale for Germany

en_GB        English locale for Britain

en_GB.iso88591        English locale for Britain

en_GB.iso885915        English locale for Britain

en_GB.utf8        English locale for Britain

en_IE@euro        English locale for Ireland with Euro

en_IE.iso885915        English locale for Ireland with Euro

en_IE.utf8        English locale for Ireland

en_US        English locale for the USA

en_US.iso88591        English locale for the USA

en_US.iso885915        English locale for the USA

en_US.utf8        English locale for the USA

es_ES@euro        Spanish locale for Spain with Euro

es_ES.iso885915        Spanish locale for Spain with Euro

es_ES.utf8        Spanish locale for Spain

fi_FI@euro        Finnish locale for Finland with Euro

fi_FI.iso885915        Finnish locale for Finland with Euro

fi_FI.utf8        Finnish locale for Finland

fr_FR@euro        French locale for France with Euro

fr_FR.iso885915        French locale for France with Euro

fr_FR.utf8        French locale for France

german        German locale for Germany

hebrew        Hebrew locale for Israel

he_IL        Hebrew locale for Israel

he_IL.iso88598        Hebrew locale for Israel

he_IL.utf8        Hebrew locale for Israel

hi_IN        Hindi language locale for India

hi_IN.utf8        Hindi language locale for India

hu_HU        Hungarian locale for Hungary

hu_HU.iso88592        Hungarian locale for Hungary

hu_HU.utf8        Hungarian locale for Hungary

hungarian        Hungarian locale for Hungary

it_IT@euro        Italian locale for Italy with Euro

it_IT.iso885915        Italian locale for Italy with Euro

it_IT.utf8        Italian locale for Italy

ja_JP.utf8        Japanese language locale for Japan

nl_NL@euro        Dutch locale for the Netherlands with Euro

nl_NL.iso885915        Dutch locale for the Netherlands with Euro

nl_NL.utf8        Dutch locale for the Netherlands

pl_PL        Polish locale for Poland

pl_PL.iso88592        Polish locale for Poland

pl_PL.utf8        Polish locale for Poland

polish        Polish locale for Poland

ru_RU.koi8r        Russian locale for Russia

ru_RU.utf8        Russian locale for Russia

russian        Russian locale for Russia

sk_SK        Slovak locale for Slovak

sk_SK.iso88592        Slovak locale for Slovak

sk_SK.utf8        Slovak locale for Slovak

slovak        Slovak locale for Slovak

slovene        Slovenian locale for Slovenia

slovenian        Slovenian locale for Slovenia

sl_SI        Slovenian locale for Slovenia

sl_SI.iso88592        Slovenian locale for Slovenia

sl_SI.utf8        Slovenian locale for Slovenia

tr_TR        Turkish locale for Turkey

tr_TR.iso88599        Turkish locale for Turkey

tr_TR.utf8        Turkish locale for Turkey

turkish        Turkish locale for Turkey

zh_CN.utf8        Chinese locale for Peoples Republic of China

zh_TW.utf8        Chinese locale for Taiwan R.O.C.

Filesystems

Mounted File Systems

/dev/sr0        /mnt-system        100,00 % (0,0 B of 700,9 MiB)

tmpfs        /ramdisk        0,05 % (2,8 GiB of 2,8 GiB)

/dev/cloop        /KNOPPIX        100,00 % (0,0 B of 1,9 GiB)

unionfs        /UNIONFS        0,05 % (2,8 GiB of 2,8 GiB)

unionfs        /usr        0,05 % (2,8 GiB of 2,8 GiB)

unionfs        /home        0,05 % (2,8 GiB of 2,8 GiB)

tmpfs        /run        13,79 % (17,2 MiB of 20,0 MiB)

tmpfs        /UNIONFS/var/run        13,79 % (17,2 MiB of 20,0 MiB)

tmpfs        /UNIONFS/var/lock        0,00 % (10,0 MiB of 10,0 MiB)

tmpfs        /UNIONFS/var/log        0,06 % (99,9 MiB of 100,0 MiB)

tmpfs        /tmp        0,00 % (2,0 GiB of 2,0 GiB)

udev        /dev        0,02 % (20,0 MiB of 20,0 MiB)

tmpfs        /dev/shm        0,00 % (2,0 GiB of 2,0 GiB)

Display

Display

Resolution        1366x768 pixels

Vendor        The X.Org Foundation

Version        1.12.4

Monitors

Monitor 0        1366x768 pixels

Extensions

BIG-REQUESTS        

Composite        

DAMAGE        

DOUBLE-BUFFER        

DPMS        

DRI2        

GLX        

Generic Event Extension        

MIT-SCREEN-SAVER        

MIT-SHM        

RANDR        

RECORD        

RENDER        

SECURITY        

SGI-GLX        

SHAPE        

SYNC        

X-Resource        

XC-MISC        

XFIXES        

XFree86-DGA        

XFree86-VidModeExtension        

XINERAMA        

XInputExtension        

XKEYBOARD        

XTEST        

XVideo        

XVideo-MotionCompensation        

OpenGL

Vendor        nouveau

Renderer        Gallium 0.4 on NVD9

Version        3.0 Mesa 9.1.3

Direct Rendering        Yes

Environment Variables

Environment Variables

SSH_AGENT_PID        2941

SAL_USE_VCLPLUGIN        gtk

SPEECHD_ADDRESS        unix_socket:/var/run/speech-dispatcher/speechd.sock

XDG_MENU_PREFIX        lxde-

TERM        linux

SHELL        /bin/bash

XDG_SESSION_COOKIE        7f2fcb52ce34afe36e290df148665669-1401891042.825290-1760436476

LC_ALL        de_DE.UTF-8

USER        knoppix

SSH_AUTH_SOCK        /tmp/ssh-7nhNEhcu3XsY/agent.2831

PATH        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

MAIL        /var/mail/knoppix

LC_MESSAGES        de_DE.UTF-8

COUNTRY        DE

PWD        /home/knoppix

LANG        de_DE.UTF-8.UTF-8

HOME        /home/knoppix

SHLVL        1

XDG_CONFIG_HOME        /home/knoppix/.config

LANGUAGE        de

GNOME_DESKTOP_SESSION_ID        LXDE

LOGNAME        knoppix

G_FILENAME_ENCODING        @locale

XDG_DATA_DIRS        /usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/

DBUS_SESSION_BUS_ADDRESS        unix:abstract=/tmp/dbus-Fl0u1CrfCM,guid=0229bcb028d2e5c7a6eeaa5a538f28e2

WINDOWPATH        5

DISPLAY        :0

STARTUP        /usr/bin/ssh-agent /usr/bin/ck-launch-session /usr/bin/dbus-launch --exit-with-session startlxde

XAUTHORITY        /home/knoppix/.Xauthority

_LXSESSION_PID        2946

DESKTOP_SESSION        LXDE

XDG_CURRENT_DESKTOP        LXDE

Users

Users

root        root

daemon        daemon

bin        bin

sys        sys

sync        sync

games        games

man        man

lp        lp

mail        mail

news        news

uucp        uucp

proxy        proxy

www-data        www-data

backup        backup

list        Mailing List Manager

irc        ircd

gnats        Gnats Bug-Reporting System (admin)

nobody        nobody

libuuid        

messagebus        

knoppix        Knoppix User

speech-dispatcher        Speech Dispatcher

polkituser        PolicyKit

festival        

saned        

statd        

partimag        Partimage Server

sshd        

tftp        tftp daemon

hplip        HPLIP system user

avahi        Avahi mDNS daemon

mysql        MySQL Server

postgres        PostgreSQL administrator

privoxy        

debian-tor        

vde2-net        

timidity        TiMidity++ MIDI sequencer service

usbmux        usbmux daemon

ntop        

libvirt-qemu        Libvirt Qemu

colord        colord colour management daemon

nx        

syslog        

klog        

haldaemon        Hardware abstraction layer

distccd        

Devices

Processor

Processors

Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz        2714,00MHz

Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz        2691,00MHz

Memory

Memory

Total Memory        3617536 kB

Free Memory        3167052 kB

Buffers        74516 kB

Cached        226064 kB

Cached Swap        0 kB

Active        138412 kB

Inactive        237616 kB

Active(anon)        78976 kB

Inactive(anon)        2048 kB

Active(file)        59436 kB

Inactive(file)        235568 kB

Unevictable        0 kB

Mlocked        0 kB

High Memory        2748360 kB

Free High Memory        2419568 kB

Low Memory        869176 kB

Free Low Memory        747484 kB

Virtual Memory        2713148 kB

Free Virtual Memory        2713148 kB

Dirty        0 kB

Writeback        0 kB

AnonPages        75448 kB

Mapped        40264 kB

Shmem        5576 kB

Slab        42416 kB

SReclaimable        19656 kB

SUnreclaim        22760 kB

KernelStack        1696 kB

PageTables        1868 kB

NFS_Unstable        0 kB

Bounce        0 kB

WritebackTmp        0 kB

CommitLimit        4521916 kB

Committed_AS        418556 kB

VmallocTotal        122880 kB

VmallocUsed        63432 kB

VmallocChunk        50864 kB

HardwareCorrupted        0 kB

HugePages_Total        0

HugePages_Free        0

HugePages_Rsvd        0

HugePages_Surp        0

Hugepagesize        4096 kB

DirectMap4k        16376 kB

DirectMap4M        892928 kB

PCI Devices

PCI Devices

Host bridge        Intel Corporation 2nd Generation Core Processor Family DRAM Controller

PCI bridge        Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port

Communication controller        Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1

USB controller        Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2

Audio device        Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller

PCI bridge        Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1

PCI bridge        Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4

USB controller        Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1

ISA bridge        Intel Corporation HM65 Express Chipset Family LPC Controller

IDE interface        Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

SMBus        Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller

IDE interface        Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

VGA compatible controller        NVIDIA Corporation GF119 [GeForce GT 520M]

Audio device        NVIDIA Corporation GF119 HDMI Audio Controller

Network controller        Atheros Communications Inc. AR9285 Wireless Network Adapter

Ethernet controller        Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller

USB Devices

Printers

Printers

No printers found        

Battery

Battery: BAT1

State        discharging (load: 1804 mA)

Capacity        2232 mAh / 4400 mAh (50,73%)

Battery Technology        rechargeable (LION)

Model Number        

Serial Number        

Sensors

Input Devices

Input Devices

Lid Switch        

Power Button        

Sleep Button        

Power Button        

Video Bus        

AT Translated Set 2 keyboard        

Microsoft Microsoft® Nano Transceiver v2.0        

Microsoft Microsoft® Nano Transceiver v2.0        

Microsoft Microsoft® Nano Transceiver v2.0        

ETPS/2 Elantech Touchpad        

WebCam SCB-0385N        

Storage

SCSI Disks

ATA Hitachi HTS54505        

TSSTcorp CDDVDW TS-L633J        

DMI

BIOS

Date        11/21/2012

Vendor        Phoenix Technologies Ltd. (www.phoenix.com)

Version        07PQ

Board

Name        RV420/RV520/RV720/E3530/S3530/E3420/E3520

Vendor        SAMSUNG ELECTRONICS CO., LTD. (www.samsung.com)

Resources

I/O Ports

0000-0cf7         PCI Bus 0000:00

0000-001f         dma1

0020-0021         pic1

0040-0043         timer0

0050-0053         timer1

0060-0060         keyboard

0062-0062         EC data

0064-0064         keyboard

0066-0066         EC cmd

0070-0077         rtc0

0080-008f         dma page reg

00a0-00a1         pic2

00c0-00df         dma2

00f0-00ff         fpu

0170-0177         pata_legacy

01f0-01f7         pata_legacy

0376-0376         pata_legacy

03c0-03df         vga+

03f6-03f6         pata_legacy

0400-0453         pnp 00:04

0400-0403         ACPI PM1a_EVT_BLK

0404-0405         ACPI PM1a_CNT_BLK

0408-040b         ACPI PM_TMR

0410-0415         ACPI CPU throttle

0420-042f         ACPI GPE0_BLK

0430-0433         iTCO_wdt

0450-0450         ACPI PM2_CNT_BLK

0454-0457         pnp 00:06

0458-047f         pnp 00:04

0460-047f         iTCO_wdt

0500-057f         pnp 00:04

0680-069f         pnp 00:04

0a00-0a0f         pnp 00:04

0cf8-0cff         PCI conf1

0d00-ffff         PCI Bus 0000:00

1000-100f         pnp 00:04

164e-164f         pnp 00:04

2000-2fff         PCI Bus 0000:03

2000-20ff         Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller

2000-20ff         RealTek RTL-8169 Gigabit Ethernet driver

3000-3fff         PCI Bus 0000:01

3000-307f         NVIDIA Corporation GF119 [GeForce GT 520M]

4020-402f         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4020-402f         ata_piix

4030-403f         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4030-403f         ata_piix

4040-404f         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

4040-404f         ata_piix

4050-405f         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

4050-405f         ata_piix

4060-4067         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4060-4067         ata_piix

4068-406f         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4068-406f         ata_piix

4070-4077         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

4070-4077         ata_piix

4078-407f         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

4078-407f         ata_piix

4080-4083         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4080-4083         ata_piix

4084-4087         Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller

4084-4087         ata_piix

4088-408b         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

4088-408b         ata_piix

408c-408f         Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller

408c-408f         ata_piix

5000-5003         pnp 00:04

efa0-efbf         Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller

ffff-ffff         pnp 00:04

Memory

00000000-00000fff         reserved

00001000-0009d7ff         System RAM

0009d800-0009ffff         reserved

000a0000-000bffff         PCI Bus 0000:00

000a0000-000bffff         Video RAM area

000c0000-000c7fff         Video ROM

000e0000-000fffff         reserved

000f0000-000fffff         System ROM

00100000-df3eefff         System RAM

01000000-016614ee         Kernel code

016614ef-0191a0ff         Kernel data

019b5000-01a16fff         Kernel bss

df3ef000-df6eefff         reserved

df6ef000-df79efff         ACPI Non-volatile Storage

df79f000-df7fefff         ACPI Tables

df7ff000-df7fffff         System RAM

df800000-dfffffff         reserved

e0000000-feafffff         PCI Bus 0000:00

e0000000-f1ffffff         PCI Bus 0000:01

e0000000-efffffff         NVIDIA Corporation GF119 [GeForce GT 520M]

f0000000-f1ffffff         NVIDIA Corporation GF119 [GeForce GT 520M]

f2000000-f30fffff         PCI Bus 0000:01

f2000000-f2ffffff         NVIDIA Corporation GF119 [GeForce GT 520M]

f3000000-f3003fff         NVIDIA Corporation GF119 HDMI Audio Controller

f3000000-f3003fff         ICH HD audio

f3080000-f30fffff         NVIDIA Corporation GF119 [GeForce GT 520M]

f3100000-f31fffff         PCI Bus 0000:03

f3100000-f3103fff         Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller

f3100000-f3103fff         RealTek RTL-8169 Gigabit Ethernet driver

f3104000-f3104fff         Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller

f3104000-f3104fff         RealTek RTL-8169 Gigabit Ethernet driver

f3200000-f32fffff         PCI Bus 0000:02

f3200000-f320ffff         Atheros Communications Inc. AR9285 Wireless Network Adapter

f3200000-f320ffff         Support for Atheros 802.11n wireless LAN cards.

f3300000-f3303fff         Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller

f3300000-f3303fff         ICH HD audio

f3304000-f33040ff         Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller

f3305000-f330500f         Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1

f3308000-f33083ff         Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1

f3308000-f33083ff         ehci_hcd

f3309000-f33093ff         Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2

f3309000-f33093ff         ehci_hcd

f8000000-fbffffff         PCI MMCONFIG 0000 [bus 00-3f]

f8000000-fbffffff         reserved

f8000000-fbffffff         pnp 00:09

fec00000-fec00fff         reserved

fec00000-fec003ff         IOAPIC 0

fed00000-fed003ff         HPET 0

fed08000-fed08fff         reserved

fed10000-fed19fff         reserved

fed10000-fed17fff         pnp 00:09

fed18000-fed18fff         pnp 00:09

fed19000-fed19fff         pnp 00:09

fed1c000-fed1ffff         reserved

fed1c000-fed1ffff         pnp 00:09

fed1f410-fed1f414         iTCO_wdt

fed20000-fed3ffff         pnp 00:09

fed40000-fed44fff         PCI Bus 0000:00

fed45000-fed8ffff         pnp 00:09

fed90000-fed93fff         pnp 00:09

fee00000-fee00fff         Local APIC

fee00000-fee00fff         reserved

ff001000-ff7fffff         goldfish_pdev_bus

ff001000-ff7fffff         goldfish

ffd80000-ffffffff         reserved

DMA

4        cascade

Network

Interfaces

Network Interfaces

wlan0        0,00MiB        0,00MiB        

lo        0,00MiB        0,00MiB        127.0.0.1

eth0        0,00MiB        0,00MiB        

IP Connections

Connections

127.0.0.1:631        LISTEN        0.0.0.0:*        tcp

::1:631        LISTEN        :::*        tcp6

0.0.0.0:631                0.0.0.0:*        udp

Routing Table

IP routing table

ARP Table

ARP Table

DNS Servers

Name servers

Statistics

IP

4        Requests sent out

0        Incoming packets discarded

0        Incoming packets discarded

4        Requests sent out

4        Requests sent out

ICMP

0        ICMP messages failed

0        ICMP messages failed

0        ICMP messages failed

0        ICMP messages failed

TCP

3        Resets sent

0        Bad segments received.

3        Resets sent

0        Bad segments received.

0        Bad segments received.

6        Segments send out

6        Segments send out

0        Bad segments received.

0        Bad segments received.

3        Resets sent

UDP

0        Packets sent

0        Packets sent

0        Packets sent

0        Packets sent

UDPLITE

TCPEXT

0        Packet headers predicted

IPEXT

Shared Directories

SAMBA

NFS

Habe windows gestartet und einen quickscan gemacht, bekam folgende hinweise:+

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-06-04 14:47:40

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB

Running: Gmer-19357.exe; Driver: C:\Users\CD\AppData\Local\Temp\pgldqpoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\system32\winlogon.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                           000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                               000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                           00000000765ba322 1 byte [62]

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000778c1465 2 bytes [8C, 77]

.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000778c14bb 2 bytes [8C, 77]

.text   ...                                                                                                                                      * 2

.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\System32\svchost.exe[916] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\System32\svchost.exe[968] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\AUDIODG.EXE[340] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\svchost.exe[372] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]

.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory           000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory               000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory            0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           00000000765ba322 1 byte [62]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         00000000778c1465 2 bytes [8C, 77]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000778c14bb 2 bytes [8C, 77]

.text   ...                                                                                                                                      * 2

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory             000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                 000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory              0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112             00000000765ba322 1 byte [62]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000778c1465 2 bytes [8C, 77]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000778c14bb 2 bytes [8C, 77]

.text   ...                                                                                                                                      * 2

.text   C:\Windows\system32\svchost.exe[1760] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                             0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                 00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                             000000007764eecd 1 byte [62]

.text   C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                  000000007764eecd 1 byte [62]

.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                      0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                          00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                       0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\Explorer.EXE[1276] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                      000000007764eecd 1 byte [62]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                    000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                        000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                     0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                    00000000765ba322 1 byte [62]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000778c1465 2 bytes [8C, 77]

.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000778c14bb 2 bytes [8C, 77]

.text   ...                                                                                                                                      * 2

.text   C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]

.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        0000000077761490 5 bytes JMP 00000000778c0010

.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            00000000777614f0 5 bytes JMP 00000000778c0028

.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                         0000000077761810 5 bytes JMP 00000000778c0040

.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                        000000007764eecd 1 byte [62]

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                            000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                             0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter                     00000000765987c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                            00000000765ba322 1 byte [62]

.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  000000007790fab0 5 bytes JMP 0000000175308cf0

.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      000000007790fb48 5 bytes JMP 0000000175308ea0

.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory   0000000077910028 5 bytes JMP 0000000175308d80

.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112  00000000765ba322 1 byte [62]

.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                000000007790fab0 5 bytes JMP 0000000175308cf0

.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    000000007790fb48 5 bytes JMP 0000000175308ea0

.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077910028 5 bytes JMP 0000000175308d80

.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                00000000765ba322 1 byte [62]
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2600]                                                                                        000007feff310168

Thread  C:\Windows\system32\SearchIndexer.exe [2712:948]                                                                                         000007fef49e5170

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2652]                                                                                        000007fef61c69ac

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2632]                                                                                        000007fef5d63dac

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2624]                                                                                        000007fef5d61710

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2288]                                                                                        000007fef5d8c4dc

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2900]                                                                                        000007fef5d8b278
 

---- EOF - GMER 2.1 ----

hier die frst-log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 11 days old and could be outdated)

Ran by CD (administrator) on CD-PC on 05-06-2014 00:33:18

Running from H:\scan

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\wbengine.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

HKU\S-1-5-21-1778027116-683302701-3316222676-1000\...\MountPoints2: {8357a3ca-eace-11e3-a23b-806e6f6e6963} - G:\autostart.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
 

FireFox:

========

FF ProfilePath: C:\Users\CD\AppData\Roaming\Mozilla\Firefox\Profiles\3nc3miz1.default

FF NetworkProxy: "type", 0

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-03]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)

R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] ()

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-04 14:30 - 2014-06-05 00:31 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-03 18:41 - 2014-06-03 18:43 - 00001043 ____H () C:\Windows\EPMBatch.ept

2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk

2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0

2014-06-03 18:36 - 2013-10-09 15:34 - 03381832 _____ () C:\Windows\system32\BootMan.exe

2014-06-03 18:36 - 2013-10-09 15:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe

2014-06-03 18:36 - 2013-03-07 09:49 - 00100936 _____ () C:\Windows\system32\setupempdrvx64.exe

2014-06-03 18:36 - 2013-03-07 09:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe

2014-06-03 18:36 - 2013-03-07 09:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll

2014-06-03 18:36 - 2013-03-07 09:49 - 00017480 _____ () C:\Windows\system32\epmntdrv.sys

2014-06-03 18:36 - 2013-03-07 09:49 - 00016256 _____ () C:\Windows\system32\EuEpmGdi.dll

2014-06-03 18:36 - 2013-03-07 09:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys

2014-06-03 18:36 - 2013-03-07 09:49 - 00009800 _____ () C:\Windows\system32\EuGdiDrv.sys

2014-06-03 18:36 - 2013-03-07 09:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys

2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS

2014-06-03 18:29 - 2014-06-05 00:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 18:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-03 18:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-03 18:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail

2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!

2014-06-03 18:22 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-06-03 18:22 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-06-03 18:22 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-06-03 18:22 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-06-03 18:22 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-06-03 18:22 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-06-03 18:22 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-06-03 18:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-06-03 18:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip

2014-06-03 18:13 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert

2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll

2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll

2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert

2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe

2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk

2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk

2014-06-03 18:10 - 2014-06-03 18:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software

2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software

2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek

2014-06-03 18:05 - 2011-01-26 21:35 - 00425064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys

2014-06-03 18:05 - 2011-01-26 21:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll

2014-06-03 18:05 - 2011-01-26 21:35 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll

2014-06-03 18:01 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla

2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla

2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla

2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-03 17:11 - 2014-06-05 00:33 - 00000000 ____D () C:\FRST

2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-06-03 17:08 - 2014-06-05 00:32 - 00000000 ____D () C:\Users\CD

2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore

2014-06-03 17:08 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-06-03 17:08 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-06-03 06:23 - 2014-06-03 17:08 - 00000000 ____D () C:\Windows\Panther

2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK

2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old

2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2014-06-03 05:27 - 2014-06-04 14:34 - 01445451 _____ () C:\Windows\WindowsUpdate.log

2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-06-01 02:12 - 2014-06-01 02:23 - 00000229 _____ () C:\mbr.log

2014-06-01 02:06 - 2014-05-26 22:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe

2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log

2014-06-01 01:35 - 2014-06-01 01:36 - 00000000 ____D () C:\AdwCleaner

2014-06-01 00:34 - 2014-06-03 17:08 - 00000000 ____D () C:\Recovery

2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme

2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-30 14:27 - 2010-11-21 05:23 - 00383786 __RSH () C:\bootmgr
 

==================== One Month Modified Files and Folders =======
 

2014-06-05 01:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-06-05 00:33 - 2014-06-03 17:11 - 00000000 ____D () C:\FRST

2014-06-05 00:32 - 2014-06-03 18:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-05 00:32 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD

2014-06-05 00:31 - 2014-06-04 14:30 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-05 00:31 - 2009-07-14 06:51 - 00022616 _____ () C:\Windows\setupact.log

2014-06-04 14:34 - 2014-06-03 05:27 - 01445451 _____ () C:\Windows\WindowsUpdate.log

2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-03 18:52 - 2014-06-03 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-03 18:50 - 2010-11-21 08:21 - 00643866 _____ () C:\Windows\system32\perfh007.dat

2014-06-03 18:50 - 2010-11-21 08:21 - 00126394 _____ () C:\Windows\system32\perfc007.dat

2014-06-03 18:50 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-03 18:43 - 2014-06-03 18:41 - 00001043 ____H () C:\Windows\EPMBatch.ept

2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk

2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0

2014-06-03 18:36 - 2014-06-03 18:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert

2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS

2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail

2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!

2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip

2014-06-03 18:21 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll

2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll

2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert

2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert

2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe

2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk

2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk

2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software

2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software

2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek

2014-06-03 18:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore

2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla

2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla

2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla

2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore

2014-06-03 17:08 - 2014-06-03 06:23 - 00000000 ____D () C:\Windows\Panther

2014-06-03 17:08 - 2014-06-01 00:34 - 00000000 ____D () C:\Recovery

2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery

2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT

2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK

2014-06-03 06:23 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG

2014-06-03 06:23 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old

2014-06-03 05:33 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2014-06-03 05:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-06-03 05:27 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log

2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-06-03 05:24 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC

2014-06-01 02:23 - 2014-06-01 02:12 - 00000229 _____ () C:\mbr.log

2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log

2014-06-01 01:36 - 2014-06-01 01:35 - 00000000 ____D () C:\AdwCleaner

2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme

2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-05-26 22:26 - 2014-06-01 02:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe

2014-05-12 07:26 - 2014-06-03 18:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-06-03 18:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-03 18:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

Some content of TEMP:

====================

C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-06-03 05:24
 

==================== End Of Log ============================

--- --- ---

--- --- ---

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.