#GEMA-Virus 100€ zahlen // Windows7 Home 32bit

Levi1 · 03.04.2012, 00:13

Sehr geehrtes Trojaner-Board Team,

so zuverlässig und schnell ihr auch seid, es schmerzt mich euch erneut auf diese Art und Weise kontaktieren zu müssen

Ich habe mir den GEMA-Virus eingefangen, illegale Musik wurde entdeckt blahblah bitte Zahlungen einreichen für die Freischaltung blahblah, soweit so bekannt (leider).

Mein Betriebssystem ist Windows7 Home Premium 32bit und zzt. greife ich über einen Laptop auf das Board zu. Ich habe keinen Zugang zu einem PC mit Brenner :|

Vielen Dank im Vorraus und mfG,

Levi

Chris4You · 03.04.2012, 06:34

Hi,

OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

Levi1 · 03.04.2012, 09:55

Hi Chris4you,

Danke für die schnelle Antwort erstmal.

Leider erscheint der Virus mitsamt Blockierbild auch im abgesicherten Modus

MfG,

Levi

Chris4You · 03.04.2012, 10:00

Hi,

wie sieht es aus wenn Du ohne Netzwerk in den abgesicherten Modus bootest und OLT auf einen Stick kopierst.

Sonst brauchen wir OTLPE, was aber den Einsatz eines Brenners bedarf...
Die meisten Rechner haben Probleme beim Booten von USB-Sticks, kannst ja mal probieren einen mit OTL-Pe besückten Boot-USB-Stick zu erstellen (im BIOS dann die richtigen Einstellungen machen!)...

System mit OTL-PE scannen

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.

Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.

Lege eine leere CD in Deinen Brenner.

ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.

Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".

Du kannst nun die Fenster des Brennprogramms schließen.

Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.

Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hierhttp://www.trojaner-board.de/81857-c...cd-booten.html.

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.

Mache einen Doppelklick auf das OTLPE Icon.

Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.

Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.

Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.

OTLpe sollte nun starten.

chris

Levi1 · 03.04.2012, 10:24

Hi Chris4you,

leider besteht das Problem auch weiterhin im abgesicherten Modus ohne Netzwerktreiber, nur das die GEMA Seite nicht angezeigt wird, stattdessen "Die Seite kann nicht angezeigt werden"

Chris4You · 03.04.2012, 10:30

Hi,

kommst Du in die Eingabeaufforderung (ev. in den Modus booten)?
Dann OTL vom Stick rüberkopieren und laufen lassen, das Log zurückkopieren bzw. abspeichern auf dem Stick und hier posten...

chris

Levi1 · 03.04.2012, 11:15

Hi Chris4you,

hab mir einen Laptop mit Brenner organisiert und OTLPE auf eine CD gebrannt.
Habe zunächst die Boot Priorität auf ATAPI CDROM umgestellt, dann wurde jedoch normal Windows gebootet. Danach habe ich Windows als Priorität ausgeschaltet und rebootet. Dann erscheint die Meldung "Insert proper boot device" :|

Habe ich falsch/schlecht gebrannt oder liegt das evtl. am Virus?

MfG,

Levi

edit:

Hatte falsche Bootdevice eingestellt gehabt.

REATOGO-X-PE lädt und dann kommt ein Windows Xp Bootings Screen, dann bekomm ich jedoch nen Bluescreen :|

Chris4You · 03.04.2012, 13:04

Hi,

hm, so langsam wird es schwierig...

Das Teil schießt die userinit und die shell auf sich selber um, daher kommt kein desktop. Eigentlich sollt aber der abgesicherte Modus mit Eingabeaufforderung gehen...

Schon probiert?

Sonst:

Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! —) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! —

chris

Levi1 · 03.04.2012, 13:32

Hi Chris,

jetzt hb cih ein wenig die Übersicht verloren, soll ich nun Abgesichert. Modus mit Eingabeauforderung booten und dort per OTL auf nem Stick ein Log erstellen?

Der Stick kann jedoch nicht infiziert werden oder? Müsste den ja dann wieder an meinen funktionierenden Laptop anschließen, auf dem jedoch vitale Arbeitsinformationen vorhanden sind.

MfG,

Levi

Hi Chris,

als ich versucht habe den abgesicherten Modus mit eingabeaufforderung zu booten hab ich beim Starten F8 gedrückt, jedoch hat sich dann nur ein blaues Fenster geöffnet wo stand: "Select Booting Device"
Dann hab ich die Boot Priorität wieder auf die Festplatte gestellt, dann passiert aber nichts wenn ich F8 drücke, Windows wird gebootet. Als ich dann per STRG+ALT+ENTF den PC wieder ausmachen wollte, kam ein Fenster wo man die noch laufende Programme noch beenden muss/Herunterfahren erzwingen kann. Dort habe ich gemerkt das mein normaler Desktop sichtbar ist und habe auf Abbrechen gedrückt. Dann hab ich Zugriff auf meinen Desktop, alle laufenden Programme wurden anscheinend im Zuge des herunterfahrens geshlossen.

MfG,

Levi

Chris4You · 03.04.2012, 15:26

Hi,

der USB-Stick kann theoretisch verseucht werden, daher beim wiederanschluß an den sauberen Rechner (zum posten des Logs) die SHIFT-Taste gedrückt halten, bis alles erkannt wurde (unterdrückt den autostart/autorun)...

Du kannst über den Taksmanager einen neue Anwendung starten, z. B. die commandline (dazu cmd eingeben)
TaskManager->Neuer Task cmd darüber dann otl starten...
Du kannst auch probieren ob der Explorer läuft (dazu exploerer) eingeben...

Wichtig ist das OTL-Log... ;o)

chris

Levi1 · 03.04.2012, 16:13

Hi Chris4you,

hab während ich auf eine Antwort gewartet habe mal Malwarebites drüber laufen lassen und verschiedene GEMA Infektionen gefunden/gelöscht.

OTL habe ich nun über den PC selbst gezogen und laufen lassen.

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.04.2012 20:47:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Zooey Deschanel\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 53,77% Memory free
6,50 Gb Paging File | 4,73 Gb Available in Paging File | 72,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 3,21 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 796,32 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
 
Computer Name: LIANGPC | User Name: Zooey Deschanel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{270CD7D9-0669-4C7A-A80A-6B0CB83DD7DC}" = World of Warcraft Model Viewer 32-bit
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000038101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD864DB0-6A37-49B6-B23D-3B0270571234}" = ATI Catalyst Install Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DivX Setup" = DivX-Setup
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 102600" = Orcs Must Die!
"Steam App 22350" = Brink
"Steam App 24980" = Mass Effect 2
"Steam App 35700" = Trine
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ System Events ]
Error - 03.04.2012 05:15:14 | Computer Name = LiangPC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.04.2012 05:15:14 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:14 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 05:15:15 | Computer Name = LiangPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 03.04.2012 14:28:28 | Computer Name = LiangPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.04.2012 20:47:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Zooey Deschanel\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 53,77% Memory free
6,50 Gb Paging File | 4,73 Gb Available in Paging File | 72,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 3,21 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 796,32 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
 
Computer Name: LIANGPC | User Name: Zooey Deschanel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zooey Deschanel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7E D1 F9 43 9A CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 05:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 16:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.24 20:42:38 | 000,000,000 | ---D | M]
 
[2011.11.03 18:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Extensions
[2012.02.01 21:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions
[2012.02.01 21:45:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions\plugin@yontoo.com
[2012.01.08 05:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 05:06:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.20 16:54:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 22:36:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 16:54:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 16:54:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.20 16:54:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 16:54:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 16:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 16:54:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.06 18:01:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesHelper] F:\Programme\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Programme\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] F:\Spiele\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BE0245E-3722-4587-8351-0F456FCE2C84}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8474337-1BB2-49E4-A5E9-994FB57CCBA6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 20:46:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Zooey Deschanel\Desktop\OTL.exe
[2012.04.03 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2296385F-869F-40E2-ABBA-DFCD8B8F2B1B}
[2012.04.02 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\gema
[2012.04.02 23:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.04.02 12:58:40 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BCBBE01F-CE0A-4476-B784-C3065896C1C3}
[2012.04.02 00:57:53 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1CE6B4E3-29CB-4CA4-A2B8-DF69A7D71334}
[2012.04.01 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{73CA4ECE-0E1B-45DE-9E6F-FE84F310426B}
[2012.04.01 05:24:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\Desktop\Liang
[2012.04.01 00:56:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{DD729B2B-F217-4CDA-852D-47E2A71B890B}
[2012.03.31 18:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\LogMeIn Hamachi
[2012.03.31 13:43:24 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2012.03.31 13:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.31 13:43:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\.minecraft
[2012.03.31 12:55:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{CB6C2FFE-A10E-42D4-876A-5CB6B5A6F24A}
[2012.03.31 00:55:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{995E7142-5E78-4C45-9699-113161D21132}
[2012.03.30 10:35:06 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{DD528984-31F1-429E-94FE-6CAF3125EE02}
[2012.03.29 21:36:00 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{4A134275-B3ED-445A-B651-5E404B253537}
[2012.03.29 09:35:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{04481E4E-FE01-4D75-BF7A-AE0F5E00C04D}
[2012.03.28 17:05:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{97591C4C-188D-48EC-BE8E-507D27EDA9A4}
[2012.03.28 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{69FE8594-02FE-482F-91A8-C6218A13A29B}
[2012.03.27 14:29:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{57C85815-29FD-4F7C-8147-F6EE37F52E37}
[2012.03.27 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{5694E927-4A80-4CBF-825D-3A6EBD1C0C2E}
[2012.03.26 15:53:43 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{73D0BFB1-A297-4C9C-A6DF-51178A03E21F}
[2012.03.26 15:53:34 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9F2FA952-0AA9-4910-825A-2345959AFDB3}
[2012.03.25 12:35:07 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B2CFB275-43BF-4054-8E2E-199D6B20B20C}
[2012.03.25 12:34:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{FF9A7B6F-DBA6-4A56-BE7B-DBDAC4F569DC}
[2012.03.25 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.03.25 12:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.03.25 00:34:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2C418045-E7DD-4E1C-BB77-E33EAB8FAC26}
[2012.03.25 00:34:06 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3E4D988E-74B4-4CDD-89A2-AC4EEF9D15C0}
[2012.03.24 22:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2012.03.24 22:22:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012.03.24 21:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.03.24 21:50:06 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\Origin
[2012.03.24 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\Origin
[2012.03.24 21:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.03.24 21:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.03.24 21:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.03.24 12:33:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7E918AFA-070F-41C3-AFCD-5AB647904D6F}
[2012.03.24 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{02283ADA-432E-41A4-963E-696C1073FC14}
[2012.03.23 13:30:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9082D68D-8DF5-42DF-8AB6-BE5A99A13F60}
[2012.03.23 13:30:14 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E74449E0-B8B2-4DB9-B2F0-6B537D169175}
[2012.03.22 22:06:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{15E4188B-CF70-47B9-BCEC-8BDE8C94DAFA}
[2012.03.22 22:05:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{621F887D-CC7A-4DEB-8AF9-76227C0C8C86}
[2012.03.22 10:05:18 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B7482618-7F19-4E4E-AC04-641C162CF692}
[2012.03.22 10:05:08 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E1213B1B-975B-4D8B-9ABD-AB4A4BB5E7A1}
[2012.03.21 18:55:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BB6811DD-9788-49A3-A80D-6128043C4154}
[2012.03.21 18:55:10 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A422FAA1-E195-4EF6-8B24-025C50B8957F}
[2012.03.20 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{53B99206-CD1C-4800-8230-E06FDB3A3057}
[2012.03.20 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{32CF4D9A-7CB1-4045-B99D-E45CCF079BF0}
[2012.03.19 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1BB0C5A3-CD2F-49C0-BF0D-EA7B67124819}
[2012.03.19 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BA24E207-F8E7-4B78-AC74-40BE8C33086D}
[2012.03.18 15:37:30 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E7DB4DAF-5908-4056-BCEA-6B1D8E5FA3A3}
[2012.03.18 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{559C6914-0F4B-4D59-927B-AD1944077918}
[2012.03.18 03:36:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BEB39908-48EB-4F9D-9DED-210E9540E6DE}
[2012.03.18 03:36:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{4504C4FE-A8B0-4567-BD9A-46B24B376C21}
[2012.03.17 13:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{DDEBF28B-24E0-4CD3-AE7B-EB0C86C9096F}
[2012.03.17 13:30:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{17462D1F-DC84-4850-915A-B5D2C8048996}
[2012.03.17 01:29:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B27DA123-3CD9-4C66-8CF1-840CF2CB622A}
[2012.03.17 01:29:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{5C455879-C0F9-419E-9CA0-23683CEC739D}
[2012.03.16 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D6E60D0D-2502-4F72-90E5-5F1000D7C564}
[2012.03.16 13:28:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{169F902E-5AD4-4D19-9212-C255965B96AE}
[2012.03.15 22:53:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8E6343EE-E8CF-480F-8716-2F5CA44567AF}
[2012.03.15 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{897EC017-4AFA-462F-B6A1-C675A94CC594}
[2012.03.15 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F14CF066-216D-49C4-84E5-A4324F9B0081}
[2012.03.15 10:52:19 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{19670AE5-FF9B-493F-8D18-7887DE5BA63E}
[2012.03.14 23:20:23 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.14 23:20:23 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 19:22:24 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 19:22:23 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 19:22:23 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 19:22:23 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 19:22:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 19:22:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.14 19:01:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\Documents\Orcs Must Die
[2012.03.14 18:18:06 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 18:18:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 18:18:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 18:18:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.14 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{743ABFC5-70AF-4B7A-86CB-3BFFDC34E582}
[2012.03.14 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D858C203-4FB6-49C9-908B-878AE181AECE}
[2012.03.13 17:20:52 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BE39A2FF-6DA6-4C0D-93BF-C97772DA8D0C}
[2012.03.13 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{033601A4-34EF-4719-9C76-C77B50B38237}
[2012.03.12 19:24:30 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{53DD0360-5619-4338-967C-874E9AB94D84}
[2012.03.12 19:24:20 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A57E5083-2F20-4189-82FA-60505626FD76}
[2012.03.11 17:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WoW Model Viewer
[2012.03.11 15:18:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C9C441AC-19D8-4B21-B3E0-D19D4472FF6D}
[2012.03.11 15:18:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A1E9225C-D135-43E4-B2CF-47D12C1E7D34}
[2012.03.11 03:17:38 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E352749D-6FD8-4E71-9C9B-661F1013F38F}
[2012.03.11 03:17:28 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{53DE60D3-C033-421B-B15E-B6989D171739}
[2012.03.10 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D5229D6F-FB2A-4D80-A4AA-EB7B73E617C0}
[2012.03.10 13:57:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9036017A-242E-40A3-B3A1-26ACE393C0D6}
[2012.03.10 01:46:47 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1A9E3269-4E1B-4BBF-AD6E-B8D8ADEF5BA8}
[2012.03.10 01:46:32 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{AAB7C697-21B1-43B3-906D-0ECEC414FCE1}
[2012.03.09 13:30:45 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6CE703AE-D5F1-4691-8E61-56F2AA31B7EC}
[2012.03.09 13:30:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3B2F6BB4-E910-4688-81D6-6440F4E27F20}
[2012.03.08 22:46:08 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A66138F8-8695-4FB4-A3F1-9DB81ADAFC39}
[2012.03.08 22:45:59 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{0651FC67-5D6B-4B8D-AC51-FE2C0EEA0980}
[2012.03.08 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1683D024-FCEA-4822-BED8-698D72C81039}
[2012.03.08 10:45:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6290894E-8B11-479C-BC61-BB2B26F21E32}
[2012.03.07 18:04:32 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3FC990A2-99F0-47B8-A67D-23EE25EC1A41}
[2012.03.07 18:04:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A4DB8FD4-DE70-4297-92A1-1C65D1DBB699}
[2012.03.06 16:33:32 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C8A079C4-81F0-4C1C-A9DA-870E19B95AF0}
[2012.03.06 16:33:18 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6D6BEEBE-09CE-4AA5-B1F5-3AF154AB2DE2}
[2012.03.05 13:31:13 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D3F7F44C-E1FD-43AA-916C-848754E391BE}
[2012.03.05 13:31:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F3AAF567-C38C-4CA1-860E-DA6F4FC21BBB}
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 20:46:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zooey Deschanel\Desktop\OTL.exe
[2012.04.03 19:34:13 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 19:34:13 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 19:31:12 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.03 19:31:12 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.03 19:31:12 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.03 19:31:12 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.03 19:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 19:26:52 | 2616,532,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.15 10:51:52 | 000,300,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.02.05 13:20:12 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.11.03 17:22:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.03 17:22:47 | 000,028,763 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini

< End of report >

--- --- ---

Chris4You · 04.04.2012, 06:41

Hi,

MAM ist richtig gut geworden, fast alles erwischt...
Poste bitte noch das LOG von MAM...(Reiter "Logdateien")

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
[2012.04.02 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\gema

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Zur Sicherheit:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Levi1 · 04.04.2012, 18:11

Hi Chris,

hier die Logs:

Zitat:

All processes killed
========== OTL ==========
C:\Users\Zooey Deschanel\AppData\Roaming\gema folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Zooey Deschanel
->Temp folder emptied: 29276206966 bytes
->Temporary Internet Files folder emptied: 63182552 bytes
->Java cache emptied: 1434391 bytes
->FireFox cache emptied: 472613629 bytes
->Flash cache emptied: 134197 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47078655 bytes
RecycleBin emptied: 4134082205 bytes

Total Files Cleaned = 32.420,00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04042012_190309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zitat:

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.06.02

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Zooey Deschanel :: LIANGPC [Administrator]

Schutz: Deaktiviert

06.01.2012 16:08:15
mbam-log-2012-01-06 (16-08-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308135
Laufzeit: 9 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D0AADA0B-0636-11E1-979B-806E6F6E6963} (Trojan.Agent) -> Daten: C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\dllhsts.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\dllhsts.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Zooey Deschanel\AppData\Local\Temp\0.8212104644930603.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1449df12-5e7bc26f (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Spiele\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

(Wusste nicht welches, das war das oberste)

Zitat:

19:13:14.0320 3124 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
19:13:14.0443 3124 ============================================================
19:13:14.0443 3124 Current date / time: 2012/04/04 19:13:14.0443
19:13:14.0443 3124 SystemInfo:
19:13:14.0443 3124
19:13:14.0443 3124 OS Version: 6.1.7600 ServicePack: 0.0
19:13:14.0443 3124 Product type: Workstation
19:13:14.0443 3124 ComputerName: LIANGPC
19:13:14.0443 3124 UserName: Zooey Deschanel
19:13:14.0443 3124 Windows directory: C:\Windows
19:13:14.0443 3124 System windows directory: C:\Windows
19:13:14.0443 3124 Processor architecture: Intel x86
19:13:14.0443 3124 Number of processors: 6
19:13:14.0443 3124 Page size: 0x1000
19:13:14.0443 3124 Boot type: Normal boot
19:13:14.0443 3124 ============================================================
19:13:14.0656 3124 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:13:14.0667 3124 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:13:14.0668 3124 \Device\Harddisk0\DR0:
19:13:14.0668 3124 MBR used
19:13:14.0668 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:13:14.0668 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
19:13:14.0668 3124 \Device\Harddisk1\DR1:
19:13:14.0668 3124 MBR used
19:13:14.0668 3124 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:13:14.0687 3124 Initialize success
19:13:14.0687 3124 ============================================================
19:13:33.0564 3328 ============================================================
19:13:33.0564 3328 Scan started
19:13:33.0564 3328 Mode: Manual; SigCheck; TDLFS;
19:13:33.0564 3328 ============================================================
19:13:33.0729 3328 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:13:33.0794 3328 1394ohci - ok
19:13:33.0805 3328 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:13:33.0814 3328 ACPI - ok
19:13:33.0823 3328 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:13:33.0837 3328 AcpiPmi - ok
19:13:33.0842 3328 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:13:33.0847 3328 AdobeARMservice - ok
19:13:33.0859 3328 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:13:33.0876 3328 adp94xx - ok
19:13:33.0886 3328 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:13:33.0901 3328 adpahci - ok
19:13:33.0910 3328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:13:33.0921 3328 adpu320 - ok
19:13:33.0930 3328 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:13:33.0939 3328 AeLookupSvc - ok
19:13:33.0951 3328 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
19:13:33.0974 3328 AFD - ok
19:13:33.0982 3328 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:13:33.0993 3328 agp440 - ok
19:13:34.0001 3328 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:13:34.0011 3328 aic78xx - ok
19:13:34.0019 3328 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:13:34.0033 3328 ALG - ok
19:13:34.0041 3328 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:13:34.0050 3328 aliide - ok
19:13:34.0057 3328 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:13:34.0068 3328 amdagp - ok
19:13:34.0075 3328 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:13:34.0084 3328 amdide - ok
19:13:34.0092 3328 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:13:34.0104 3328 AmdK8 - ok
19:13:34.0112 3328 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:13:34.0121 3328 AmdPPM - ok
19:13:34.0129 3328 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
19:13:34.0140 3328 amdsata - ok
19:13:34.0149 3328 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:13:34.0160 3328 amdsbs - ok
19:13:34.0168 3328 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
19:13:34.0177 3328 amdxata - ok
19:13:34.0182 3328 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:13:34.0188 3328 AntiVirSchedulerService - ok
19:13:34.0192 3328 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:13:34.0197 3328 AntiVirService - ok
19:13:34.0206 3328 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:13:34.0224 3328 AppID - ok
19:13:34.0232 3328 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:13:34.0268 3328 AppIDSvc - ok
19:13:34.0276 3328 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
19:13:34.0284 3328 Appinfo - ok
19:13:34.0287 3328 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:34.0293 3328 Apple Mobile Device - ok
19:13:34.0303 3328 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:13:34.0314 3328 arc - ok
19:13:34.0322 3328 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:13:34.0333 3328 arcsas - ok
19:13:34.0341 3328 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:34.0376 3328 AsyncMac - ok
19:13:34.0384 3328 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:13:34.0389 3328 atapi - ok
19:13:34.0397 3328 AtiPcie (aca01c43d065e546c6dc88ea669ceca6) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:34.0422 3328 AtiPcie - ok
19:13:34.0435 3328 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
19:13:34.0456 3328 AudioEndpointBuilder - ok
19:13:34.0463 3328 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
19:13:34.0484 3328 Audiosrv - ok
19:13:34.0492 3328 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:13:34.0502 3328 avgntflt - ok
19:13:34.0511 3328 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
19:13:34.0523 3328 avipbb - ok
19:13:34.0532 3328 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:13:34.0541 3328 avkmgr - ok
19:13:34.0550 3328 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
19:13:34.0568 3328 AxInstSV - ok
19:13:34.0580 3328 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:13:34.0598 3328 b06bdrv - ok
19:13:34.0608 3328 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:13:34.0622 3328 b57nd60x - ok
19:13:34.0631 3328 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:13:34.0644 3328 BDESVC - ok
19:13:34.0652 3328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:13:34.0671 3328 Beep - ok
19:13:34.0683 3328 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
19:13:34.0704 3328 BFE - ok
19:13:34.0718 3328 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
19:13:34.0742 3328 BITS - ok
19:13:34.0750 3328 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:13:34.0761 3328 blbdrive - ok
19:13:34.0767 3328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:13:34.0775 3328 Bonjour Service - ok
19:13:34.0784 3328 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:13:34.0796 3328 bowser - ok
19:13:34.0803 3328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:13:34.0814 3328 BrFiltLo - ok
19:13:34.0822 3328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:13:34.0833 3328 BrFiltUp - ok
19:13:34.0841 3328 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:13:34.0862 3328 BridgeMP - ok
19:13:34.0871 3328 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
19:13:34.0888 3328 Browser - ok
19:13:34.0898 3328 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:13:34.0915 3328 Brserid - ok
19:13:34.0924 3328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:13:34.0936 3328 BrSerWdm - ok
19:13:34.0944 3328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:13:34.0955 3328 BrUsbMdm - ok
19:13:34.0962 3328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:13:34.0972 3328 BrUsbSer - ok
19:13:34.0980 3328 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:13:34.0993 3328 BTHMODEM - ok
19:13:35.0002 3328 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:13:35.0023 3328 bthserv - ok
19:13:35.0032 3328 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:13:35.0053 3328 cdfs - ok
19:13:35.0062 3328 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:13:35.0076 3328 cdrom - ok
19:13:35.0085 3328 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
19:13:35.0102 3328 CertPropSvc - ok
19:13:35.0110 3328 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:13:35.0123 3328 circlass - ok
19:13:35.0133 3328 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:13:35.0148 3328 CLFS - ok
19:13:35.0152 3328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:35.0163 3328 clr_optimization_v2.0.50727_32 - ok
19:13:35.0168 3328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:35.0176 3328 clr_optimization_v4.0.30319_32 - ok
19:13:35.0184 3328 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:13:35.0193 3328 CmBatt - ok
19:13:35.0201 3328 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:13:35.0210 3328 cmdide - ok
19:13:35.0221 3328 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
19:13:35.0242 3328 CNG - ok
19:13:35.0250 3328 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:13:35.0259 3328 Compbatt - ok
19:13:35.0267 3328 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:13:35.0279 3328 CompositeBus - ok
19:13:35.0286 3328 COMSysApp - ok
19:13:35.0295 3328 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:13:35.0304 3328 crcdisk - ok
19:13:35.0315 3328 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
19:13:35.0333 3328 CryptSvc - ok
19:13:35.0346 3328 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
19:13:35.0367 3328 DcomLaunch - ok
19:13:35.0376 3328 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:13:35.0401 3328 defragsvc - ok
19:13:35.0409 3328 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
19:13:35.0421 3328 DfsC - ok
19:13:35.0431 3328 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
19:13:35.0447 3328 Dhcp - ok
19:13:35.0455 3328 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:13:35.0475 3328 discache - ok
19:13:35.0483 3328 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:13:35.0494 3328 Disk - ok
19:13:35.0503 3328 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
19:13:35.0512 3328 Dnscache - ok
19:13:35.0520 3328 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
19:13:35.0546 3328 dot3svc - ok
19:13:35.0554 3328 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
19:13:35.0572 3328 DPS - ok
19:13:35.0581 3328 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:13:35.0592 3328 drmkaud - ok
19:13:35.0607 3328 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
19:13:35.0634 3328 DXGKrnl - ok
19:13:35.0641 3328 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:13:35.0659 3328 EapHost - ok
19:13:35.0693 3328 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:13:35.0741 3328 ebdrv - ok
19:13:35.0749 3328 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
19:13:35.0758 3328 EFS - ok
19:13:35.0765 3328 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
19:13:35.0787 3328 ehRecvr - ok
19:13:35.0791 3328 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:13:35.0805 3328 ehSched - ok
19:13:35.0817 3328 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:13:35.0835 3328 elxstor - ok
19:13:35.0842 3328 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:13:35.0852 3328 ErrDev - ok
19:13:35.0865 3328 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:13:35.0884 3328 EventSystem - ok
19:13:35.0893 3328 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:13:35.0916 3328 exfat - ok
19:13:35.0925 3328 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:13:35.0947 3328 fastfat - ok
19:13:35.0959 3328 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
19:13:35.0972 3328 Fax - ok
19:13:35.0980 3328 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:13:35.0990 3328 fdc - ok
19:13:35.0998 3328 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:13:36.0018 3328 fdPHost - ok
19:13:36.0025 3328 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:13:36.0045 3328 FDResPub - ok
19:13:36.0053 3328 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:13:36.0064 3328 FileInfo - ok
19:13:36.0071 3328 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:13:36.0091 3328 Filetrace - ok
19:13:36.0099 3328 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:36.0109 3328 flpydisk - ok
19:13:36.0119 3328 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:13:36.0133 3328 FltMgr - ok
19:13:36.0147 3328 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
19:13:36.0164 3328 FontCache - ok
19:13:36.0167 3328 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:36.0172 3328 FontCache3.0.0.0 - ok
19:13:36.0180 3328 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:13:36.0190 3328 FsDepends - ok
19:13:36.0197 3328 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:13:36.0206 3328 Fs_Rec - ok
19:13:36.0216 3328 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:13:36.0233 3328 fvevol - ok
19:13:36.0241 3328 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:13:36.0252 3328 gagp30kx - ok
19:13:36.0260 3328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:13:36.0268 3328 GEARAspiWDM - ok
19:13:36.0282 3328 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
19:13:36.0305 3328 gpsvc - ok
19:13:36.0314 3328 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
19:13:36.0323 3328 hamachi - ok
19:13:36.0345 3328 Hamachi2Svc - ok
19:13:36.0358 3328 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:13:36.0395 3328 hcw85cir - ok
19:13:36.0411 3328 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:13:36.0442 3328 HdAudAddService - ok
19:13:36.0452 3328 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:36.0468 3328 HDAudBus - ok
19:13:36.0476 3328 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:36.0487 3328 HidBatt - ok
19:13:36.0495 3328 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:13:36.0508 3328 HidBth - ok
19:13:36.0517 3328 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:13:36.0528 3328 HidIr - ok
19:13:36.0535 3328 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
19:13:36.0553 3328 hidserv - ok
19:13:36.0562 3328 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:13:36.0572 3328 HidUsb - ok
19:13:36.0580 3328 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
19:13:36.0598 3328 hkmsvc - ok
19:13:36.0608 3328 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
19:13:36.0618 3328 HomeGroupListener - ok
19:13:36.0627 3328 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
19:13:36.0636 3328 HomeGroupProvider - ok
19:13:36.0645 3328 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:13:36.0655 3328 HpSAMD - ok
19:13:36.0668 3328 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:13:36.0700 3328 HTTP - ok
19:13:36.0708 3328 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:13:36.0716 3328 hwpolicy - ok
19:13:36.0725 3328 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:36.0737 3328 i8042prt - ok
19:13:36.0748 3328 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
19:13:36.0765 3328 iaStorV - ok
19:13:36.0776 3328 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:36.0806 3328 idsvc - ok
19:13:36.0815 3328 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:13:36.0824 3328 iirsp - ok
19:13:36.0838 3328 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
19:13:36.0861 3328 IKEEXT - ok
19:13:36.0904 3328 IntcAzAudAddService (6bea3c6c9b0dc7bb92a54154796895b7) C:\Windows\system32\drivers\RTKVHDA.sys
19:13:36.0970 3328 IntcAzAudAddService - ok
19:13:36.0979 3328 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:13:36.0988 3328 intelide - ok
19:13:36.0996 3328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:13:37.0008 3328 intelppm - ok
19:13:37.0016 3328 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:13:37.0039 3328 IPBusEnum - ok
19:13:37.0047 3328 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:37.0068 3328 IpFilterDriver - ok
19:13:37.0080 3328 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
19:13:37.0102 3328 iphlpsvc - ok
19:13:37.0110 3328 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:13:37.0122 3328 IPMIDRV - ok
19:13:37.0131 3328 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:13:37.0153 3328 IPNAT - ok
19:13:37.0164 3328 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
19:13:37.0176 3328 iPod Service - ok
19:13:37.0185 3328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:13:37.0196 3328 IRENUM - ok
19:13:37.0204 3328 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:13:37.0214 3328 isapnp - ok
19:13:37.0223 3328 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:13:37.0237 3328 iScsiPrt - ok
19:13:37.0246 3328 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:37.0256 3328 kbdclass - ok
19:13:37.0264 3328 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:37.0274 3328 kbdhid - ok
19:13:37.0282 3328 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:13:37.0290 3328 KeyIso - ok
19:13:37.0298 3328 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
19:13:37.0308 3328 KSecDD - ok
19:13:37.0317 3328 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
19:13:37.0330 3328 KSecPkg - ok
19:13:37.0339 3328 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:13:37.0365 3328 KtmRm - ok
19:13:37.0374 3328 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
19:13:37.0384 3328 LanmanServer - ok
19:13:37.0392 3328 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
19:13:37.0411 3328 LanmanWorkstation - ok
19:13:37.0420 3328 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
19:13:37.0428 3328 LGBusEnum - ok
19:13:37.0436 3328 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
19:13:37.0444 3328 LGVirHid - ok
19:13:37.0452 3328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:13:37.0473 3328 lltdio - ok
19:13:37.0481 3328 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:13:37.0505 3328 lltdsvc - ok
19:13:37.0513 3328 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:13:37.0533 3328 lmhosts - ok
19:13:37.0543 3328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:13:37.0554 3328 LSI_FC - ok
19:13:37.0562 3328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:13:37.0573 3328 LSI_SAS - ok
19:13:37.0582 3328 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:13:37.0592 3328 LSI_SAS2 - ok
19:13:37.0600 3328 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:13:37.0611 3328 LSI_SCSI - ok
19:13:37.0620 3328 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:13:37.0642 3328 luafv - ok
19:13:37.0651 3328 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:13:37.0659 3328 MBAMProtector - ok
19:13:37.0667 3328 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:37.0679 3328 MBAMService - ok
19:13:37.0687 3328 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
19:13:37.0700 3328 Mcx2Svc - ok
19:13:37.0708 3328 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:13:37.0718 3328 megasas - ok
19:13:37.0727 3328 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:13:37.0741 3328 MegaSR - ok
19:13:37.0748 3328 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:13:37.0766 3328 MMCSS - ok
19:13:37.0774 3328 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:13:37.0794 3328 Modem - ok
19:13:37.0802 3328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:13:37.0811 3328 monitor - ok
19:13:37.0819 3328 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:13:37.0829 3328 mouclass - ok
19:13:37.0837 3328 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:37.0848 3328 mouhid - ok
19:13:37.0856 3328 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:13:37.0867 3328 mountmgr - ok
19:13:37.0876 3328 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:13:37.0889 3328 mpio - ok
19:13:37.0897 3328 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:13:37.0918 3328 mpsdrv - ok
19:13:37.0932 3328 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
19:13:37.0954 3328 MpsSvc - ok
19:13:37.0962 3328 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:13:37.0977 3328 MRxDAV - ok
19:13:37.0986 3328 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:37.0999 3328 mrxsmb - ok
19:13:38.0009 3328 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:38.0024 3328 mrxsmb10 - ok
19:13:38.0033 3328 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:38.0044 3328 mrxsmb20 - ok
19:13:38.0052 3328 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:13:38.0062 3328 msahci - ok
19:13:38.0070 3328 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:13:38.0082 3328 msdsm - ok
19:13:38.0090 3328 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:13:38.0105 3328 MSDTC - ok
19:13:38.0116 3328 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:13:38.0135 3328 Msfs - ok
19:13:38.0143 3328 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:13:38.0162 3328 mshidkmdf - ok
19:13:38.0170 3328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:13:38.0179 3328 msisadrv - ok
19:13:38.0187 3328 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:13:38.0210 3328 MSiSCSI - ok
19:13:38.0217 3328 msiserver - ok
19:13:38.0227 3328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:38.0248 3328 MSKSSRV - ok
19:13:38.0256 3328 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:38.0275 3328 MSPCLOCK - ok
19:13:38.0283 3328 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:13:38.0302 3328 MSPQM - ok
19:13:38.0312 3328 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:13:38.0324 3328 MsRPC - ok
19:13:38.0334 3328 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:38.0340 3328 mssmbios - ok
19:13:38.0348 3328 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:13:38.0367 3328 MSTEE - ok
19:13:38.0375 3328 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:13:38.0387 3328 MTConfig - ok
19:13:38.0395 3328 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
19:13:38.0404 3328 MTsensor - ok
19:13:38.0412 3328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:13:38.0422 3328 Mup - ok
19:13:38.0433 3328 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
19:13:38.0453 3328 napagent - ok
19:13:38.0465 3328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:38.0485 3328 NativeWifiP - ok
19:13:38.0499 3328 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:13:38.0514 3328 NDIS - ok
19:13:38.0522 3328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:38.0543 3328 NdisCap - ok
19:13:38.0552 3328 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:38.0571 3328 NdisTapi - ok
19:13:38.0580 3328 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:38.0600 3328 Ndisuio - ok
19:13:38.0609 3328 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:38.0632 3328 NdisWan - ok
19:13:38.0640 3328 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:13:38.0661 3328 NDProxy - ok
19:13:38.0669 3328 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:13:38.0689 3328 NetBIOS - ok
19:13:38.0699 3328 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:13:38.0724 3328 NetBT - ok
19:13:38.0731 3328 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:13:38.0739 3328 Netlogon - ok
19:13:38.0750 3328 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:13:38.0770 3328 Netman - ok
19:13:38.0780 3328 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:13:38.0801 3328 netprofm - ok
19:13:38.0806 3328 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:38.0818 3328 NetTcpPortSharing - ok
19:13:38.0826 3328 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:38.0836 3328 nfrd960 - ok
19:13:38.0845 3328 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
19:13:38.0865 3328 NlaSvc - ok
19:13:38.0873 3328 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:13:38.0893 3328 Npfs - ok
19:13:38.0901 3328 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:13:38.0921 3328 nsi - ok
19:13:38.0929 3328 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:13:38.0949 3328 nsiproxy - ok
19:13:38.0969 3328 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
19:13:39.0003 3328 Ntfs - ok
19:13:39.0011 3328 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:13:39.0029 3328 Null - ok
19:13:39.0038 3328 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
19:13:39.0051 3328 NVHDA - ok
19:13:39.0200 3328 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:13:39.0390 3328 nvlddmkm - ok
19:13:39.0402 3328 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
19:13:39.0413 3328 nvraid - ok
19:13:39.0422 3328 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
19:13:39.0434 3328 nvstor - ok
19:13:39.0453 3328 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
19:13:39.0473 3328 nvsvc - ok
19:13:39.0501 3328 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:13:39.0538 3328 nvUpdatusService - ok
19:13:39.0547 3328 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:13:39.0558 3328 nv_agp - ok
19:13:39.0567 3328 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:39.0579 3328 ohci1394 - ok
19:13:39.0588 3328 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:13:39.0600 3328 p2pimsvc - ok
19:13:39.0611 3328 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:13:39.0621 3328 p2psvc - ok
19:13:39.0630 3328 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:13:39.0643 3328 Parport - ok
19:13:39.0651 3328 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:13:39.0661 3328 partmgr - ok
19:13:39.0669 3328 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:13:39.0679 3328 Parvdm - ok
19:13:39.0687 3328 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:13:39.0703 3328 PcaSvc - ok
19:13:39.0712 3328 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:13:39.0726 3328 pci - ok
19:13:39.0733 3328 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:13:39.0742 3328 pciide - ok
19:13:39.0751 3328 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:39.0765 3328 pcmcia - ok
19:13:39.0773 3328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:13:39.0783 3328 pcw - ok
19:13:39.0798 3328 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:13:39.0831 3328 PEAUTH - ok
19:13:39.0858 3328 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
19:13:39.0901 3328 pla - ok
19:13:39.0911 3328 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
19:13:39.0922 3328 PlugPlay - ok
19:13:39.0930 3328 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:13:39.0941 3328 PNRPAutoReg - ok
19:13:39.0951 3328 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:13:39.0960 3328 PNRPsvc - ok
19:13:39.0971 3328 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
19:13:39.0997 3328 PolicyAgent - ok
19:13:40.0007 3328 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
19:13:40.0026 3328 Power - ok
19:13:40.0035 3328 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:40.0056 3328 PptpMiniport - ok
19:13:40.0064 3328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:13:40.0077 3328 Processor - ok
19:13:40.0086 3328 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
19:13:40.0105 3328 ProfSvc - ok
19:13:40.0112 3328 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:13:40.0120 3328 ProtectedStorage - ok
19:13:40.0129 3328 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:13:40.0147 3328 Psched - ok
19:13:40.0167 3328 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:13:40.0198 3328 ql2300 - ok
19:13:40.0207 3328 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:13:40.0219 3328 ql40xx - ok
19:13:40.0228 3328 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:13:40.0246 3328 QWAVE - ok
19:13:40.0254 3328 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:13:40.0266 3328 QWAVEdrv - ok
19:13:40.0293 3328 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:40.0312 3328 RasAcd - ok
19:13:40.0320 3328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:40.0340 3328 RasAgileVpn - ok
19:13:40.0348 3328 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:13:40.0371 3328 RasAuto - ok
19:13:40.0379 3328 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:40.0401 3328 Rasl2tp - ok
19:13:40.0412 3328 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
19:13:40.0437 3328 RasMan - ok
19:13:40.0446 3328 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:40.0467 3328 RasPppoe - ok
19:13:40.0476 3328 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:40.0496 3328 RasSstp - ok
19:13:40.0506 3328 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:40.0531 3328 rdbss - ok
19:13:40.0539 3328 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:13:40.0551 3328 rdpbus - ok
19:13:40.0558 3328 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:40.0577 3328 RDPCDD - ok
19:13:40.0587 3328 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:13:40.0604 3328 RDPENCDD - ok
19:13:40.0613 3328 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:13:40.0631 3328 RDPREFMP - ok
19:13:40.0640 3328 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
19:13:40.0653 3328 RDPWD - ok
19:13:40.0662 3328 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:13:40.0676 3328 rdyboost - ok
19:13:40.0684 3328 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:13:40.0705 3328 RemoteAccess - ok
19:13:40.0714 3328 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:13:40.0737 3328 RemoteRegistry - ok
19:13:40.0745 3328 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:13:40.0763 3328 RpcEptMapper - ok
19:13:40.0770 3328 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:13:40.0781 3328 RpcLocator - ok
19:13:40.0793 3328 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
19:13:40.0813 3328 RpcSs - ok
19:13:40.0822 3328 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:40.0843 3328 rspndr - ok
19:13:40.0855 3328 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:13:40.0870 3328 RTL8167 - ok
19:13:40.0880 3328 RTL8187B (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys
19:13:40.0894 3328 RTL8187B - ok
19:13:40.0901 3328 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:13:40.0909 3328 SamSs - ok
19:13:40.0918 3328 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:13:40.0929 3328 sbp2port - ok
19:13:40.0938 3328 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:13:40.0960 3328 SCardSvr - ok
19:13:40.0968 3328 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:13:40.0989 3328 scfilter - ok
19:13:41.0003 3328 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
19:13:41.0030 3328 Schedule - ok
19:13:41.0038 3328 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
19:13:41.0055 3328 SCPolicySvc - ok
19:13:41.0063 3328 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
19:13:41.0078 3328 SDRSVC - ok
19:13:41.0086 3328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:13:41.0106 3328 secdrv - ok
19:13:41.0113 3328 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:13:41.0132 3328 seclogon - ok
19:13:41.0140 3328 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
19:13:41.0158 3328 SENS - ok
19:13:41.0166 3328 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:13:41.0178 3328 SensrSvc - ok
19:13:41.0186 3328 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:13:41.0196 3328 Serenum - ok
19:13:41.0205 3328 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:13:41.0217 3328 Serial - ok
19:13:41.0225 3328 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:13:41.0235 3328 sermouse - ok
19:13:41.0247 3328 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
19:13:41.0266 3328 SessionEnv - ok
19:13:41.0274 3328 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:13:41.0286 3328 sffdisk - ok
19:13:41.0293 3328 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:13:41.0304 3328 sffp_mmc - ok
19:13:41.0312 3328 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:13:41.0323 3328 sffp_sd - ok
19:13:41.0331 3328 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:13:41.0341 3328 sfloppy - ok
19:13:41.0351 3328 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:13:41.0378 3328 SharedAccess - ok
19:13:41.0388 3328 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
19:13:41.0401 3328 ShellHWDetection - ok
19:13:41.0409 3328 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:13:41.0419 3328 sisagp - ok
19:13:41.0427 3328 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:13:41.0437 3328 SiSRaid2 - ok
19:13:41.0445 3328 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:13:41.0456 3328 SiSRaid4 - ok
19:13:41.0460 3328 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
19:13:41.0496 3328 SkypeUpdate - ok
19:13:41.0505 3328 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:13:41.0526 3328 Smb - ok
19:13:41.0537 3328 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:13:41.0548 3328 SNMPTRAP - ok
19:13:41.0556 3328 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:13:41.0565 3328 spldr - ok
19:13:41.0576 3328 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
19:13:41.0592 3328 Spooler - ok
19:13:41.0658 3328 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
19:13:41.0691 3328 sppsvc - ok
19:13:41.0699 3328 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
19:13:41.0721 3328 sppuinotify - ok
19:13:41.0732 3328 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
19:13:41.0751 3328 srv - ok
19:13:41.0762 3328 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
19:13:41.0781 3328 srv2 - ok
19:13:41.0791 3328 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:41.0804 3328 srvnet - ok
19:13:41.0813 3328 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
19:13:41.0824 3328 ssadbus - ok
19:13:41.0832 3328 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:13:41.0839 3328 ssadmdfl - ok
19:13:41.0848 3328 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:13:41.0860 3328 ssadmdm - ok
19:13:41.0868 3328 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:13:41.0892 3328 SSDPSRV - ok
19:13:41.0900 3328 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:13:41.0908 3328 ssmdrv - ok
19:13:41.0916 3328 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:13:41.0934 3328 SstpSvc - ok
19:13:41.0937 3328 Steam Client Service - ok
19:13:41.0945 3328 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:13:41.0954 3328 Stereo Service - ok
19:13:41.0962 3328 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:13:41.0971 3328 stexstor - ok
19:13:41.0983 3328 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
19:13:42.0005 3328 StiSvc - ok
19:13:42.0013 3328 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:13:42.0021 3328 swenum - ok
19:13:42.0031 3328 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:13:42.0058 3328 swprv - ok
19:13:42.0078 3328 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
19:13:42.0101 3328 SysMain - ok
19:13:42.0110 3328 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
19:13:42.0125 3328 TabletInputService - ok
19:13:42.0135 3328 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
19:13:42.0161 3328 TapiSrv - ok
19:13:42.0169 3328 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:13:42.0188 3328 TBS - ok
19:13:42.0209 3328 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
19:13:42.0245 3328 Tcpip - ok
19:13:42.0266 3328 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:42.0285 3328 TCPIP6 - ok
19:13:42.0295 3328 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:13:42.0315 3328 tcpipreg - ok
19:13:42.0324 3328 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:13:42.0334 3328 TDPIPE - ok
19:13:42.0342 3328 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
19:13:42.0352 3328 TDTCP - ok
19:13:42.0360 3328 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:13:42.0381 3328 tdx - ok
19:13:42.0390 3328 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:13:42.0400 3328 TermDD - ok
19:13:42.0413 3328 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
19:13:42.0435 3328 TermService - ok
19:13:42.0443 3328 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:13:42.0453 3328 Themes - ok
19:13:42.0461 3328 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:13:42.0478 3328 THREADORDER - ok
19:13:42.0487 3328 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:13:42.0506 3328 TrkWks - ok
19:13:42.0510 3328 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
19:13:42.0519 3328 TrustedInstaller - ok
19:13:42.0528 3328 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:42.0548 3328 tssecsrv - ok
19:13:42.0557 3328 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:42.0579 3328 tunnel - ok
19:13:42.0588 3328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:13:42.0598 3328 uagp35 - ok
19:13:42.0609 3328 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:13:42.0633 3328 udfs - ok
19:13:42.0644 3328 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:13:42.0657 3328 UI0Detect - ok
19:13:42.0666 3328 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:13:42.0676 3328 uliagpkx - ok
19:13:42.0684 3328 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:13:42.0696 3328 umbus - ok
19:13:42.0704 3328 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:13:42.0713 3328 UmPass - ok
19:13:42.0723 3328 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:13:42.0748 3328 upnphost - ok
19:13:42.0756 3328 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:13:42.0767 3328 USBAAPL - ok
19:13:42.0775 3328 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:42.0788 3328 usbccgp - ok
19:13:42.0796 3328 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:13:42.0811 3328 usbcir - ok
19:13:42.0820 3328 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:42.0830 3328 usbehci - ok
19:13:42.0840 3328 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:42.0856 3328 usbhub - ok
19:13:42.0864 3328 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
19:13:42.0874 3328 usbohci - ok
19:13:42.0882 3328 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:13:42.0893 3328 usbprint - ok
19:13:42.0902 3328 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:42.0914 3328 USBSTOR - ok
19:13:42.0922 3328 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
19:13:42.0932 3328 usbuhci - ok
19:13:42.0942 3328 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
19:13:42.0955 3328 usbvideo - ok
19:13:42.0963 3328 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:13:42.0980 3328 UxSms - ok
19:13:42.0987 3328 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:13:42.0995 3328 VaultSvc - ok
19:13:43.0003 3328 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:13:43.0013 3328 vdrvroot - ok
19:13:43.0024 3328 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
19:13:43.0044 3328 vds - ok
19:13:43.0052 3328 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:43.0064 3328 vga - ok
19:13:43.0072 3328 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:13:43.0092 3328 VgaSave - ok
19:13:43.0101 3328 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:13:43.0114 3328 vhdmp - ok
19:13:43.0123 3328 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:13:43.0133 3328 viaagp - ok
19:13:43.0141 3328 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:13:43.0153 3328 ViaC7 - ok
19:13:43.0161 3328 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:13:43.0170 3328 viaide - ok
19:13:43.0178 3328 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:13:43.0189 3328 volmgr - ok
19:13:43.0200 3328 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:13:43.0217 3328 volmgrx - ok
19:13:43.0227 3328 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:13:43.0243 3328 volsnap - ok
19:13:43.0252 3328 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:13:43.0264 3328 vsmraid - ok
19:13:43.0282 3328 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
19:13:43.0311 3328 VSS - ok
19:13:43.0319 3328 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:13:43.0331 3328 vwifibus - ok
19:13:43.0341 3328 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:13:43.0361 3328 W32Time - ok
19:13:43.0371 3328 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:13:43.0382 3328 WacomPen - ok
19:13:43.0390 3328 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:43.0411 3328 WANARP - ok
19:13:43.0414 3328 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:43.0431 3328 Wanarpv6 - ok
19:13:43.0451 3328 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
19:13:43.0483 3328 wbengine - ok
19:13:43.0493 3328 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:13:43.0510 3328 WbioSrvc - ok
19:13:43.0520 3328 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
19:13:43.0538 3328 wcncsvc - ok
19:13:43.0545 3328 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:13:43.0558 3328 WcsPlugInService - ok
19:13:43.0566 3328 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:13:43.0576 3328 Wd - ok
19:13:43.0588 3328 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:13:43.0611 3328 Wdf01000 - ok
19:13:43.0619 3328 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:13:43.0630 3328 WdiServiceHost - ok
19:13:43.0633 3328 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:13:43.0643 3328 WdiSystemHost - ok
19:13:43.0652 3328 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
19:13:43.0669 3328 WebClient - ok
19:13:43.0677 3328 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:13:43.0703 3328 Wecsvc - ok
19:13:43.0711 3328 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:13:43.0728 3328 wercplsupport - ok
19:13:43.0736 3328 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:13:43.0755 3328 WerSvc - ok
19:13:43.0763 3328 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:13:43.0783 3328 WfpLwf - ok
19:13:43.0791 3328 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:13:43.0800 3328 WIMMount - ok
19:13:43.0809 3328 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:13:43.0823 3328 WinDefend - ok
19:13:43.0826 3328 WinHttpAutoProxySvc - ok
19:13:43.0837 3328 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:13:43.0860 3328 Winmgmt - ok
19:13:43.0880 3328 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
19:13:43.0907 3328 WinRM - ok
19:13:43.0918 3328 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:13:43.0930 3328 WinUsb - ok
19:13:43.0947 3328 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:13:43.0976 3328 Wlansvc - ok
19:13:43.0996 3328 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:13:44.0022 3328 wlidsvc - ok
19:13:44.0030 3328 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:13:44.0038 3328 WmiAcpi - ok
19:13:44.0049 3328 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:13:44.0063 3328 wmiApSrv - ok
19:13:44.0077 3328 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:13:44.0095 3328 WMPNetworkSvc - ok
19:13:44.0103 3328 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:13:44.0114 3328 WPCSvc - ok
19:13:44.0122 3328 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
19:13:44.0131 3328 WPDBusEnum - ok
19:13:44.0139 3328 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:44.0159 3328 ws2ifsl - ok
19:13:44.0167 3328 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
19:13:44.0177 3328 wscsvc - ok
19:13:44.0184 3328 WSearch - ok
19:13:44.0213 3328 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
19:13:44.0256 3328 wuauserv - ok
19:13:44.0265 3328 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:13:44.0287 3328 WudfPf - ok
19:13:44.0297 3328 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:44.0320 3328 WUDFRd - ok
19:13:44.0328 3328 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
19:13:44.0351 3328 wudfsvc - ok
19:13:44.0360 3328 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:13:44.0378 3328 WwanSvc - ok
19:13:44.0386 3328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:13:44.0405 3328 \Device\Harddisk0\DR0 - ok
19:13:44.0407 3328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:13:44.0462 3328 \Device\Harddisk1\DR1 - ok
19:13:44.0468 3328 Boot (0x1200) (8698bc9a1b34f7f65974a7506d4ebd8c) \Device\Harddisk0\DR0\Partition0
19:13:44.0470 3328 \Device\Harddisk0\DR0\Partition0 - ok
19:13:44.0478 3328 Boot (0x1200) (35bda4d114194a425e44f21be1d829ca) \Device\Harddisk0\DR0\Partition1
19:13:44.0479 3328 \Device\Harddisk0\DR0\Partition1 - ok
19:13:44.0483 3328 Boot (0x1200) (4878fe019139c45b27ad0064544880d3) \Device\Harddisk1\DR1\Partition0
19:13:44.0484 3328 \Device\Harddisk1\DR1\Partition0 - ok
19:13:44.0485 3328 ============================================================
19:13:44.0485 3328 Scan finished
19:13:44.0485 3328 ============================================================
19:13:44.0496 4472 Detected object count: 0
19:13:44.0496 4472 Actual detected object count: 0

Chris4You · 05.04.2012, 06:34

Hi,

sieht gut... das wäre es erstmal, Rechner verhält sich soweit normal?
OTL und den Ordner C:\_OTL kannst Du löschen, MAM würde ich drauf lassen und ca. einmal die Woche einen Scann laufen lassen (vorher updaten)...

chris

Levi1 · 05.04.2012, 12:23

Hi Chris,

ja verhält sich normal.

Vielen vielen Dank an dieser Stelle für die schnelle Hilfe!

MfG,

Levi

#GEMA-Virus 100€ zahlen // Windows7 Home 32bit

Plagegeister aller Art und deren Bekämpfung: #GEMA-Virus 100€ zahlen // Windows7 Home 32bit