PUP.Babylon Toolbar

Matze156 · 16.12.2012, 15:39

Einen schönen Sonntag zusammen.

Beim Suchlauf ist SUPERAntiSpyware auf einige Einträge zu Pup.Babylon Toolbar gestoßen. Diese hat sich wohl "unbemerkt" in meinem IE eingeschlichen.
Nach einigen Recherchen fand ich nur raus, wie man es deaktiviert.
Da auch meiner Platte auch kein Ordner zu finden ist, wende ich mich ans Forum, da mir hier schonmal äußerst kompetent geholfen wurde.

Bei Google fand ich nur versch. Anleitungen, die in die Registry führen.
Davon hab ich keine Ahnung, und will auch nichts kaputt machen.

Nachfolgend das Log.

Evtl. kann mir man ja helfen, dass wieder loszuwerden.
Danke vorab.

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/16/2012 at 02:57 PM

Application Version : 5.5.1006

Core Rules Database Version : 9747
Trace Rules Database Version: 7559

Scan type : Quick Scan
Total Scan Time : 00:09:17

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 512
Memory threats detected : 0
Registry items scanned : 30580
Registry threats detected : 8
File items scanned : 12235
File threats detected : 0

PUP.BabylonToolbar
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}#AppID
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\InprocServer32
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\InprocServer32#ThreadingModel
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ProgID
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\Programmable
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\TypeLib
HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\VersionIndependentProgID

markusg · 16.12.2012, 16:54

Hi
evtl. war diese Toolbar bei dir mal aktiev gewesen, da nur Funde in der Registry gemacht wurden, gehe ich davon aus, dass das Überreste sind, wir gucken aber mal.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Matze156 · 16.12.2012, 18:41

Guten Abend und danke für die Hilfe.

Hier die otl.txt (die extra.txt kann ich nicht finden?!)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.12.2012 18:27:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\matze\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,47% Memory free
3,19 Gb Paging File | 1,84 Gb Available in Paging File | 57,75% Paging File free
Paging file location(s): c:\pagefile.sys 200 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 162,55 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\matze\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 23 78 17 5B 26 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67ED3CAD-1009-46AE-9278-C95C6EA1CE24}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=5055aa19-e132-4987-97f1-076f51809478&apn_sauid=48F7F637-AA70-482C-A8A8-CD0550F6018B
IE - HKCU\..\SearchScopes\{D2EE36C7-B6A6-4EC2-B012-46501C910878}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{FFED6871-DEDE-CBDE-E27D-F3AA70FC13CA}: "URL" = hxxp://adsc.startya.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-491-0-0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=de_DE&apn_uid=5055aa19-e132-4987-97f1-076f51809478&apn_ptnrs=T8&apn_sauid=48F7F637-AA70-482C-A8A8-CD0550F6018B&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
 
[2012.03.18 14:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matze\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - homepage: Google
CHR - Extension: Erster Nutzer = C:\Users\matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Erster Nutzer = C:\Users\matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
 
O1 HOSTS File: ([2011.02.11 23:27:12 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bon.at ([webdwk13] http in Trusted sites)
O15 - HKCU\..Trusted Domains: robinwood.at ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2147FE9C-660B-41C9-880E-E307531C13C2}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1f22c9d-55cb-11df-ba8f-e0cb4eec1922}\Shell - "" = AutoRun
O33 - MountPoints2\{c1f22c9d-55cb-11df-ba8f-e0cb4eec1922}\Shell\AutoRun\command - "" = H:\install.exe
O33 - MountPoints2\{d6d7c096-6ec2-11e1-a599-e0cb4eec1922}\Shell - "" = AutoRun
O33 - MountPoints2\{d6d7c096-6ec2-11e1-a599-e0cb4eec1922}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^matze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^matze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AnyDVD - hkey= - key= -  File not found
MsConfig - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: ISW - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: KSS - hkey= - key= -  File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: rfxsrvtray - hkey= - key= -  File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Wisdom-soft AutoScreenRecorder 3.1 Free - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.16 18:25:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2012.12.16 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.16 14:55:16 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.16 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.16 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\matze\AppData\Local\Programs
[1 C:\Users\matze\AppData\Roaming\*.tmp files -> C:\Users\matze\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 18:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2012.12.16 18:02:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.16 15:30:29 | 000,664,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.16 15:30:29 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.16 15:30:29 | 000,134,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.16 15:30:29 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.16 15:28:50 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 15:28:50 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 15:23:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.16 15:23:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 15:23:17 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 17:40:13 | 000,330,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.02 09:46:14 | 000,030,849 | -HS- | M] () -- C:\Users\matze\Desktop\Folder.jpg
[2012.12.02 09:46:14 | 000,007,768 | -HS- | M] () -- C:\Users\matze\Desktop\AlbumArtSmall.jpg
[1 C:\Users\matze\AppData\Roaming\*.tmp files -> C:\Users\matze\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.16 14:55:21 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.08.05 18:22:00 | 000,000,087 | ---- | C] () -- C:\Windows\winlemm.ini
[2012.07.08 11:26:23 | 000,000,000 | ---- | C] () -- C:\Windows\RON 2010 GERMAN Uninstaller.exe
[2012.07.04 01:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.15 16:50:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.06 18:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.29 09:12:52 | 000,000,016 | ---- | C] () -- C:\Users\matze\AppData\Roaming\blckdom.res
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.21 18:08:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.07.21 18:08:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.07.07 19:10:09 | 000,007,602 | ---- | C] () -- C:\Users\matze\AppData\Local\Resmon.ResmonCfg
[2011.04.27 19:43:06 | 000,000,124 | ---- | C] () -- C:\Windows\WET.INI
[2011.03.06 11:41:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.06 11:40:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.02.19 20:46:45 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.19 20:46:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.19 20:46:32 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.06 18:38:09 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.01.23 19:07:50 | 000,017,408 | ---- | C] () -- C:\Users\matze\AppData\Local\WebpageIcons.db
[2011.01.23 17:44:10 | 000,516,096 | ---- | C] () -- C:\Windows\System32\BldSetup.EXE
[2011.01.23 17:44:10 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Setup.EXE
[2011.01.23 17:44:10 | 000,114,688 | ---- | C] () -- C:\Windows\System32\BldDat.EXE
[2011.01.23 17:44:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\BldOpt.EXE
[2011.01.23 17:44:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ZCompress.EXE
[2011.01.23 17:44:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2011.01.23 17:44:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\WinSFX.bin
[2011.01.23 17:44:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Dspan.bin
[2011.01.23 17:44:10 | 000,062,716 | ---- | C] () -- C:\Windows\System32\Uninstall985F.DAT
[2010.08.04 08:46:43 | 000,000,551 | ---- | C] () -- C:\Users\matze\AppData\Roaming\AutoGK.ini
[2010.04.17 18:38:15 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.18 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\AnvSoft
[2012.08.12 12:36:25 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Ashampoo
[2010.05.19 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\CheckPoint
[2010.12.30 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\COWON
[2011.01.13 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\DAEMON Tools Lite
[2011.01.23 19:06:31 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Das Fussball Studio
[2011.12.04 13:18:58 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Digiarty
[2012.01.29 11:37:24 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\DVDVideoSoft
[2011.01.09 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.08 16:04:53 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\elsterformular
[2011.07.21 08:36:55 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Engelmann Media
[2010.11.06 15:55:01 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\flightgear.org
[2011.06.14 17:16:45 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\FreeFLVConverter
[2010.12.30 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Gutscheinmieze
[2011.05.25 20:53:03 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\IrfanView
[2012.02.29 09:12:42 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\kock
[2011.02.19 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Leadertech
[2010.07.16 21:25:20 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Lionhead Studios
[2011.12.18 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\MediaMonkey
[2011.04.16 21:15:57 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\MediaProSoft Free YouTube to MP4 Converter
[2010.10.31 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Need for Speed World
[2010.04.15 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\OpenOffice.org
[2012.03.25 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Opera
[2010.11.21 13:47:14 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\phonostar GmbH
[2010.05.13 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\phonostar-Player
[2011.12.31 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Samsung
[2012.06.25 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\TeamViewer
[2011.12.31 18:01:38 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Temp
[2012.10.06 20:42:34 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\thriXXX
[2012.11.08 09:57:05 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Tobit
[2012.03.03 21:58:26 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\UAs
[2012.08.26 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\VfB-FanPlayer
[2011.01.13 17:12:09 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Wildlife Park 2
[2012.08.26 13:38:15 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Windows Live Writer
[2011.04.16 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\Xilisoft
[2011.07.31 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\XMedia Recode
[2012.03.03 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\matze\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.27 13:27:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.01 09:21:15 | 000,000,000 | ---D | M] -- C:\AMD
[2010.05.04 19:58:03 | 000,000,000 | ---D | M] -- C:\ATI
[2012.12.13 20:20:38 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.15 20:30:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.30 15:30:35 | 000,000,000 | ---D | M] -- C:\Games
[2012.08.05 18:22:01 | 000,000,000 | ---D | M] -- C:\LEMMINGS
[2012.07.08 11:35:41 | 000,000,000 | ---D | M] -- C:\Loksim3D
[2010.10.31 17:07:49 | 000,000,000 | ---D | M] -- C:\MAXIS
[2011.07.24 15:12:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.16 15:21:33 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.16 14:51:23 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.04.15 20:30:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.15 20:30:04 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.16 18:28:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.30 15:37:27 | 000,000,000 | ---D | M] -- C:\TEMP
[2011.12.04 13:30:36 | 000,000,000 | ---D | M] -- C:\temp_dvd
[2010.04.15 20:30:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.30 07:18:17 | 000,000,000 | ---D | M] -- C:\WET
[2012.12.16 15:23:24 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.12.23 20:40:18 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.19 07:41:09 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 07:41:10 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.07.04 07:21:46 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2012.12.16 18:28:36 | 002,883,584 | -HS- | M] () -- C:\Users\matze\NTUSER.DAT
[2012.12.16 18:28:36 | 000,262,144 | -HS- | M] () -- C:\Users\matze\ntuser.dat.LOG1
[2010.04.15 20:30:15 | 000,000,000 | -HS- | M] () -- C:\Users\matze\ntuser.dat.LOG2
[2010.04.15 20:38:21 | 000,065,536 | -HS- | M] () -- C:\Users\matze\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.04.15 20:38:21 | 000,524,288 | -HS- | M] () -- C:\Users\matze\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 20:38:21 | 000,524,288 | -HS- | M] () -- C:\Users\matze\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.15 20:30:15 | 000,000,020 | -HS- | M] () -- C:\Users\matze\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

markusg · 16.12.2012, 19:26

Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Matze156 · 17.12.2012, 08:39

Guten Morgen,

anbei der Log von TDSS:

08:38:27.0917 3744 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:38:29.0930 3744 ============================================================
08:38:29.0930 3744 Current date / time: 2012/12/17 08:38:29.0930
08:38:29.0930 3744 SystemInfo:
08:38:29.0930 3744
08:38:29.0930 3744 OS Version: 6.1.7601 ServicePack: 1.0
08:38:29.0930 3744 Product type: Workstation
08:38:29.0930 3744 ComputerName: MATZE-PC
08:38:29.0930 3744 UserName: matze
08:38:29.0930 3744 Windows directory: C:\Windows
08:38:29.0930 3744 System windows directory: C:\Windows
08:38:29.0930 3744 Processor architecture: Intel x86
08:38:29.0930 3744 Number of processors: 2
08:38:29.0930 3744 Page size: 0x1000
08:38:29.0930 3744 Boot type: Normal boot
08:38:29.0930 3744 ============================================================
08:38:30.0635 3744 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
08:38:30.0651 3744 ============================================================
08:38:30.0651 3744 \Device\Harddisk0\DR0:
08:38:30.0651 3744 MBR partitions:
08:38:30.0651 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:38:30.0651 3744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
08:38:30.0651 3744 ============================================================
08:38:30.0666 3744 C: <-> \Device\Harddisk0\DR0\Partition2
08:38:30.0666 3744 ============================================================
08:38:30.0666 3744 Initialize success
08:38:30.0666 3744 ============================================================
08:38:45.0660 3476 ============================================================
08:38:45.0660 3476 Scan started
08:38:45.0660 3476 Mode: Manual; SigCheck; TDLFS;
08:38:45.0660 3476 ============================================================
08:38:46.0034 3476 ================ Scan system memory ========================
08:38:46.0034 3476 System memory - ok
08:38:46.0034 3476 ================ Scan services =============================
08:38:46.0112 3476 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:38:46.0143 3476 !SASCORE - ok
08:38:46.0253 3476 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:38:46.0253 3476 1394ohci - ok
08:38:46.0299 3476 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:38:46.0315 3476 ACPI - ok
08:38:46.0362 3476 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:38:46.0362 3476 AcpiPmi - ok
08:38:46.0393 3476 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:38:46.0409 3476 adp94xx - ok
08:38:46.0440 3476 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:38:46.0440 3476 adpahci - ok
08:38:46.0455 3476 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:38:46.0471 3476 adpu320 - ok
08:38:46.0502 3476 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:38:46.0502 3476 AeLookupSvc - ok
08:38:46.0549 3476 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
08:38:46.0565 3476 AFD - ok
08:38:46.0611 3476 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:38:46.0611 3476 agp440 - ok
08:38:46.0643 3476 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:38:46.0658 3476 aic78xx - ok
08:38:46.0674 3476 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
08:38:46.0689 3476 ALG - ok
08:38:46.0721 3476 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
08:38:46.0736 3476 aliide - ok
08:38:46.0752 3476 [ C4232FADFA9691B85DDA0A7B636C5F6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:38:46.0767 3476 AMD External Events Utility - ok
08:38:46.0845 3476 AMD FUEL Service - ok
08:38:46.0877 3476 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:38:46.0892 3476 amdagp - ok
08:38:46.0923 3476 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
08:38:46.0923 3476 amdide - ok
08:38:46.0955 3476 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
08:38:46.0955 3476 amdiox86 - ok
08:38:46.0986 3476 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:38:46.0986 3476 AmdK8 - ok
08:38:47.0157 3476 [ 10D681E635E81C253FC5DD1A5048B0E9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:38:47.0267 3476 amdkmdag - ok
08:38:47.0282 3476 [ 112A7F24C6535DBD2E90AEF34ECB57A4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:38:47.0282 3476 amdkmdap - ok
08:38:47.0298 3476 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:38:47.0313 3476 AmdPPM - ok
08:38:47.0345 3476 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:38:47.0345 3476 amdsata - ok
08:38:47.0376 3476 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:38:47.0376 3476 amdsbs - ok
08:38:47.0391 3476 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:38:47.0407 3476 amdxata - ok
08:38:47.0485 3476 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:38:47.0485 3476 AntiVirSchedulerService - ok
08:38:47.0516 3476 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:38:47.0516 3476 AntiVirService - ok
08:38:47.0547 3476 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
08:38:47.0579 3476 AppID - ok
08:38:47.0594 3476 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:38:47.0610 3476 AppIDSvc - ok
08:38:47.0641 3476 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
08:38:47.0657 3476 Appinfo - ok
08:38:47.0703 3476 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
08:38:47.0703 3476 AppMgmt - ok
08:38:47.0735 3476 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:38:47.0735 3476 arc - ok
08:38:47.0750 3476 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:38:47.0766 3476 arcsas - ok
08:38:47.0828 3476 [ E54E27976E2C5A6465D44C10B1D87AC0 ] ASPI C:\Windows\System32\DRIVERS\ASPI32.sys
08:38:47.0828 3476 ASPI ( UnsignedFile.Multi.Generic ) - warning
08:38:47.0828 3476 ASPI - detected UnsignedFile.Multi.Generic (1)
08:38:47.0891 3476 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:38:47.0891 3476 aspnet_state - ok
08:38:47.0922 3476 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:38:47.0953 3476 AsyncMac - ok
08:38:47.0984 3476 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
08:38:48.0000 3476 atapi - ok
08:38:48.0062 3476 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
08:38:48.0062 3476 AtiHDAudioService - ok
08:38:48.0218 3476 [ 10D681E635E81C253FC5DD1A5048B0E9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:38:48.0327 3476 atikmdag - ok
08:38:48.0374 3476 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:38:48.0405 3476 AudioEndpointBuilder - ok
08:38:48.0405 3476 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:38:48.0437 3476 Audiosrv - ok
08:38:48.0468 3476 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:38:48.0468 3476 avgntflt - ok
08:38:48.0499 3476 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:38:48.0515 3476 avipbb - ok
08:38:48.0530 3476 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:38:48.0546 3476 avkmgr - ok
08:38:48.0593 3476 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:38:48.0608 3476 AxInstSV - ok
08:38:48.0624 3476 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:38:48.0639 3476 b06bdrv - ok
08:38:48.0671 3476 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:38:48.0686 3476 b57nd60x - ok
08:38:48.0717 3476 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
08:38:48.0717 3476 BDESVC - ok
08:38:48.0749 3476 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
08:38:48.0764 3476 Beep - ok
08:38:48.0811 3476 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
08:38:48.0827 3476 BFE - ok
08:38:48.0873 3476 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
08:38:48.0889 3476 BITS - ok
08:38:48.0920 3476 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:38:48.0920 3476 blbdrive - ok
08:38:48.0951 3476 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:38:48.0967 3476 bowser - ok
08:38:48.0967 3476 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:38:48.0983 3476 BrFiltLo - ok
08:38:48.0998 3476 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:38:49.0014 3476 BrFiltUp - ok
08:38:49.0045 3476 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
08:38:49.0061 3476 Browser - ok
08:38:49.0076 3476 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:38:49.0076 3476 Brserid - ok
08:38:49.0092 3476 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:38:49.0107 3476 BrSerWdm - ok
08:38:49.0123 3476 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:38:49.0123 3476 BrUsbMdm - ok
08:38:49.0139 3476 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:38:49.0154 3476 BrUsbSer - ok
08:38:49.0170 3476 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:38:49.0170 3476 BTHMODEM - ok
08:38:49.0201 3476 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
08:38:49.0232 3476 bthserv - ok
08:38:49.0263 3476 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:38:49.0279 3476 cdfs - ok
08:38:49.0326 3476 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:38:49.0341 3476 cdrom - ok
08:38:49.0373 3476 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
08:38:49.0404 3476 CertPropSvc - ok
08:38:49.0419 3476 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:38:49.0435 3476 circlass - ok
08:38:49.0451 3476 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
08:38:49.0466 3476 CLFS - ok
08:38:49.0497 3476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:38:49.0513 3476 clr_optimization_v2.0.50727_32 - ok
08:38:49.0575 3476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:38:49.0591 3476 clr_optimization_v4.0.30319_32 - ok
08:38:49.0607 3476 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:38:49.0607 3476 CmBatt - ok
08:38:49.0638 3476 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:38:49.0653 3476 cmdide - ok
08:38:49.0669 3476 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
08:38:49.0700 3476 CNG - ok
08:38:49.0700 3476 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:38:49.0716 3476 Compbatt - ok
08:38:49.0747 3476 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:38:49.0763 3476 CompositeBus - ok
08:38:49.0778 3476 COMSysApp - ok
08:38:49.0794 3476 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:38:49.0794 3476 crcdisk - ok
08:38:49.0841 3476 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:38:49.0841 3476 CryptSvc - ok
08:38:49.0887 3476 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
08:38:49.0903 3476 CSC - ok
08:38:49.0919 3476 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
08:38:49.0934 3476 CscService - ok
08:38:49.0981 3476 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:38:49.0997 3476 DcomLaunch - ok
08:38:50.0028 3476 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
08:38:50.0059 3476 defragsvc - ok
08:38:50.0090 3476 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:38:50.0121 3476 DfsC - ok
08:38:50.0168 3476 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:38:50.0184 3476 Dhcp - ok
08:38:50.0215 3476 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
08:38:50.0231 3476 discache - ok
08:38:50.0262 3476 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:38:50.0277 3476 Disk - ok
08:38:50.0309 3476 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:38:50.0324 3476 Dnscache - ok
08:38:50.0355 3476 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
08:38:50.0371 3476 dot3svc - ok
08:38:50.0402 3476 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
08:38:50.0433 3476 DPS - ok
08:38:50.0465 3476 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:38:50.0465 3476 drmkaud - ok
08:38:50.0511 3476 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:38:50.0527 3476 DXGKrnl - ok
08:38:50.0543 3476 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
08:38:50.0574 3476 EapHost - ok
08:38:50.0636 3476 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:38:50.0683 3476 ebdrv - ok
08:38:50.0714 3476 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
08:38:50.0714 3476 EFS - ok
08:38:50.0777 3476 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:38:50.0792 3476 ehRecvr - ok
08:38:50.0808 3476 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
08:38:50.0823 3476 ehSched - ok
08:38:50.0886 3476 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
08:38:50.0886 3476 ElbyCDIO - ok
08:38:50.0917 3476 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:38:50.0933 3476 elxstor - ok
08:38:50.0964 3476 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:38:50.0964 3476 ErrDev - ok
08:38:51.0011 3476 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
08:38:51.0026 3476 EventSystem - ok
08:38:51.0057 3476 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
08:38:51.0073 3476 exfat - ok
08:38:51.0089 3476 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:38:51.0104 3476 fastfat - ok
08:38:51.0151 3476 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
08:38:51.0167 3476 Fax - ok
08:38:51.0182 3476 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:38:51.0198 3476 fdc - ok
08:38:51.0213 3476 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
08:38:51.0229 3476 fdPHost - ok
08:38:51.0245 3476 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
08:38:51.0260 3476 FDResPub - ok
08:38:51.0276 3476 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:38:51.0291 3476 FileInfo - ok
08:38:51.0307 3476 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:38:51.0323 3476 Filetrace - ok
08:38:51.0354 3476 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:38:51.0354 3476 flpydisk - ok
08:38:51.0385 3476 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:38:51.0401 3476 FltMgr - ok
08:38:51.0432 3476 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
08:38:51.0447 3476 FontCache - ok
08:38:51.0494 3476 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:38:51.0494 3476 FontCache3.0.0.0 - ok
08:38:51.0525 3476 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:38:51.0525 3476 FsDepends - ok
08:38:51.0557 3476 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:38:51.0572 3476 Fs_Rec - ok
08:38:51.0603 3476 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:38:51.0619 3476 fvevol - ok
08:38:51.0635 3476 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:38:51.0650 3476 gagp30kx - ok
08:38:51.0697 3476 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
08:38:51.0697 3476 ggflt - ok
08:38:51.0713 3476 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
08:38:51.0713 3476 ggsemc - ok
08:38:51.0759 3476 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
08:38:51.0759 3476 giveio ( UnsignedFile.Multi.Generic ) - warning
08:38:51.0759 3476 giveio - detected UnsignedFile.Multi.Generic (1)
08:38:51.0791 3476 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
08:38:51.0822 3476 gpsvc - ok
08:38:51.0853 3476 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:38:51.0869 3476 gupdate - ok
08:38:51.0869 3476 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:38:51.0884 3476 gupdatem - ok
08:38:51.0900 3476 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:38:51.0900 3476 hcw85cir - ok
08:38:51.0962 3476 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:38:51.0962 3476 HdAudAddService - ok
08:38:52.0009 3476 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:38:52.0025 3476 HDAudBus - ok
08:38:52.0040 3476 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:38:52.0056 3476 HidBatt - ok
08:38:52.0056 3476 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:38:52.0071 3476 HidBth - ok
08:38:52.0087 3476 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:38:52.0103 3476 HidIr - ok
08:38:52.0134 3476 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
08:38:52.0149 3476 hidserv - ok
08:38:52.0196 3476 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:38:52.0196 3476 HidUsb - ok
08:38:52.0227 3476 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:38:52.0259 3476 hkmsvc - ok
08:38:52.0290 3476 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:38:52.0290 3476 HomeGroupListener - ok
08:38:52.0337 3476 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:38:52.0352 3476 HomeGroupProvider - ok
08:38:52.0368 3476 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:38:52.0383 3476 HpSAMD - ok
08:38:52.0415 3476 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:38:52.0430 3476 HTTP - ok
08:38:52.0446 3476 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:38:52.0461 3476 hwpolicy - ok
08:38:52.0493 3476 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:38:52.0508 3476 i8042prt - ok
08:38:52.0524 3476 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:38:52.0539 3476 iaStorV - ok
08:38:52.0586 3476 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:38:52.0602 3476 idsvc - ok
08:38:52.0649 3476 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:38:52.0649 3476 iirsp - ok
08:38:52.0695 3476 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
08:38:52.0711 3476 IKEEXT - ok
08:38:52.0742 3476 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
08:38:52.0758 3476 intelide - ok
08:38:52.0773 3476 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:38:52.0789 3476 intelppm - ok
08:38:52.0805 3476 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:38:52.0836 3476 IPBusEnum - ok
08:38:52.0851 3476 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:38:52.0867 3476 IpFilterDriver - ok
08:38:52.0914 3476 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:38:52.0945 3476 iphlpsvc - ok
08:38:52.0976 3476 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:38:52.0976 3476 IPMIDRV - ok
08:38:53.0007 3476 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:38:53.0039 3476 IPNAT - ok
08:38:53.0054 3476 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:38:53.0070 3476 IRENUM - ok
08:38:53.0085 3476 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:38:53.0101 3476 isapnp - ok
08:38:53.0132 3476 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:38:53.0148 3476 iScsiPrt - ok
08:38:53.0163 3476 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:38:53.0179 3476 kbdclass - ok
08:38:53.0226 3476 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:38:53.0226 3476 kbdhid - ok
08:38:53.0241 3476 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
08:38:53.0257 3476 KeyIso - ok
08:38:53.0273 3476 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:38:53.0288 3476 KSecDD - ok
08:38:53.0288 3476 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:38:53.0304 3476 KSecPkg - ok
08:38:53.0319 3476 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
08:38:53.0351 3476 KtmRm - ok
08:38:53.0397 3476 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
08:38:53.0413 3476 LanmanServer - ok
08:38:53.0444 3476 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:38:53.0460 3476 LanmanWorkstation - ok
08:38:53.0491 3476 Lbd - ok
08:38:53.0522 3476 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:38:53.0538 3476 lltdio - ok
08:38:53.0553 3476 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:38:53.0585 3476 lltdsvc - ok
08:38:53.0600 3476 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
08:38:53.0616 3476 lmhosts - ok
08:38:53.0647 3476 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:38:53.0663 3476 LSI_FC - ok
08:38:53.0678 3476 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:38:53.0694 3476 LSI_SAS - ok
08:38:53.0709 3476 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:38:53.0709 3476 LSI_SAS2 - ok
08:38:53.0725 3476 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:38:53.0741 3476 LSI_SCSI - ok
08:38:53.0756 3476 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
08:38:53.0772 3476 luafv - ok
08:38:53.0805 3476 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:38:53.0821 3476 Mcx2Svc - ok
08:38:53.0837 3476 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:38:53.0852 3476 megasas - ok
08:38:53.0868 3476 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:38:53.0868 3476 MegaSR - ok
08:38:53.0883 3476 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
08:38:53.0915 3476 MMCSS - ok
08:38:53.0915 3476 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
08:38:53.0946 3476 Modem - ok
08:38:53.0961 3476 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:38:53.0961 3476 monitor - ok
08:38:53.0993 3476 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:38:53.0993 3476 mouclass - ok
08:38:54.0024 3476 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:38:54.0024 3476 mouhid - ok
08:38:54.0071 3476 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:38:54.0071 3476 mountmgr - ok
08:38:54.0102 3476 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
08:38:54.0117 3476 mpio - ok
08:38:54.0133 3476 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:38:54.0149 3476 mpsdrv - ok
08:38:54.0211 3476 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:38:54.0242 3476 MpsSvc - ok
08:38:54.0273 3476 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:38:54.0289 3476 MRxDAV - ok
08:38:54.0336 3476 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:38:54.0336 3476 mrxsmb - ok
08:38:54.0383 3476 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:38:54.0398 3476 mrxsmb10 - ok
08:38:54.0398 3476 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:38:54.0414 3476 mrxsmb20 - ok
08:38:54.0445 3476 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
08:38:54.0445 3476 msahci - ok
08:38:54.0492 3476 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:38:54.0492 3476 msdsm - ok
08:38:54.0523 3476 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
08:38:54.0523 3476 MSDTC - ok
08:38:54.0554 3476 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:38:54.0570 3476 Msfs - ok
08:38:54.0585 3476 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:38:54.0617 3476 mshidkmdf - ok
08:38:54.0648 3476 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:38:54.0648 3476 msisadrv - ok
08:38:54.0679 3476 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:38:54.0695 3476 MSiSCSI - ok
08:38:54.0710 3476 msiserver - ok
08:38:54.0741 3476 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:38:54.0757 3476 MSKSSRV - ok
08:38:54.0773 3476 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:38:54.0788 3476 MSPCLOCK - ok
08:38:54.0804 3476 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:38:54.0822 3476 MSPQM - ok
08:38:54.0838 3476 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:38:54.0838 3476 MsRPC - ok
08:38:54.0869 3476 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:38:54.0884 3476 mssmbios - ok
08:38:54.0884 3476 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:38:54.0916 3476 MSTEE - ok
08:38:54.0931 3476 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:38:54.0931 3476 MTConfig - ok
08:38:54.0962 3476 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
08:38:54.0978 3476 MTsensor - ok
08:38:54.0994 3476 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
08:38:54.0994 3476 Mup - ok
08:38:55.0040 3476 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
08:38:55.0072 3476 napagent - ok
08:38:55.0087 3476 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:38:55.0103 3476 NativeWifiP - ok
08:38:55.0134 3476 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:38:55.0150 3476 NDIS - ok
08:38:55.0165 3476 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:38:55.0196 3476 NdisCap - ok
08:38:55.0212 3476 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:38:55.0228 3476 NdisTapi - ok
08:38:55.0259 3476 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:38:55.0290 3476 Ndisuio - ok
08:38:55.0306 3476 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:38:55.0337 3476 NdisWan - ok
08:38:55.0368 3476 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:38:55.0384 3476 NDProxy - ok
08:38:55.0399 3476 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:38:55.0430 3476 NetBIOS - ok
08:38:55.0477 3476 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:38:55.0508 3476 NetBT - ok
08:38:55.0540 3476 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
08:38:55.0555 3476 Netlogon - ok
08:38:55.0602 3476 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
08:38:55.0618 3476 Netman - ok
08:38:55.0649 3476 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
08:38:55.0664 3476 netprofm - ok
08:38:55.0680 3476 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:38:55.0696 3476 NetTcpPortSharing - ok
08:38:55.0727 3476 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:38:55.0727 3476 nfrd960 - ok
08:38:55.0774 3476 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:38:55.0789 3476 NlaSvc - ok
08:38:55.0805 3476 NMIndexingService - ok
08:38:55.0820 3476 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:38:55.0836 3476 Npfs - ok
08:38:55.0867 3476 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
08:38:55.0883 3476 nsi - ok
08:38:55.0914 3476 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:38:55.0930 3476 nsiproxy - ok
08:38:55.0976 3476 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:38:56.0008 3476 Ntfs - ok
08:38:56.0023 3476 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
08:38:56.0039 3476 Null - ok
08:38:56.0070 3476 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
08:38:56.0086 3476 NVENETFD - ok
08:38:56.0260 3476 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:38:56.0400 3476 nvlddmkm - ok
08:38:56.0431 3476 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:38:56.0431 3476 nvraid - ok
08:38:56.0447 3476 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:38:56.0462 3476 nvstor - ok
08:38:56.0478 3476 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:38:56.0494 3476 nv_agp - ok
08:38:56.0572 3476 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:38:56.0587 3476 odserv - ok
08:38:56.0618 3476 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:38:56.0634 3476 ohci1394 - ok
08:38:56.0681 3476 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:38:56.0696 3476 ose - ok
08:38:56.0712 3476 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:38:56.0728 3476 p2pimsvc - ok
08:38:56.0743 3476 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
08:38:56.0759 3476 p2psvc - ok
08:38:56.0790 3476 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:38:56.0790 3476 Parport - ok
08:38:56.0821 3476 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:38:56.0837 3476 partmgr - ok
08:38:56.0837 3476 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:38:56.0852 3476 Parvdm - ok
08:38:56.0884 3476 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:38:56.0884 3476 PcaSvc - ok
08:38:56.0899 3476 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
08:38:56.0915 3476 pci - ok
08:38:56.0946 3476 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
08:38:56.0962 3476 pciide - ok
08:38:56.0977 3476 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:38:56.0993 3476 pcmcia - ok
08:38:57.0008 3476 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
08:38:57.0008 3476 pcw - ok
08:38:57.0040 3476 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:38:57.0071 3476 PEAUTH - ok
08:38:57.0102 3476 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:38:57.0118 3476 PeerDistSvc - ok
08:38:57.0180 3476 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
08:38:57.0211 3476 pla - ok
08:38:57.0258 3476 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:38:57.0274 3476 PlugPlay - ok
08:38:57.0320 3476 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
08:38:57.0336 3476 PnkBstrA - ok
08:38:57.0367 3476 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:38:57.0367 3476 PNRPAutoReg - ok
08:38:57.0383 3476 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:38:57.0398 3476 PNRPsvc - ok
08:38:57.0430 3476 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:38:57.0461 3476 PolicyAgent - ok
08:38:57.0492 3476 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
08:38:57.0508 3476 Power - ok
08:38:57.0539 3476 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:38:57.0570 3476 PptpMiniport - ok
08:38:57.0570 3476 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:38:57.0586 3476 Processor - ok
08:38:57.0617 3476 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
08:38:57.0632 3476 ProfSvc - ok
08:38:57.0648 3476 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:38:57.0664 3476 ProtectedStorage - ok
08:38:57.0679 3476 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:38:57.0710 3476 Psched - ok
08:38:57.0742 3476 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:38:57.0773 3476 ql2300 - ok
08:38:57.0773 3476 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:38:57.0788 3476 ql40xx - ok
08:38:57.0804 3476 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
08:38:57.0820 3476 QWAVE - ok
08:38:57.0835 3476 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:38:57.0851 3476 QWAVEdrv - ok
08:38:57.0866 3476 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:38:57.0882 3476 RasAcd - ok
08:38:57.0913 3476 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:38:57.0929 3476 RasAgileVpn - ok
08:38:57.0960 3476 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
08:38:57.0976 3476 RasAuto - ok
08:38:57.0991 3476 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:38:58.0007 3476 Rasl2tp - ok
08:38:58.0054 3476 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
08:38:58.0085 3476 RasMan - ok
08:38:58.0085 3476 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:38:58.0116 3476 RasPppoe - ok
08:38:58.0132 3476 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:38:58.0163 3476 RasSstp - ok
08:38:58.0194 3476 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:38:58.0210 3476 rdbss - ok
08:38:58.0225 3476 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:38:58.0241 3476 rdpbus - ok
08:38:58.0241 3476 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:38:58.0272 3476 RDPCDD - ok
08:38:58.0303 3476 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:38:58.0319 3476 RDPDR - ok
08:38:58.0334 3476 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:38:58.0350 3476 RDPENCDD - ok
08:38:58.0381 3476 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:38:58.0397 3476 RDPREFMP - ok
08:38:58.0459 3476 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:38:58.0459 3476 RdpVideoMiniport - ok
08:38:58.0490 3476 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:38:58.0506 3476 RDPWD - ok
08:38:58.0537 3476 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:38:58.0537 3476 rdyboost - ok
08:38:58.0568 3476 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
08:38:58.0584 3476 RemoteAccess - ok
08:38:58.0600 3476 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:38:58.0631 3476 RemoteRegistry - ok
08:38:58.0646 3476 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:38:58.0662 3476 RpcEptMapper - ok
08:38:58.0678 3476 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
08:38:58.0693 3476 RpcLocator - ok
08:38:58.0709 3476 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
08:38:58.0740 3476 RpcSs - ok
08:38:58.0756 3476 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:38:58.0787 3476 rspndr - ok
08:38:58.0802 3476 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:38:58.0802 3476 s3cap - ok
08:38:58.0818 3476 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
08:38:58.0834 3476 SamSs - ok
08:38:58.0849 3476 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:38:58.0865 3476 SASDIFSV - ok
08:38:58.0880 3476 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:38:58.0896 3476 SASKUTIL - ok
08:38:58.0912 3476 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:38:58.0912 3476 sbp2port - ok
08:38:58.0927 3476 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:38:58.0958 3476 SCardSvr - ok
08:38:58.0990 3476 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:38:59.0005 3476 scfilter - ok
08:38:59.0036 3476 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
08:38:59.0052 3476 Schedule - ok
08:38:59.0068 3476 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:38:59.0083 3476 SCPolicySvc - ok
08:38:59.0130 3476 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:38:59.0130 3476 SDRSVC - ok
08:38:59.0208 3476 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
08:38:59.0224 3476 SDScannerService - ok
08:38:59.0286 3476 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:38:59.0302 3476 SDUpdateService - ok
08:38:59.0348 3476 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:38:59.0364 3476 SDWSCService - ok
08:38:59.0395 3476 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:38:59.0411 3476 secdrv - ok
08:38:59.0426 3476 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
08:38:59.0458 3476 seclogon - ok
08:38:59.0489 3476 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
08:38:59.0504 3476 seehcri - ok
08:38:59.0536 3476 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
08:38:59.0551 3476 SENS - ok
08:38:59.0582 3476 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:38:59.0582 3476 SensrSvc - ok
08:38:59.0598 3476 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:38:59.0614 3476 Serenum - ok
08:38:59.0629 3476 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:38:59.0645 3476 Serial - ok
08:38:59.0660 3476 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:38:59.0676 3476 sermouse - ok
08:38:59.0723 3476 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
08:38:59.0738 3476 SessionEnv - ok
08:38:59.0770 3476 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:38:59.0770 3476 sffdisk - ok
08:38:59.0801 3476 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:38:59.0816 3476 sffp_mmc - ok
08:38:59.0850 3476 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:38:59.0850 3476 sffp_sd - ok
08:38:59.0881 3476 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:38:59.0897 3476 sfloppy - ok
08:38:59.0928 3476 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:38:59.0944 3476 SharedAccess - ok
08:38:59.0991 3476 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:39:00.0006 3476 ShellHWDetection - ok
08:39:00.0037 3476 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:39:00.0053 3476 sisagp - ok
08:39:00.0084 3476 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:39:00.0084 3476 SiSRaid2 - ok
08:39:00.0100 3476 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:39:00.0100 3476 SiSRaid4 - ok
08:39:00.0131 3476 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:39:00.0147 3476 Smb - ok
08:39:00.0193 3476 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:39:00.0193 3476 SNMPTRAP - ok
08:39:00.0240 3476 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
08:39:00.0240 3476 speedfan - ok
08:39:00.0256 3476 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
08:39:00.0271 3476 spldr - ok
08:39:00.0318 3476 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
08:39:00.0318 3476 Spooler - ok
08:39:00.0412 3476 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
08:39:00.0459 3476 sppsvc - ok
08:39:00.0474 3476 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:39:00.0490 3476 sppuinotify - ok
08:39:00.0537 3476 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:39:00.0537 3476 srv - ok
08:39:00.0552 3476 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:39:00.0568 3476 srv2 - ok
08:39:00.0583 3476 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:39:00.0599 3476 srvnet - ok
08:39:00.0630 3476 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
08:39:00.0646 3476 ssadbus - ok
08:39:00.0661 3476 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:39:00.0661 3476 ssadmdfl - ok
08:39:00.0677 3476 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
08:39:00.0693 3476 ssadmdm - ok
08:39:00.0724 3476 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
08:39:00.0724 3476 sscdbus - ok
08:39:00.0739 3476 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
08:39:00.0739 3476 sscdmdfl - ok
08:39:00.0755 3476 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
08:39:00.0771 3476 sscdmdm - ok
08:39:00.0786 3476 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:39:00.0817 3476 SSDPSRV - ok
08:39:00.0864 3476 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
08:39:00.0864 3476 ssmdrv - ok
08:39:00.0880 3476 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:39:00.0895 3476 SstpSvc - ok
08:39:00.0927 3476 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:39:00.0927 3476 stexstor - ok
08:39:00.0973 3476 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
08:39:00.0989 3476 StiSvc - ok
08:39:01.0020 3476 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:39:01.0036 3476 storflt - ok
08:39:01.0067 3476 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:39:01.0083 3476 storvsc - ok
08:39:01.0114 3476 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
08:39:01.0129 3476 swenum - ok
08:39:01.0161 3476 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
08:39:01.0192 3476 swprv - ok
08:39:01.0192 3476 Synth3dVsc - ok
08:39:01.0239 3476 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
08:39:01.0270 3476 SysMain - ok
08:39:01.0285 3476 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:39:01.0301 3476 TabletInputService - ok
08:39:01.0332 3476 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
08:39:01.0348 3476 TapiSrv - ok
08:39:01.0379 3476 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
08:39:01.0395 3476 TBS - ok
08:39:01.0441 3476 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:39:01.0473 3476 Tcpip - ok
08:39:01.0519 3476 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:39:01.0547 3476 TCPIP6 - ok
08:39:01.0559 3476 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:39:01.0585 3476 tcpipreg - ok
08:39:01.0620 3476 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:39:01.0630 3476 TDPIPE - ok
08:39:01.0658 3476 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:39:01.0658 3476 TDTCP - ok
08:39:01.0705 3476 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:39:01.0720 3476 tdx - ok
08:39:01.0720 3476 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:39:01.0736 3476 TermDD - ok
08:39:01.0767 3476 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
08:39:01.0798 3476 TermService - ok
08:39:01.0863 3476 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
08:39:01.0863 3476 Themes - ok
08:39:01.0879 3476 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
08:39:01.0910 3476 THREADORDER - ok
08:39:01.0926 3476 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
08:39:01.0941 3476 TrkWks - ok
08:39:01.0988 3476 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:39:02.0004 3476 TrustedInstaller - ok
08:39:02.0035 3476 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:39:02.0066 3476 tssecsrv - ok
08:39:02.0082 3476 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:39:02.0097 3476 TsUsbFlt - ok
08:39:02.0097 3476 tsusbhub - ok
08:39:02.0144 3476 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:39:02.0160 3476 tunnel - ok
08:39:02.0191 3476 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:39:02.0191 3476 uagp35 - ok
08:39:02.0207 3476 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:39:02.0222 3476 udfs - ok
08:39:02.0253 3476 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:39:02.0269 3476 UI0Detect - ok
08:39:02.0285 3476 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:39:02.0300 3476 uliagpkx - ok
08:39:02.0331 3476 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
08:39:02.0347 3476 umbus - ok
08:39:02.0363 3476 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:39:02.0378 3476 UmPass - ok
08:39:02.0409 3476 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
08:39:02.0409 3476 UmRdpService - ok
08:39:02.0441 3476 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
08:39:02.0472 3476 upnphost - ok
08:39:02.0487 3476 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:39:02.0503 3476 usbccgp - ok
08:39:02.0534 3476 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:39:02.0534 3476 usbcir - ok
08:39:02.0565 3476 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:39:02.0581 3476 usbehci - ok
08:39:02.0612 3476 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:39:02.0612 3476 usbhub - ok
08:39:02.0643 3476 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:39:02.0643 3476 usbohci - ok
08:39:02.0675 3476 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:39:02.0675 3476 usbprint - ok
08:39:02.0706 3476 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:39:02.0706 3476 USBSTOR - ok
08:39:02.0721 3476 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:39:02.0737 3476 usbuhci - ok
08:39:02.0753 3476 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
08:39:02.0768 3476 UxSms - ok
08:39:02.0784 3476 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
08:39:02.0799 3476 VaultSvc - ok
08:39:02.0831 3476 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
08:39:02.0846 3476 VClone - ok
08:39:02.0862 3476 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:39:02.0862 3476 vdrvroot - ok
08:39:02.0909 3476 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
08:39:02.0940 3476 vds - ok
08:39:02.0971 3476 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:39:02.0971 3476 vga - ok
08:39:02.0987 3476 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:39:03.0018 3476 VgaSave - ok
08:39:03.0018 3476 VGPU - ok
08:39:03.0049 3476 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:39:03.0065 3476 vhdmp - ok
08:39:03.0080 3476 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:39:03.0096 3476 viaagp - ok
08:39:03.0127 3476 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:39:03.0127 3476 ViaC7 - ok
08:39:03.0158 3476 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
08:39:03.0174 3476 viaide - ok
08:39:03.0205 3476 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:39:03.0221 3476 vmbus - ok
08:39:03.0236 3476 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:39:03.0236 3476 VMBusHID - ok
08:39:03.0267 3476 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:39:03.0283 3476 volmgr - ok
08:39:03.0299 3476 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:39:03.0314 3476 volmgrx - ok
08:39:03.0345 3476 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:39:03.0361 3476 volsnap - ok
08:39:03.0377 3476 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:39:03.0377 3476 vsmraid - ok
08:39:03.0423 3476 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
08:39:03.0455 3476 VSS - ok
08:39:03.0470 3476 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:39:03.0486 3476 vwifibus - ok
08:39:03.0501 3476 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
08:39:03.0533 3476 W32Time - ok
08:39:03.0564 3476 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:39:03.0564 3476 WacomPen - ok
08:39:03.0595 3476 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:39:03.0611 3476 WANARP - ok
08:39:03.0626 3476 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:39:03.0642 3476 Wanarpv6 - ok
08:39:03.0689 3476 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
08:39:03.0704 3476 wbengine - ok
08:39:03.0720 3476 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:39:03.0735 3476 WbioSrvc - ok
08:39:03.0782 3476 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:39:03.0798 3476 wcncsvc - ok
08:39:03.0813 3476 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:39:03.0813 3476 WcsPlugInService - ok
08:39:03.0829 3476 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:39:03.0845 3476 Wd - ok
08:39:03.0860 3476 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:39:03.0876 3476 Wdf01000 - ok
08:39:03.0878 3476 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:39:03.0894 3476 WdiServiceHost - ok
08:39:03.0894 3476 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:39:03.0909 3476 WdiSystemHost - ok
08:39:03.0956 3476 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
08:39:03.0972 3476 WebClient - ok
08:39:03.0987 3476 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:39:04.0003 3476 Wecsvc - ok
08:39:04.0019 3476 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:39:04.0050 3476 wercplsupport - ok
08:39:04.0065 3476 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
08:39:04.0097 3476 WerSvc - ok
08:39:04.0128 3476 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:39:04.0159 3476 WfpLwf - ok
08:39:04.0175 3476 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:39:04.0175 3476 WIMMount - ok
08:39:04.0221 3476 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:39:04.0237 3476 WinDefend - ok
08:39:04.0253 3476 WinHttpAutoProxySvc - ok
08:39:04.0284 3476 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:39:04.0299 3476 Winmgmt - ok
08:39:04.0362 3476 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
08:39:04.0393 3476 WinRM - ok
08:39:04.0440 3476 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:39:04.0455 3476 WinUsb - ok
08:39:04.0502 3476 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:39:04.0518 3476 Wlansvc - ok
08:39:04.0596 3476 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:39:04.0627 3476 wlidsvc - ok
08:39:04.0658 3476 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:39:04.0658 3476 WmiAcpi - ok
08:39:04.0689 3476 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:39:04.0705 3476 wmiApSrv - ok
08:39:04.0767 3476 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:39:04.0783 3476 WMPNetworkSvc - ok
08:39:04.0799 3476 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:39:04.0814 3476 WPCSvc - ok
08:39:04.0830 3476 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:39:04.0845 3476 WPDBusEnum - ok
08:39:04.0861 3476 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:39:04.0877 3476 ws2ifsl - ok
08:39:04.0892 3476 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
08:39:04.0908 3476 wscsvc - ok
08:39:04.0923 3476 WSearch - ok
08:39:04.0988 3476 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:39:05.0020 3476 wuauserv - ok
08:39:05.0051 3476 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:39:05.0066 3476 WudfPf - ok
08:39:05.0098 3476 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:39:05.0113 3476 WUDFRd - ok
08:39:05.0129 3476 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:39:05.0160 3476 wudfsvc - ok
08:39:05.0176 3476 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:39:05.0191 3476 WwanSvc - ok
08:39:05.0207 3476 ================ Scan global ===============================
08:39:05.0238 3476 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
08:39:05.0269 3476 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
08:39:05.0269 3476 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
08:39:05.0300 3476 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:39:05.0316 3476 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:39:05.0316 3476 [Global] - ok
08:39:05.0316 3476 ================ Scan MBR ==================================
08:39:05.0332 3476 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:39:05.0503 3476 \Device\Harddisk0\DR0 - ok
08:39:05.0503 3476 ================ Scan VBR ==================================
08:39:05.0503 3476 [ 5973922D4ACF1BD40491BDEEC6E934F3 ] \Device\Harddisk0\DR0\Partition1
08:39:05.0503 3476 \Device\Harddisk0\DR0\Partition1 - ok
08:39:05.0534 3476 [ 4B1DC6891E5E12B305B1909CA5D04A76 ] \Device\Harddisk0\DR0\Partition2
08:39:05.0534 3476 \Device\Harddisk0\DR0\Partition2 - ok
08:39:05.0534 3476 ============================================================
08:39:05.0534 3476 Scan finished
08:39:05.0534 3476 ============================================================
08:39:05.0550 1008 Detected object count: 2
08:39:05.0550 1008 Actual detected object count: 2
08:39:08.0263 1008 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
08:39:08.0263 1008 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:39:08.0279 1008 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
08:39:08.0279 1008 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke

markusg · 17.12.2012, 11:06

Hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Matze156 · 21.12.2012, 08:47

Guten Morgen,

nachfolgend das Log von Combofix.
Danke vorab und schöne Feiertage!!
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-20.02 - matze 21.12.2012   8:34.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.2163 [GMT 1:00]
ausgeführt von:: c:\users\matze\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-21 bis 2012-12-21  ))))))))))))))))))))))))))))))
.
.
2012-12-21 07:40 . 2012-12-21 07:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-21 07:29 . 2012-12-21 07:40	--------	d-----w-	c:\users\matze\AppData\Local\temp
2012-12-18 08:24 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F2EF66-417C-4CF9-8F47-F6D1EA3CC793}\mpengine.dll
2012-12-16 13:55 . 2012-12-20 17:49	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2012-12-16 13:54 . 2012-12-16 13:54	--------	d-----w-	c:\users\matze\AppData\Local\Programs
2012-12-12 18:49 . 2012-11-22 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 18:48 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 18:48 . 2012-11-05 20:32	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 18:48 . 2012-11-05 20:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-12 18:48 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 06:57 . 2012-04-01 15:55	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-09 06:57 . 2011-05-18 15:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-06 05:55 . 2012-11-06 05:55	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 05:55 . 2012-03-13 07:36	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-06 05:55 . 2012-03-13 07:36	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-27 10:28 . 2012-10-27 10:28	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-09-29 17:54 . 2010-12-09 06:45	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-17 17:24	78336	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^matze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^matze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17	952768	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-12 12:01	348664	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-12-27 14:21	937360	----a-w-	c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-12-27 14:21	21392	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-12-27 14:21	3508624	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54	981656	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33	89456	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-19 06:40]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-19 06:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Free YouTube Download - c:\users\matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: bon.at\webdwk13
Trusted Zone: robinwood.at
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97EA29FA-7674-65B3-5ACE-BF1ECD569507}*]
"pagfpmbeiggeodpmofgbdgiplacbkjal"=hex:61,62,66,69,61,69,6e,62,6d,6f,61,6f,6d,
   70,6e,61,62,66,68,63,70,67,6c,70,68,6a,68,61,61,70,6e,64,6a,65,00,77
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9920D6CB-0778-277B-96C8-76551B49F399}*]
"padggjkbcdppelockdpjifajmmfpagcm"=hex:61,62,69,6b,6a,62,6b,67,6f,6b,61,6e,61,
   64,61,69,70,61,65,62,67,6d,67,6a,6a,6e,6b,61,68,67,63,6b,61,69,00,77
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,f8,99,a0,91,04,d2,5f,7b,8b,e6,f4,59,67,b1,37,99,0b,81,14,46,63,39,
   13,17,2b,39,53,9e,2e,23,f4,eb,f4,e6,27,1d,db,47,d4,15,d5,32,a0,f2,4a,48,75,\
"??"=hex:52,31,51,a3,ca,73,ce,aa,7e,39,13,5a,35,00,37,bb
.
[HKEY_USERS\S-1-5-21-584734664-1867422850-214166890-1001\Software\SecuROM\License information*]
"datasecu"=hex:bf,31,75,93,40,82,9f,15,11,dc,6d,1e,63,2e,21,ef,77,5a,38,54,f5,
   3b,00,4b,4f,4d,20,71,ca,71,81,d7,16,90,85,ab,f4,3f,ab,ce,7c,6b,53,64,16,4a,\
"rkeysecu"=hex:01,89,ae,b7,21,87,db,f9,3c,cf,71,26,28,f2,92,69
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-21  08:41:23
ComboFix-quarantined-files.txt  2012-12-21 07:41
ComboFix2.txt  2012-12-21 07:29
.
Vor Suchlauf: 19 Verzeichnis(se), 174.599.077.888 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 174.555.459.584 Bytes frei
.
- - End Of File - - D8F22B830468174E77ECC902B65BC7AC

--- --- ---

markusg · 21.12.2012, 13:45

Hi,
dir auch.
bin über die Feiertage auch weg.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Matze156 · 24.12.2012, 11:03

Hallo,

anbei das Log aus Malwarebytes. Hier wurde nichts gefunden. Bei SUPERAntiSpyware tauchts noch auf. Habe aber nichts weiter unternommen, sondern die Funde belassen.
Guten Rutsch!

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
matze :: MATZE-PC [Administrator]

23.12.2012 17:53:25
mbam-log-2012-12-23 (17-53-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335817
Laufzeit: 1 Stunde(n), 28 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 27.12.2012, 15:23

Hi,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Matze156 · 06.01.2013, 15:31

Hallo und noch ein frohes neues.
War jetzt einige Tage weg. Sorry.

Hier die Programmliste.
Alle Programme, die draufstehen, sind mir geläufig (außer die Microsoft und Java-Geschichten, aber ohne die läuft wohl auch nix).
Von der Software benutze ich eigentlich alles - mal mehr mal weniger.

Active@ ISO Burner LSoft Technologies 14.03.2012 2.5.1
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 18.10.2011 6,00MB 11.0.1.152
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.11.2012 6,00MB 11.5.502.110
Adobe Reader 9.3.2 - Deutsch Adobe Systems Incorporated 26.04.2010 240MB 9.3.2
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 25.09.2012 11.6.7.637
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 04.08.2012 20,3MB 8.0.877.0
ANNO 1503 24.09.2012
ANNO 1602 31.10.2010
ANSTOSS 3 05.08.2010
Ashampoo Burning Studio 2012 v.10.0.15 Ashampoo GmbH & Co. KG 11.08.2012 143,2MB 10.0.15
aTube Catcher DsNET Corp 13.10.2012 2.9.1328
Avira Free Antivirus Avira 13.11.2012 105,4MB 12.1.9.1236
CCleaner Piriform 19.11.2010 3.00
DivxToDVD 0.5.2b VSO-Software SARL 09.12.2011 0.5.2b
DVR Converter 2.0 Engelmann Media GmbH 20.07.2011 46,7MB 2.0.10.907
FIFA 08 Electronic Arts 01.05.2010 3.956MB 1.0.1.1
Free Studio version 5.0.3 DVDVideoSoft Limited. 08.01.2011 238MB
Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 28.01.2012 85,6MB
GTA2 03.11.2012 1.00.001
IrfanView (remove only) Irfan Skiljan 24.05.2011 1,50MB 4.28
Java 7 Update 9 Oracle 05.11.2012 130,0MB 7.0.90
JavaFX 2.1.1 Oracle Corporation 04.08.2012 20,9MB 2.1.1
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 26.10.2012 19,4MB 1.65.1.1000
Microsoft .NET Framework 1.1 Microsoft 17.08.2010 34,8MB 1.1.4322
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.12.2011 38,8MB 4.0.30320
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 30.12.2011 2,94MB 4.0.30320
Microsoft Office File Validation Add-In Microsoft Corporation 23.01.2012 7,95MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 29.02.2012 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 12.05.2012 182,2MB 5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 30.10.2010 1,70MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.10.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 02.06.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.04.2011 1,42MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.01.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.04.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.11.2011 12,3MB 10.0.40219
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.04.2010 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.04.2010 1,33MB 4.20.9876.0
Need for Speed™ Carbon 03.05.2010
Need for Speed™ SHIFT Electronic Arts 11.05.2010 5.323MB 1.0.0.0
Need for Speed™ Undercover Electronic Arts 18.02.2011 6.493MB 1.0.1.0
Opera 12.10 Opera Software ASA 07.11.2012 12.10.1652
PDFCreator Frank Heindörfer, Philip Chinery 15.04.2010 0.9.9
Playboy - The Mansion Cyberlore Studios 04.09.2011 1.00.0000
Project64 1.6 Project64 25.10.2011 3,47MB 1.6
RadioSure 07.11.2012
Samsung Kies Samsung Electronics Co., Ltd. 30.12.2011 203MB 2.1.0.11112_41
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 20.12.2012 42,1MB 1.4.8.0
SpeedFan (remove only) 24.03.2012
SUPERAntiSpyware SUPERAntiSpyware.com 18.07.2012 125,8MB 5.5.1006
Uninstall 1.0.0.1 15.04.2011 10,9MB
VfB-FanPlayer Version 2.00.7 12.05.2010
VirtualCloneDrive Elaborate Bytes 14.03.2012
VLC media player 1.1.11 VideoLAN 20.07.2011 1.1.11
VobSub v2.23 (Remove Only) 23.07.2011
Windows Live Essentials Microsoft Corporation 26.08.2012 16.4.3503.0728
WinRAR 4.20 (32-Bit) win.rar GmbH 25.06.2012 4.20.0
Xilisoft Download YouTube Video Xilisoft 15.04.2011 2.0.25.1122
XMedia Recode 3.0.1.0 Sebastian Dörfler 30.07.2011 3.0.1.0
XviD MPEG4 Video Codec (remove only) 23.07.2011

Danke vorab

markusg · 06.01.2013, 17:21

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
SUPERAntiSpyware : findet eh nur kookies, weg damit.

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Matze156 · 08.01.2013, 16:56

Hallo.

Habe alle Programme gemäß Instruktion de- (bzw. dann neu runtergeladen) und neu-installiert.

Anbei das Ergebnis von ADW:

# AdwCleaner v2.105 - Datei am 08/01/2013 um 16:54:05 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : matze - MATZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\matze\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\matze\AppData\LocalLow\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKU\S-1-5-21-584734664-1867422850-214166890-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\ma6y1rmv.default\prefs.js

Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\matze\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.10.1652.0

Datei : C:\Users\matze\AppData\Roaming\Opera\Opera\operaprefs.ini

Gefunden : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [3465 octets] - [08/01/2013 16:54:05]

########## EOF - C:\AdwCleaner[R1].txt - [3525 octets] ##########

Schönen Abend und danke!!

markusg · 08.01.2013, 18:27

Hi

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe
alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein
Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den
Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte, testen, wie PC + Programme wie Browser laufen.

Matze156 · 08.01.2013, 20:16

Guten Abend.
Anbei das Ergebnis nach Löschen von ADW.

# AdwCleaner v2.105 - Datei am 08/01/2013 um 20:12:36 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : matze - MATZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\matze\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\matze\AppData\LocalLow\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\ma6y1rmv.default\prefs.js

Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\matze\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.10.1652.0

Datei : C:\Users\matze\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [3594 octets] - [08/01/2013 16:54:05]
AdwCleaner[S1].txt - [3403 octets] - [08/01/2013 20:12:36]

########## EOF - C:\AdwCleaner[S1].txt - [3463 octets] ##########

Rechner fährt sauber hoch. Div. Programme und Browser reagieren normal.
Schönen Abend noch.