Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Virus "Betriebssystem gesperrt"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.03.2012, 16:01   #1
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Hallo,

wie einige andere auch, fiel ich heute auch dem BKA Virus zum Opfer. Wollte mir ein neues Wallpaper holen und dann wurde der Bildschirm weiß und ein Fenster erschien, auf dem stand, dass mein Betriebssystem wegen Sodomie und Kinderpornographie gesperrt worden sei. Ich habe die Suchfunktion bereits bemüht, allerdings wollte ich trotzdem mal ein Thema erstellen, ist ja individuell.

Was ich bereits getan habe:
Ich habe es geschafft, den abgesicherten Modus zu starten und mit Systemwiederherstellung das System auf den Stand vom 18.03.2012 zurückzusetzen. Dann konnte ich auch den normalen Modus wieder starten. Habe bisher zur Sicherheit Avira drüberlaufen lassen, ergab keine Fehler. AdAware läuft grad noch drüber.

Trotzdem würde ich das ganze gerne noch mal abchecken lassen, deswegen dieses Thema. Wäre froh, wenn ich Hilfe bekomme.

Gruß und Danke im Voraus

Hier mal Malwarebytes-Log(s). Den ersten Scan habe ich abgebrochen, weil ich nochmal sicher gehen wollte, ob alle Updates installiert sind. Trotzdem poste ich den Log mal mit.

Erster Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
(X) :: -PC- [Administrator]

Schutz: Aktiviert

22.03.2012 16:29:13
mbam-log-2012-03-22 (16-29-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 37114
Laufzeit: 4 Minute(n), 12 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Zweiter Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
(X) :: -PC- [Administrator]

Schutz: Aktiviert

22.03.2012 16:34:04
mbam-log-2012-03-22 (16-34-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467781
Laufzeit: 2 Stunde(n), 34 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\LIMBO\TDU.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich benutze Windows 7, 64 Bit. PC Name wurde in den Logs mit (X) ersetzt.

Alt 24.03.2012, 19:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Zitat:
C:\Program Files (x86)\LIMBO\TDU.exe (Packer.ModifiedUPX)
Was soll das sein? Aus welcher Quelle?
__________________

__________________

Alt 24.03.2012, 19:52   #3
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Hallo Arne,

vielen Dank für Deine Antwort.

Dieses Limbo war, soweit ich mich noch daran erinnern kann, ein Spiel, das mir mal ein Freund gelinkt hat. Ich wollte es mal spielen, allerdings hat dann mein Antiviren-Scanner angeschlagen, also habe ich es nicht gespielt und sein gelassen. Ich habe gerade noch mal den Chatverlauf angesehen, in dem er mir das Spiel geschickt hat. Der Downloadlink befand sich in der Beschreibung eines YouTube-Videos, das Video wurde aber mittlerweile entfernt. Deswegen kann ich dir leider nicht sagen, woher das war. Bei ihm ging das Spiel ohne Virenmeldung.
__________________

Geändert von Ravenlord=O (24.03.2012 um 19:57 Uhr)

Alt 24.03.2012, 20:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2012, 20:10   #5
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Bevor ich was falsches mache, frage ich lieber nach:

Wenn ich ESET installieren will, wird mir angezeigt, dass andere Antivirensoftware entdeckt wurde, und zwar der Windows Defender. Jetzt habe ich gerade in der Systemsteuerung nachgesehen, ob dieser aktiviert ist und mir wird gesagt, dass er deaktiviert sei. Einfach fortfahren?


Alt 25.03.2012, 15:03   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Ja dann einfach fortfahren
__________________
--> BKA Virus "Betriebssystem gesperrt"

Alt 25.03.2012, 18:19   #7
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Ist grad fertig geworden und hat was von Softonic gefunden.. da ich im Forum schon etwas gelesen hab, weiß ich, dass das Rotz ist. Hier ist das Logfile, ich hoffe, ich hab beim Scan alles richtig gemacht, sonst mach ichs nochmal:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b13c53eeee4d340b3c2598b5ce4c819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 04:03:31
# local_time=2012-03-25 06:03:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 258689 258689 0 0
# compatibility_mode=5893 16776574 66 85 2776890 84312225 0 0
# compatibility_mode=8192 67108863 100 0 69896 69896 0 0
# scanned=268646
# found=1
# cleaned=0
# scan_time=9036
C:\$Recycle.Bin\S-1-5-21-1956246589-3836188182-3508371448-1001\$RD0OF5J.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         

Alt 25.03.2012, 19:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Ja lass die Finger vom Softonic-Müll

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2012, 19:37   #9
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Hier der Log. PC Name wurde durch (X) ersetzt, da er mein eigener Name ist. Habe in letzter Zeit viele Ordner erstellt und PDFs fürs Studium geladen; man erkennt wohl, dass ich Mathematiker bin. *g*.. Danke schon mal im Voraus!

Code:
ATTFilter
OTL logfile created on: 25.03.2012 19:15:16 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\(X)\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,19% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,87 Gb Total Space | 51,46 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive D: | 638,54 Gb Total Space | 490,15 Gb Free Space | 76,76% Space Free | Partition Type: NTFS
 
Computer Name: -PC- | User Name: (X) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 19:12:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.01.15 04:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
PRC - [2011.01.15 04:20:04 | 000,415,072 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
PRC - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.15 04:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.01.15 04:20:04 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.12 10:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.25 14:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 14:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 14:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 14:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 14:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 14:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 14:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2007.08.31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007.06.21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007.06.21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007.06.21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011.02.04 16:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D ED 23 E8 04 15 CB 01  [binary data]
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes,DefaultScope = {1C382ED4-890E-450E-A652-039EAB49E97E}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://forum.germansmash.de/"
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 19:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.16 12:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.02 00:03:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 19:06:03 | 000,000,000 | ---D | M]
 
[2010.06.26 16:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(X)\AppData\Roaming\mozilla\Extensions
[2012.02.15 01:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(X)\AppData\Roaming\mozilla\Firefox\Profiles\9yu0btdu.default\extensions
[2011.07.22 05:57:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\(X)\AppData\Roaming\mozilla\Firefox\Profiles\9yu0btdu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\conduit.xml
[2010.08.14 12:19:25 | 000,002,354 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\ecosia.xml
[2010.10.19 21:27:44 | 000,001,583 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\web-search.xml
[2012.02.05 09:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.23 09:26:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\(X)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YU0BTDU.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\(X)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YU0BTDU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.16 12:50:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.16 07:00:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 07:00:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.16 07:00:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.16 07:00:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.16 07:00:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.16 07:00:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\(X)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85547D12-BB99-450D-8F76-DEAB7C3819E4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D7F8BEC-714E-4320-9965-FB8041E677CA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell - "" = AutoRun
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell - "" = AutoRun
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 19:12:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe
[2012.03.24 21:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.24 21:07:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\(X)\Desktop\esetsmartinstaller_enu.exe
[2012.03.23 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\(X)\Documents\Uebungsblaetter
[2012.03.22 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\Malwarebytes
[2012.03.22 17:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.22 17:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.22 17:28:19 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.22 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.22 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\Avira
[2012.03.22 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.22 16:41:26 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.22 16:41:26 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.22 16:41:26 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.22 16:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.22 16:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.09 19:27:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.09 19:27:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.03.04 21:23:48 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\MiKTeX
[2012.03.04 21:23:45 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Local\MiKTeX
[2012.03.04 21:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.03.04 21:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.03.04 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\benibela
[2012.03.04 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexMakerX
[2012.03.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexMakerX
[2012.03.04 20:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 19:12:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe
[2012.03.25 11:26:12 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 11:26:12 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 11:22:43 | 002,239,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.25 11:22:43 | 001,079,816 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.25 11:22:43 | 000,620,600 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.25 11:22:43 | 000,547,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.25 11:22:43 | 000,005,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.25 11:17:09 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.25 11:15:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 11:15:26 | 3218,939,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 21:07:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\(X)\Desktop\esetsmartinstaller_enu.exe
[2012.03.23 17:59:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.23 17:59:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.22 17:28:26 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:41:47 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.21 20:02:18 | 000,646,001 | ---- | M] () -- C:\Users\(X)\Desktop\2012-03-21 18.02.19.jpg
[2012.03.14 23:42:45 | 043,578,663 | ---- | M] () -- C:\Users\(X)\Documents\3Plusss - Kindskopf EP 2012.zip
[2012.03.14 23:23:29 | 080,219,982 | ---- | M] () -- C:\Users\(X)\Documents\donetasy-lesbensindcoolhomossindschwul.7z
[2012.03.14 19:50:17 | 000,314,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.09 13:56:25 | 000,013,012 | ---- | M] () -- C:\Users\(X)\Documents\Stundenplan_Semester_3.ods
[2012.03.06 12:48:54 | 000,005,350 | ---- | M] () -- C:\Users\(X)\Documents\besser.axp
[2012.03.06 12:26:40 | 000,869,772 | ---- | M] () -- C:\Users\(X)\Documents\61805-5.mp3
[2012.03.06 12:11:49 | 000,664,554 | ---- | M] () -- C:\Users\(X)\Documents\62357-3.mp3
[2012.03.06 12:11:20 | 001,313,226 | ---- | M] () -- C:\Users\(X)\Documents\62804-5.mp3
[2012.03.06 12:11:09 | 001,137,265 | ---- | M] () -- C:\Users\(X)\Documents\62804-3.mp3
[2012.03.06 12:10:04 | 000,598,307 | ---- | M] () -- C:\Users\(X)\Documents\59758-5.mp3
[2012.03.06 12:09:08 | 000,431,750 | ---- | M] () -- C:\Users\(X)\Documents\60249-3.mp3
[2012.03.06 12:08:08 | 000,708,439 | ---- | M] () -- C:\Users\(X)\Documents\61332-9.mp3
[2012.03.06 12:07:47 | 001,042,807 | ---- | M] () -- C:\Users\(X)\Documents\61332-3.mp3
[2012.03.06 12:07:09 | 001,176,136 | ---- | M] () -- C:\Users\(X)\Documents\63359-2.mp3
[2012.03.05 14:06:35 | 000,217,298 | ---- | M] () -- C:\Users\(X)\Stochastik.pdf
[2012.03.05 14:06:35 | 000,012,150 | ---- | M] () -- C:\Users\(X)\Stochastik.synctex.gz
[2012.03.05 14:06:35 | 000,000,009 | ---- | M] () -- C:\Users\(X)\Stochastik.aux
[2012.03.05 14:06:31 | 000,004,136 | ---- | M] () -- C:\Users\(X)\Stochastik.tex
[2012.03.05 13:52:00 | 000,190,896 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.pdf
[2012.03.05 13:52:00 | 000,010,182 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.synctex.gz
[2012.03.05 13:52:00 | 000,003,562 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.tex
[2012.03.05 13:52:00 | 000,000,009 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.aux
[2012.03.05 00:16:52 | 000,211,731 | ---- | M] () -- C:\Users\(X)\Analysis.pdf
[2012.03.05 00:16:52 | 000,010,052 | ---- | M] () -- C:\Users\(X)\Analysis.synctex.gz
[2012.03.05 00:16:52 | 000,000,009 | ---- | M] () -- C:\Users\(X)\Analysis.aux
[2012.03.05 00:16:51 | 000,003,631 | ---- | M] () -- C:\Users\(X)\Analysis.tex
[2012.03.04 23:39:26 | 000,152,973 | ---- | M] () -- C:\Users\(X)\AlgebraI.pdf
[2012.03.04 23:39:26 | 000,005,387 | ---- | M] () -- C:\Users\(X)\AlgebraI.synctex.gz
[2012.03.04 23:39:26 | 000,002,004 | ---- | M] () -- C:\Users\(X)\AlgebraI.tex
[2012.03.04 23:39:26 | 000,000,009 | ---- | M] () -- C:\Users\(X)\AlgebraI.aux
[2012.03.04 23:04:19 | 000,176,411 | ---- | M] () -- C:\Users\(X)\bla.pdf
[2012.03.04 23:04:19 | 000,011,706 | ---- | M] () -- C:\Users\(X)\bla.synctex.gz
[2012.03.04 23:04:19 | 000,003,909 | ---- | M] () -- C:\Users\(X)\bla.tex
[2012.03.04 23:04:19 | 000,000,009 | ---- | M] () -- C:\Users\(X)\bla.aux
[2012.03.04 20:46:37 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TexMakerX.lnk
[2012.03.04 20:37:39 | 1223,854,878 | ---- | M] () -- C:\Users\(X)\Documents\ProTeXt-3.0-070811.exe
[2012.03.04 17:36:16 | 046,751,131 | ---- | M] () -- C:\Users\(X)\Documents\The Edgar Wasser Freetrack Collection Vol. 2.zip
[2012.03.01 14:44:20 | 000,023,099 | ---- | M] () -- C:\Users\(X)\Documents\NoteCode.pdf
 
========== Files Created - No Company Name ==========
 
[2012.03.24 10:54:13 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.22 17:28:26 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:41:47 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.21 19:08:43 | 000,646,001 | ---- | C] () -- C:\Users\(X)\Desktop\2012-03-21 18.02.19.jpg
[2012.03.14 23:40:21 | 043,578,663 | ---- | C] () -- C:\Users\(X)\Documents\3Plusss - Kindskopf EP 2012.zip
[2012.03.14 23:22:49 | 080,219,982 | ---- | C] () -- C:\Users\(X)\Documents\donetasy-lesbensindcoolhomossindschwul.7z
[2012.03.06 12:48:54 | 000,005,350 | ---- | C] () -- C:\Users\(X)\Documents\besser.axp
[2012.03.06 12:26:39 | 000,869,772 | ---- | C] () -- C:\Users\(X)\Documents\61805-5.mp3
[2012.03.06 12:11:48 | 000,664,554 | ---- | C] () -- C:\Users\(X)\Documents\62357-3.mp3
[2012.03.06 12:11:19 | 001,313,226 | ---- | C] () -- C:\Users\(X)\Documents\62804-5.mp3
[2012.03.06 12:11:08 | 001,137,265 | ---- | C] () -- C:\Users\(X)\Documents\62804-3.mp3
[2012.03.06 12:10:04 | 000,598,307 | ---- | C] () -- C:\Users\(X)\Documents\59758-5.mp3
[2012.03.06 12:09:08 | 000,431,750 | ---- | C] () -- C:\Users\(X)\Documents\60249-3.mp3
[2012.03.06 12:08:08 | 000,708,439 | ---- | C] () -- C:\Users\(X)\Documents\61332-9.mp3
[2012.03.06 12:07:46 | 001,042,807 | ---- | C] () -- C:\Users\(X)\Documents\61332-3.mp3
[2012.03.06 12:07:09 | 001,176,136 | ---- | C] () -- C:\Users\(X)\Documents\63359-2.mp3
[2012.03.05 13:07:55 | 000,190,896 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.pdf
[2012.03.05 13:07:54 | 000,010,182 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.synctex.gz
[2012.03.05 13:07:54 | 000,000,009 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.aux
[2012.03.05 13:07:51 | 000,003,562 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.tex
[2012.03.04 23:52:59 | 000,211,731 | ---- | C] () -- C:\Users\(X)\Analysis.pdf
[2012.03.04 23:52:59 | 000,010,052 | ---- | C] () -- C:\Users\(X)\Analysis.synctex.gz
[2012.03.04 23:49:34 | 000,000,009 | ---- | C] () -- C:\Users\(X)\Analysis.aux
[2012.03.04 23:49:32 | 000,003,631 | ---- | C] () -- C:\Users\(X)\Analysis.tex
[2012.03.04 23:26:45 | 000,152,973 | ---- | C] () -- C:\Users\(X)\AlgebraI.pdf
[2012.03.04 23:26:45 | 000,005,387 | ---- | C] () -- C:\Users\(X)\AlgebraI.synctex.gz
[2012.03.04 23:26:45 | 000,000,009 | ---- | C] () -- C:\Users\(X)\AlgebraI.aux
[2012.03.04 23:26:31 | 000,002,004 | ---- | C] () -- C:\Users\(X)\AlgebraI.tex
[2012.03.04 23:04:55 | 000,217,298 | ---- | C] () -- C:\Users\(X)\Stochastik.pdf
[2012.03.04 23:04:55 | 000,012,150 | ---- | C] () -- C:\Users\(X)\Stochastik.synctex.gz
[2012.03.04 23:04:55 | 000,000,009 | ---- | C] () -- C:\Users\(X)\Stochastik.aux
[2012.03.04 23:04:52 | 000,004,136 | ---- | C] () -- C:\Users\(X)\Stochastik.tex
[2012.03.04 21:28:27 | 000,011,706 | ---- | C] () -- C:\Users\(X)\bla.synctex.gz
[2012.03.04 21:24:16 | 000,176,411 | ---- | C] () -- C:\Users\(X)\bla.pdf
[2012.03.04 21:24:16 | 000,000,009 | ---- | C] () -- C:\Users\(X)\bla.aux
[2012.03.04 21:23:45 | 000,003,909 | ---- | C] () -- C:\Users\(X)\bla.tex
[2012.03.04 20:46:37 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\TexMakerX.lnk
[2012.03.04 20:02:52 | 1223,854,878 | ---- | C] () -- C:\Users\(X)\Documents\ProTeXt-3.0-070811.exe
[2012.03.04 17:29:17 | 046,751,131 | ---- | C] () -- C:\Users\(X)\Documents\The Edgar Wasser Freetrack Collection Vol. 2.zip
[2012.03.01 14:44:18 | 000,023,099 | ---- | C] () -- C:\Users\(X)\Documents\NoteCode.pdf
[2011.07.14 11:57:02 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll
[2011.07.14 11:57:02 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2011.07.14 11:57:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll
[2011.04.22 16:59:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.22 16:59:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.13 12:02:20 | 000,005,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.22 18:56:26 | 000,245,227 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.01.22 18:56:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.07.22 19:01:03 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.07.20 16:56:29 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.19 20:56:29 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.06.26 16:15:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.26 10:04:21 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2011.07.16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\.minecraft
[2010.09.09 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Amazon
[2011.11.11 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Audacity
[2012.03.04 21:17:50 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\benibela
[2010.07.22 19:01:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Canneverbe Limited
[2011.10.01 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoft
[2011.04.17 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.30 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Dyyno
[2011.08.14 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\FileZilla
[2011.08.01 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\gtk-2.0
[2012.03.25 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\ICQ
[2012.03.23 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\IrfanView
[2012.03.04 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\LyX2.0
[2010.10.12 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\OpenOffice.org
[2010.08.23 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Publish Providers
[2012.01.20 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony
[2010.07.16 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony Setup
[2012.03.25 11:17:09 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.02.19 11:39:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\.minecraft
[2010.06.26 10:18:33 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Adobe
[2010.09.09 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Amazon
[2011.11.11 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Audacity
[2012.03.22 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Avira
[2012.03.04 21:17:50 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\benibela
[2010.07.22 19:01:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Canneverbe Limited
[2012.02.13 15:54:41 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\codeblocks
[2011.04.02 00:54:31 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DivX
[2011.10.01 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoft
[2011.04.17 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.30 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Dyyno
[2011.08.14 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\FileZilla
[2011.08.01 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\gtk-2.0
[2011.01.27 22:35:37 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\HP
[2012.03.25 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\ICQ
[2010.06.26 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Identities
[2012.03.23 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\IrfanView
[2012.03.04 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\LyX2.0
[2010.06.26 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Macromedia
[2012.03.22 17:28:35 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Media Center Programs
[2010.12.25 00:57:22 | 000,000,000 | --SD | M] -- C:\Users\(X)\AppData\Roaming\Microsoft
[2012.03.04 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\MiKTeX
[2010.06.26 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Mozilla
[2011.09.25 00:02:15 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\NCH Software
[2011.08.10 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\NVIDIA
[2010.10.12 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\OpenOffice.org
[2010.08.23 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Publish Providers
[2011.06.09 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Real
[2012.03.25 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Skype
[2011.07.05 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\skypePM
[2012.01.20 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony
[2010.07.16 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony Setup
[2010.07.19 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.07.20 16:34:10 | 000,029,926 | R--- | M] () -- C:\Users\(X)\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010.07.16 19:21:21 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\(X)\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
Gruß

Alt 26.03.2012, 12:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D ED 23 E8 04 15 CB 01  [binary data]
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes,DefaultScope = {1C382ED4-890E-450E-A652-039EAB49E97E}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell - "" = AutoRun
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell - "" = AutoRun
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell\AutoRun\command - "" = E:\pushinst.exe
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2012, 13:31   #11
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Hier das Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C382ED4-890E-450E-A652-039EAB49E97E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
File E:\pushinst.exe not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: (X)
->Temp folder emptied: 1943242629 bytes
->Temporary Internet Files folder emptied: 159891423 bytes
->Java cache emptied: 11397444 bytes
->FireFox cache emptied: 960933711 bytes
->Flash cache emptied: 436409 bytes
 
User: AppData
 
User: copy
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295954974 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 46780202189 bytes
 
Total Files Cleaned = 47.829,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_131438

Files\Folders moved on Reboot...
C:\Users\(X)\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 26.03.2012, 16:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2012, 17:44   #13
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



TDSS-Log:

Code:
ATTFilter
17:42:28.0314 4900	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:42:28.0510 4900	============================================================
17:42:28.0510 4900	Current date / time: 2012/03/26 17:42:28.0510
17:42:28.0510 4900	SystemInfo:
17:42:28.0510 4900	
17:42:28.0510 4900	OS Version: 6.1.7601 ServicePack: 1.0
17:42:28.0510 4900	Product type: Workstation
17:42:28.0511 4900	ComputerName: -PC-
17:42:28.0511 4900	UserName: (X)
17:42:28.0511 4900	Windows directory: C:\Windows
17:42:28.0511 4900	System windows directory: C:\Windows
17:42:28.0511 4900	Running under WOW64
17:42:28.0511 4900	Processor architecture: Intel x64
17:42:28.0511 4900	Number of processors: 4
17:42:28.0511 4900	Page size: 0x1000
17:42:28.0511 4900	Boot type: Normal boot
17:42:28.0511 4900	============================================================
17:42:30.0443 4900	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
17:42:30.0446 4900	\Device\Harddisk0\DR0:
17:42:30.0446 4900	MBR used
17:42:30.0446 4900	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:42:30.0446 4900	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BD800
17:42:30.0446 4900	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0x4FD15800
17:42:30.0537 4900	Initialize success
17:42:30.0537 4900	============================================================
17:43:01.0486 4888	============================================================
17:43:01.0486 4888	Scan started
17:43:01.0486 4888	Mode: Manual; SigCheck; TDLFS; 
17:43:01.0486 4888	============================================================
17:43:02.0559 4888	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:43:02.0667 4888	1394ohci - ok
17:43:02.0706 4888	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:43:02.0719 4888	ACPI - ok
17:43:02.0760 4888	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:43:02.0929 4888	AcpiPmi - ok
17:43:02.0998 4888	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:43:03.0014 4888	adp94xx - ok
17:43:03.0035 4888	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:43:03.0048 4888	adpahci - ok
17:43:03.0064 4888	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:43:03.0075 4888	adpu320 - ok
17:43:03.0096 4888	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:43:03.0187 4888	AeLookupSvc - ok
17:43:03.0224 4888	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:43:03.0273 4888	AFD - ok
17:43:03.0291 4888	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:43:03.0301 4888	agp440 - ok
17:43:03.0317 4888	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:43:03.0367 4888	ALG - ok
17:43:03.0384 4888	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:43:03.0393 4888	aliide - ok
17:43:03.0400 4888	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:43:03.0407 4888	amdide - ok
17:43:03.0426 4888	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:43:03.0466 4888	AmdK8 - ok
17:43:03.0519 4888	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:43:03.0549 4888	AmdPPM - ok
17:43:03.0580 4888	amdsata         (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
17:43:03.0599 4888	amdsata - ok
17:43:03.0659 4888	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:43:03.0669 4888	amdsbs - ok
17:43:03.0685 4888	amdxata         (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
17:43:03.0691 4888	amdxata - ok
17:43:03.0877 4888	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:43:03.0884 4888	AntiVirSchedulerService - ok
17:43:03.0933 4888	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:43:03.0939 4888	AntiVirService - ok
17:43:03.0976 4888	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:43:04.0020 4888	AppID - ok
17:43:04.0035 4888	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:43:04.0084 4888	AppIDSvc - ok
17:43:04.0114 4888	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:43:04.0154 4888	Appinfo - ok
17:43:04.0187 4888	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:43:04.0198 4888	arc - ok
17:43:04.0207 4888	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:43:04.0216 4888	arcsas - ok
17:43:04.0248 4888	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:04.0292 4888	AsyncMac - ok
17:43:04.0308 4888	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:43:04.0318 4888	atapi - ok
17:43:04.0351 4888	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:04.0401 4888	AudioEndpointBuilder - ok
17:43:04.0410 4888	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:04.0445 4888	AudioSrv - ok
17:43:04.0505 4888	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
17:43:04.0512 4888	avgntflt - ok
17:43:04.0541 4888	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
17:43:04.0550 4888	avipbb - ok
17:43:04.0563 4888	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:43:04.0569 4888	avkmgr - ok
17:43:04.0619 4888	AVM WLAN Connection Service (d1a9ae485fff7c72ca50d8949b2210b9) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
17:43:04.0626 4888	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
17:43:04.0626 4888	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
17:43:04.0648 4888	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
17:43:04.0655 4888	avmeject - ok
17:43:04.0694 4888	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:43:04.0779 4888	AxInstSV - ok
17:43:04.0811 4888	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:43:04.0874 4888	b06bdrv - ok
17:43:04.0894 4888	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:04.0916 4888	b57nd60a - ok
17:43:04.0987 4888	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:43:05.0025 4888	BDESVC - ok
17:43:05.0037 4888	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:43:05.0079 4888	Beep - ok
17:43:05.0134 4888	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:43:05.0169 4888	BFE - ok
17:43:05.0212 4888	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:43:05.0264 4888	BITS - ok
17:43:05.0295 4888	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:43:05.0335 4888	blbdrive - ok
17:43:05.0373 4888	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:43:05.0410 4888	bowser - ok
17:43:05.0452 4888	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:43:05.0502 4888	BrFiltLo - ok
17:43:05.0512 4888	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:43:05.0525 4888	BrFiltUp - ok
17:43:05.0593 4888	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:43:05.0640 4888	Browser - ok
17:43:05.0660 4888	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:43:05.0740 4888	Brserid - ok
17:43:05.0754 4888	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:05.0781 4888	BrSerWdm - ok
17:43:05.0803 4888	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:05.0847 4888	BrUsbMdm - ok
17:43:05.0853 4888	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:05.0865 4888	BrUsbSer - ok
17:43:05.0887 4888	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:43:05.0911 4888	BTHMODEM - ok
17:43:05.0967 4888	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:43:05.0997 4888	bthserv - ok
17:43:06.0016 4888	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:43:06.0057 4888	cdfs - ok
17:43:06.0099 4888	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:43:06.0125 4888	cdrom - ok
17:43:06.0153 4888	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:43:06.0209 4888	CertPropSvc - ok
17:43:06.0216 4888	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:43:06.0229 4888	circlass - ok
17:43:06.0253 4888	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:43:06.0267 4888	CLFS - ok
17:43:06.0317 4888	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:06.0327 4888	clr_optimization_v2.0.50727_32 - ok
17:43:06.0370 4888	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:06.0379 4888	clr_optimization_v2.0.50727_64 - ok
17:43:06.0495 4888	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:43:06.0516 4888	clr_optimization_v4.0.30319_32 - ok
17:43:06.0554 4888	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:43:06.0562 4888	clr_optimization_v4.0.30319_64 - ok
17:43:06.0583 4888	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:43:06.0593 4888	CmBatt - ok
17:43:06.0612 4888	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:43:06.0619 4888	cmdide - ok
17:43:06.0673 4888	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:43:06.0693 4888	CNG - ok
17:43:06.0707 4888	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:43:06.0715 4888	Compbatt - ok
17:43:06.0749 4888	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:43:06.0801 4888	CompositeBus - ok
17:43:06.0819 4888	COMSysApp - ok
17:43:06.0839 4888	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:43:06.0846 4888	crcdisk - ok
17:43:06.0880 4888	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:43:06.0939 4888	CryptSvc - ok
17:43:06.0980 4888	DCamUSBEMPIA    (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
17:43:07.0039 4888	DCamUSBEMPIA - ok
17:43:07.0077 4888	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:43:07.0126 4888	DcomLaunch - ok
17:43:07.0166 4888	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:43:07.0209 4888	defragsvc - ok
17:43:07.0264 4888	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:43:07.0305 4888	DfsC - ok
17:43:07.0326 4888	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:43:07.0356 4888	Dhcp - ok
17:43:07.0402 4888	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:43:07.0467 4888	discache - ok
17:43:07.0564 4888	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:43:07.0572 4888	Disk - ok
17:43:07.0621 4888	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:43:07.0663 4888	Dnscache - ok
17:43:07.0689 4888	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:43:07.0729 4888	dot3svc - ok
17:43:07.0772 4888	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:43:07.0800 4888	Dot4 - ok
17:43:07.0850 4888	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:43:07.0875 4888	Dot4Print - ok
17:43:07.0904 4888	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:43:07.0930 4888	dot4usb - ok
17:43:07.0963 4888	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:43:08.0000 4888	DPS - ok
17:43:08.0030 4888	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:43:08.0055 4888	drmkaud - ok
17:43:08.0093 4888	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:43:08.0116 4888	DXGKrnl - ok
17:43:08.0198 4888	Dyyno Launcher  (2de3e24ee3409ce33f49b2d7b6603360) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
17:43:08.0208 4888	Dyyno Launcher - ok
17:43:08.0220 4888	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:43:08.0251 4888	EapHost - ok
17:43:08.0306 4888	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:43:08.0357 4888	ebdrv - ok
17:43:08.0392 4888	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:43:08.0430 4888	EFS - ok
17:43:08.0465 4888	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:43:08.0511 4888	ehRecvr - ok
17:43:08.0531 4888	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:43:08.0568 4888	ehSched - ok
17:43:08.0601 4888	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:43:08.0617 4888	elxstor - ok
17:43:08.0679 4888	emAudio         (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
17:43:08.0710 4888	emAudio - ok
17:43:08.0742 4888	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:43:08.0763 4888	ErrDev - ok
17:43:08.0795 4888	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:43:08.0842 4888	EventSystem - ok
17:43:08.0858 4888	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:43:08.0902 4888	exfat - ok
17:43:08.0920 4888	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:43:08.0964 4888	fastfat - ok
17:43:09.0007 4888	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:43:09.0050 4888	Fax - ok
17:43:09.0063 4888	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:43:09.0073 4888	fdc - ok
17:43:09.0104 4888	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:43:09.0144 4888	fdPHost - ok
17:43:09.0162 4888	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:43:09.0206 4888	FDResPub - ok
17:43:09.0218 4888	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:43:09.0227 4888	FileInfo - ok
17:43:09.0250 4888	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:43:09.0288 4888	Filetrace - ok
17:43:09.0312 4888	FiltUSBEMPIA    (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
17:43:09.0349 4888	FiltUSBEMPIA - ok
17:43:09.0371 4888	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:43:09.0381 4888	flpydisk - ok
17:43:09.0402 4888	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:43:09.0414 4888	FltMgr - ok
17:43:09.0471 4888	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:43:09.0517 4888	FontCache - ok
17:43:09.0597 4888	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:09.0604 4888	FontCache3.0.0.0 - ok
17:43:09.0620 4888	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:43:09.0630 4888	FsDepends - ok
17:43:09.0645 4888	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:43:09.0653 4888	Fs_Rec - ok
17:43:09.0708 4888	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:43:09.0723 4888	fvevol - ok
17:43:09.0766 4888	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
17:43:09.0806 4888	FWLANUSB - ok
17:43:09.0834 4888	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:43:09.0842 4888	gagp30kx - ok
17:43:09.0858 4888	gdrv - ok
17:43:09.0891 4888	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:43:09.0941 4888	gpsvc - ok
17:43:09.0961 4888	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:43:09.0998 4888	hcw85cir - ok
17:43:10.0030 4888	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:43:10.0047 4888	HdAudAddService - ok
17:43:10.0071 4888	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:43:10.0084 4888	HDAudBus - ok
17:43:10.0102 4888	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:43:10.0113 4888	HidBatt - ok
17:43:10.0124 4888	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:43:10.0137 4888	HidBth - ok
17:43:10.0146 4888	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:43:10.0170 4888	HidIr - ok
17:43:10.0203 4888	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:43:10.0247 4888	hidserv - ok
17:43:10.0288 4888	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:43:10.0298 4888	HidUsb - ok
17:43:10.0323 4888	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:43:10.0365 4888	hkmsvc - ok
17:43:10.0388 4888	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:43:10.0429 4888	HomeGroupListener - ok
17:43:10.0449 4888	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:43:10.0470 4888	HomeGroupProvider - ok
17:43:10.0674 4888	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:43:10.0693 4888	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0693 4888	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:43:10.0714 4888	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:43:10.0718 4888	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0718 4888	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:43:10.0784 4888	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:43:10.0841 4888	HpSAMD - ok
17:43:10.0916 4888	HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:43:10.0948 4888	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0948 4888	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:43:10.0988 4888	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:43:11.0037 4888	HTTP - ok
17:43:11.0072 4888	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:43:11.0082 4888	hwpolicy - ok
17:43:11.0142 4888	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:43:11.0153 4888	i8042prt - ok
17:43:11.0191 4888	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:43:11.0207 4888	iaStorV - ok
17:43:11.0349 4888	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:11.0370 4888	idsvc - ok
17:43:11.0391 4888	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:43:11.0401 4888	iirsp - ok
17:43:11.0423 4888	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:43:11.0470 4888	IKEEXT - ok
17:43:11.0540 4888	IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
17:43:11.0579 4888	IntcAzAudAddService - ok
17:43:11.0597 4888	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:43:11.0604 4888	intelide - ok
17:43:11.0627 4888	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:43:11.0651 4888	intelppm - ok
17:43:11.0685 4888	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:43:11.0728 4888	IPBusEnum - ok
17:43:11.0756 4888	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:11.0794 4888	IpFilterDriver - ok
17:43:11.0815 4888	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:43:11.0866 4888	iphlpsvc - ok
17:43:11.0892 4888	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:43:11.0903 4888	IPMIDRV - ok
17:43:11.0925 4888	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:43:11.0964 4888	IPNAT - ok
17:43:11.0987 4888	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:43:12.0040 4888	IRENUM - ok
17:43:12.0056 4888	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:43:12.0067 4888	isapnp - ok
17:43:12.0087 4888	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:43:12.0099 4888	iScsiPrt - ok
17:43:12.0121 4888	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:43:12.0131 4888	kbdclass - ok
17:43:12.0162 4888	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:43:12.0185 4888	kbdhid - ok
17:43:12.0210 4888	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:12.0219 4888	KeyIso - ok
17:43:12.0247 4888	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:43:12.0256 4888	KSecDD - ok
17:43:12.0287 4888	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:43:12.0299 4888	KSecPkg - ok
17:43:12.0319 4888	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:43:12.0357 4888	ksthunk - ok
17:43:12.0386 4888	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:43:12.0431 4888	KtmRm - ok
17:43:12.0451 4888	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:43:12.0491 4888	LanmanServer - ok
17:43:12.0519 4888	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:43:12.0563 4888	LanmanWorkstation - ok
17:43:12.0771 4888	Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:43:12.0804 4888	Lavasoft Ad-Aware Service - ok
17:43:12.0845 4888	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:43:12.0852 4888	Lavasoft Kernexplorer - ok
17:43:12.0883 4888	Lbd             (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
17:43:12.0890 4888	Lbd - ok
17:43:12.0934 4888	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:43:12.0974 4888	lltdio - ok
17:43:13.0002 4888	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:43:13.0047 4888	lltdsvc - ok
17:43:13.0077 4888	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:43:13.0106 4888	lmhosts - ok
17:43:13.0137 4888	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:43:13.0146 4888	LSI_FC - ok
17:43:13.0175 4888	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:43:13.0187 4888	LSI_SAS - ok
17:43:13.0197 4888	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:43:13.0205 4888	LSI_SAS2 - ok
17:43:13.0214 4888	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:43:13.0224 4888	LSI_SCSI - ok
17:43:13.0245 4888	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:43:13.0287 4888	luafv - ok
17:43:13.0314 4888	MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
17:43:13.0331 4888	MarvinBus - ok
17:43:13.0376 4888	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:43:13.0384 4888	MBAMProtector - ok
17:43:13.0430 4888	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:43:13.0446 4888	MBAMService - ok
17:43:13.0470 4888	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:43:13.0494 4888	Mcx2Svc - ok
17:43:13.0515 4888	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:43:13.0523 4888	megasas - ok
17:43:13.0548 4888	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:43:13.0560 4888	MegaSR - ok
17:43:13.0620 4888	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:43:13.0662 4888	MMCSS - ok
17:43:13.0683 4888	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:43:13.0721 4888	Modem - ok
17:43:13.0758 4888	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:43:13.0786 4888	monitor - ok
17:43:13.0811 4888	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:43:13.0819 4888	mouclass - ok
17:43:13.0860 4888	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:43:13.0883 4888	mouhid - ok
17:43:13.0911 4888	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:43:13.0920 4888	mountmgr - ok
17:43:13.0953 4888	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:43:13.0964 4888	MpFilter - ok
17:43:14.0004 4888	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:43:14.0014 4888	mpio - ok
17:43:14.0047 4888	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:43:14.0054 4888	MpNWMon - ok
17:43:14.0070 4888	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:43:14.0099 4888	mpsdrv - ok
17:43:14.0139 4888	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:43:14.0187 4888	MpsSvc - ok
17:43:14.0213 4888	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:43:14.0241 4888	MRxDAV - ok
17:43:14.0265 4888	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:14.0298 4888	mrxsmb - ok
17:43:14.0332 4888	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:14.0360 4888	mrxsmb10 - ok
17:43:14.0377 4888	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:14.0388 4888	mrxsmb20 - ok
17:43:14.0405 4888	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:43:14.0413 4888	msahci - ok
17:43:14.0430 4888	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:43:14.0440 4888	msdsm - ok
17:43:14.0461 4888	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:43:14.0484 4888	MSDTC - ok
17:43:14.0524 4888	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:43:14.0552 4888	Msfs - ok
17:43:14.0583 4888	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:43:14.0652 4888	mshidkmdf - ok
17:43:14.0807 4888	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:43:14.0814 4888	msisadrv - ok
17:43:14.0842 4888	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:43:14.0886 4888	MSiSCSI - ok
17:43:14.0892 4888	msiserver - ok
17:43:14.0924 4888	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:43:14.0953 4888	MSKSSRV - ok
17:43:15.0068 4888	MsMpSvc         (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:43:15.0076 4888	MsMpSvc - ok
17:43:15.0083 4888	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:15.0112 4888	MSPCLOCK - ok
17:43:15.0126 4888	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:43:15.0166 4888	MSPQM - ok
17:43:15.0200 4888	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:43:15.0214 4888	MsRPC - ok
17:43:15.0238 4888	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:43:15.0245 4888	mssmbios - ok
17:43:15.0262 4888	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:43:15.0290 4888	MSTEE - ok
17:43:15.0298 4888	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:43:15.0320 4888	MTConfig - ok
17:43:15.0352 4888	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:43:15.0361 4888	Mup - ok
17:43:15.0395 4888	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:43:15.0439 4888	napagent - ok
17:43:15.0473 4888	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:43:15.0506 4888	NativeWifiP - ok
17:43:15.0532 4888	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:43:15.0554 4888	NDIS - ok
17:43:15.0591 4888	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:15.0620 4888	NdisCap - ok
17:43:15.0651 4888	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:15.0681 4888	NdisTapi - ok
17:43:15.0718 4888	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:15.0759 4888	Ndisuio - ok
17:43:15.0833 4888	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:15.0877 4888	NdisWan - ok
17:43:15.0905 4888	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:43:15.0945 4888	NDProxy - ok
17:43:15.0984 4888	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:43:15.0999 4888	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:43:15.0999 4888	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:43:16.0026 4888	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:43:16.0065 4888	NetBIOS - ok
17:43:16.0096 4888	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:43:16.0126 4888	NetBT - ok
17:43:16.0159 4888	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:16.0168 4888	Netlogon - ok
17:43:16.0205 4888	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:43:16.0257 4888	Netman - ok
17:43:16.0281 4888	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:43:16.0314 4888	netprofm - ok
17:43:16.0377 4888	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:43:16.0385 4888	NetTcpPortSharing - ok
17:43:16.0399 4888	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:43:16.0408 4888	nfrd960 - ok
17:43:16.0457 4888	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:43:16.0465 4888	NisDrv - ok
17:43:16.0565 4888	NisSrv          (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
17:43:16.0579 4888	NisSrv - ok
17:43:16.0601 4888	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:43:16.0644 4888	NlaSvc - ok
17:43:16.0735 4888	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
17:43:16.0743 4888	NMSAccess - ok
17:43:16.0777 4888	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:43:16.0806 4888	Npfs - ok
17:43:16.0819 4888	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:43:16.0862 4888	nsi - ok
17:43:16.0884 4888	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:43:16.0924 4888	nsiproxy - ok
17:43:16.0969 4888	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:43:17.0006 4888	Ntfs - ok
17:43:17.0023 4888	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:43:17.0055 4888	Null - ok
17:43:17.0096 4888	NVHDA           (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
17:43:17.0104 4888	NVHDA - ok
17:43:17.0307 4888	nvlddmkm        (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:43:17.0528 4888	nvlddmkm - ok
17:43:17.0579 4888	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:43:17.0589 4888	nvraid - ok
17:43:17.0613 4888	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:43:17.0623 4888	nvstor - ok
17:43:17.0641 4888	nvsvc           (9d20f4a43b0e0123b1633a05bd1d7113) C:\Windows\system32\nvvsvc.exe
17:43:17.0649 4888	nvsvc - ok
17:43:17.0680 4888	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:43:17.0689 4888	nv_agp - ok
17:43:17.0714 4888	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:43:17.0738 4888	ohci1394 - ok
17:43:17.0767 4888	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:17.0810 4888	p2pimsvc - ok
17:43:17.0828 4888	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:43:17.0843 4888	p2psvc - ok
17:43:17.0887 4888	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:43:17.0900 4888	Parport - ok
17:43:17.0935 4888	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:43:17.0944 4888	partmgr - ok
17:43:17.0958 4888	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:43:17.0989 4888	PcaSvc - ok
17:43:18.0013 4888	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:43:18.0027 4888	pci - ok
17:43:18.0057 4888	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:43:18.0066 4888	pciide - ok
17:43:18.0090 4888	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:43:18.0104 4888	pcmcia - ok
17:43:18.0122 4888	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:43:18.0133 4888	pcw - ok
17:43:18.0153 4888	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:43:18.0201 4888	PEAUTH - ok
17:43:18.0246 4888	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:43:18.0269 4888	PerfHost - ok
17:43:18.0319 4888	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:43:18.0380 4888	pla - ok
17:43:18.0419 4888	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:43:18.0444 4888	PlugPlay - ok
17:43:18.0501 4888	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:43:18.0506 4888	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:43:18.0506 4888	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:43:18.0524 4888	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:43:18.0549 4888	PNRPAutoReg - ok
17:43:18.0573 4888	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:18.0586 4888	PNRPsvc - ok
17:43:18.0613 4888	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:43:18.0662 4888	PolicyAgent - ok
17:43:18.0693 4888	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:43:18.0736 4888	Power - ok
17:43:18.0765 4888	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:43:18.0794 4888	PptpMiniport - ok
17:43:18.0821 4888	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:43:18.0846 4888	Processor - ok
17:43:18.0877 4888	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:43:18.0923 4888	ProfSvc - ok
17:43:18.0949 4888	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:18.0962 4888	ProtectedStorage - ok
17:43:19.0003 4888	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:43:19.0036 4888	Psched - ok
17:43:19.0082 4888	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:43:19.0120 4888	ql2300 - ok
17:43:19.0135 4888	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:43:19.0147 4888	ql40xx - ok
17:43:19.0170 4888	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:43:19.0189 4888	QWAVE - ok
17:43:19.0202 4888	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:43:19.0230 4888	QWAVEdrv - ok
17:43:19.0249 4888	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:43:19.0291 4888	RasAcd - ok
17:43:19.0322 4888	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:19.0351 4888	RasAgileVpn - ok
17:43:19.0362 4888	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:43:19.0402 4888	RasAuto - ok
17:43:19.0433 4888	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:19.0471 4888	Rasl2tp - ok
17:43:19.0505 4888	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:43:19.0553 4888	RasMan - ok
17:43:19.0591 4888	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:19.0630 4888	RasPppoe - ok
17:43:19.0663 4888	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:43:19.0698 4888	RasSstp - ok
17:43:19.0738 4888	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:43:19.0769 4888	rdbss - ok
17:43:19.0782 4888	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:43:19.0802 4888	rdpbus - ok
17:43:19.0825 4888	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:19.0854 4888	RDPCDD - ok
17:43:19.0867 4888	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:43:19.0911 4888	RDPENCDD - ok
17:43:19.0938 4888	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:43:19.0968 4888	RDPREFMP - ok
17:43:20.0008 4888	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:43:20.0026 4888	RDPWD - ok
17:43:20.0061 4888	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:43:20.0072 4888	rdyboost - ok
17:43:20.0104 4888	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:43:20.0148 4888	RemoteAccess - ok
17:43:20.0172 4888	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:43:20.0217 4888	RemoteRegistry - ok
17:43:20.0254 4888	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:43:20.0285 4888	RpcEptMapper - ok
17:43:20.0293 4888	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:43:20.0317 4888	RpcLocator - ok
17:43:20.0342 4888	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:43:20.0374 4888	RpcSs - ok
17:43:20.0392 4888	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:43:20.0422 4888	rspndr - ok
17:43:20.0471 4888	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:43:20.0483 4888	RTL8167 - ok
17:43:20.0564 4888	s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
17:43:20.0593 4888	s0016bus - ok
17:43:20.0670 4888	s1029bus        (68f717bc57b0fe12011eb9517c97f78d) C:\Windows\system32\DRIVERS\s1029bus.sys
17:43:20.0678 4888	s1029bus - ok
17:43:20.0685 4888	s1029mdfl       (fcfafa529f4fa27b02fce1e52a84922e) C:\Windows\system32\DRIVERS\s1029mdfl.sys
17:43:20.0691 4888	s1029mdfl - ok
17:43:20.0719 4888	s1029mdm        (35bd0866eb422ab2d7c8f0ddcc67bf7c) C:\Windows\system32\DRIVERS\s1029mdm.sys
17:43:20.0727 4888	s1029mdm - ok
17:43:20.0735 4888	s1029mgmt       (e0fd4f4f42b76e910cc4295c97aa30ba) C:\Windows\system32\DRIVERS\s1029mgmt.sys
17:43:20.0744 4888	s1029mgmt - ok
17:43:20.0772 4888	s1029nd5        (90276f1d842eb96f82510e73fdb792ad) C:\Windows\system32\DRIVERS\s1029nd5.sys
17:43:20.0779 4888	s1029nd5 - ok
17:43:20.0787 4888	s1029obex       (128ed45223fab846e8436a2f2baebb55) C:\Windows\system32\DRIVERS\s1029obex.sys
17:43:20.0795 4888	s1029obex - ok
17:43:20.0804 4888	s1029unic       (400fc5591586a1dfecf7a0cfaa6b0d68) C:\Windows\system32\DRIVERS\s1029unic.sys
17:43:20.0813 4888	s1029unic - ok
17:43:20.0846 4888	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:20.0855 4888	SamSs - ok
17:43:20.0886 4888	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:43:20.0895 4888	sbp2port - ok
17:43:20.0934 4888	ScanUSBEMPIA    (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
17:43:20.0958 4888	ScanUSBEMPIA - ok
17:43:20.0992 4888	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:43:21.0032 4888	SCardSvr - ok
17:43:21.0064 4888	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:43:21.0094 4888	scfilter - ok
17:43:21.0135 4888	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:43:21.0184 4888	Schedule - ok
17:43:21.0207 4888	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:43:21.0238 4888	SCPolicySvc - ok
17:43:21.0267 4888	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:43:21.0313 4888	SDRSVC - ok
17:43:21.0329 4888	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:43:21.0372 4888	secdrv - ok
17:43:21.0398 4888	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:43:21.0443 4888	seclogon - ok
17:43:21.0461 4888	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:43:21.0492 4888	SENS - ok
17:43:21.0505 4888	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:43:21.0520 4888	SensrSvc - ok
17:43:21.0563 4888	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:43:21.0572 4888	Serenum - ok
17:43:21.0585 4888	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:43:21.0610 4888	Serial - ok
17:43:21.0646 4888	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:43:21.0656 4888	sermouse - ok
17:43:21.0690 4888	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:43:21.0737 4888	SessionEnv - ok
17:43:21.0761 4888	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:43:21.0800 4888	sffdisk - ok
17:43:21.0813 4888	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:43:21.0833 4888	sffp_mmc - ok
17:43:21.0839 4888	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:43:21.0856 4888	sffp_sd - ok
17:43:21.0882 4888	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:43:21.0901 4888	sfloppy - ok
17:43:21.0925 4888	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:43:21.0963 4888	SharedAccess - ok
17:43:21.0996 4888	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:43:22.0030 4888	ShellHWDetection - ok
17:43:22.0049 4888	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:43:22.0058 4888	SiSRaid2 - ok
17:43:22.0067 4888	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:43:22.0076 4888	SiSRaid4 - ok
17:43:22.0109 4888	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:43:22.0139 4888	Smb - ok
17:43:22.0170 4888	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:43:22.0182 4888	SNMPTRAP - ok
17:43:22.0197 4888	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:43:22.0205 4888	spldr - ok
17:43:22.0233 4888	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:43:22.0266 4888	Spooler - ok
17:43:22.0340 4888	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:43:22.0413 4888	sppsvc - ok
17:43:22.0430 4888	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:43:22.0470 4888	sppuinotify - ok
17:43:22.0509 4888	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:43:22.0530 4888	srv - ok
17:43:22.0552 4888	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:43:22.0575 4888	srv2 - ok
17:43:22.0596 4888	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:43:22.0622 4888	srvnet - ok
17:43:22.0642 4888	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:43:22.0673 4888	SSDPSRV - ok
17:43:22.0688 4888	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:43:22.0718 4888	SstpSvc - ok
17:43:22.0765 4888	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
17:43:22.0785 4888	StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:43:22.0785 4888	StarOpen - detected UnsignedFile.Multi.Generic (1)
17:43:22.0872 4888	Stereo Service  (bad795e567a323481813c88db8bc8fdf) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:43:22.0880 4888	Stereo Service - ok
17:43:22.0898 4888	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:43:22.0906 4888	stexstor - ok
17:43:22.0948 4888	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:43:22.0970 4888	stisvc - ok
17:43:23.0003 4888	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:43:23.0011 4888	swenum - ok
17:43:23.0038 4888	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:43:23.0086 4888	swprv - ok
17:43:23.0137 4888	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:43:23.0185 4888	SysMain - ok
17:43:23.0213 4888	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:43:23.0239 4888	TabletInputService - ok
17:43:23.0259 4888	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:43:23.0303 4888	TapiSrv - ok
17:43:23.0320 4888	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:43:23.0350 4888	TBS - ok
17:43:23.0409 4888	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:43:23.0447 4888	Tcpip - ok
17:43:23.0487 4888	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:43:23.0517 4888	TCPIP6 - ok
17:43:23.0552 4888	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:43:23.0594 4888	tcpipreg - ok
17:43:23.0624 4888	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:43:23.0633 4888	TDPIPE - ok
17:43:23.0662 4888	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:43:23.0686 4888	TDTCP - ok
17:43:23.0725 4888	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:43:23.0764 4888	tdx - ok
17:43:23.0789 4888	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:43:23.0797 4888	TermDD - ok
17:43:23.0818 4888	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:43:23.0870 4888	TermService - ok
17:43:23.0893 4888	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:43:23.0924 4888	Themes - ok
17:43:23.0953 4888	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:43:23.0982 4888	THREADORDER - ok
17:43:24.0009 4888	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:43:24.0057 4888	TrkWks - ok
17:43:24.0100 4888	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:43:24.0138 4888	TrustedInstaller - ok
17:43:24.0165 4888	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:43:24.0193 4888	tssecsrv - ok
17:43:24.0223 4888	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:43:24.0253 4888	TsUsbFlt - ok
17:43:24.0305 4888	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:43:24.0349 4888	tunnel - ok
17:43:24.0373 4888	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:43:24.0382 4888	uagp35 - ok
17:43:24.0410 4888	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:43:24.0455 4888	udfs - ok
17:43:24.0467 4888	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:43:24.0479 4888	UI0Detect - ok
17:43:24.0505 4888	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:43:24.0513 4888	uliagpkx - ok
17:43:24.0546 4888	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:43:24.0557 4888	umbus - ok
17:43:24.0573 4888	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:43:24.0584 4888	UmPass - ok
17:43:24.0607 4888	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:43:24.0656 4888	upnphost - ok
17:43:24.0695 4888	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:43:24.0714 4888	usbaudio - ok
17:43:24.0727 4888	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:43:24.0758 4888	usbccgp - ok
17:43:24.0800 4888	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:43:24.0816 4888	usbcir - ok
17:43:24.0833 4888	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:43:24.0854 4888	usbehci - ok
17:43:24.0898 4888	usbfilter       (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
17:43:24.0904 4888	usbfilter - ok
17:43:24.0939 4888	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:43:24.0970 4888	usbhub - ok
17:43:24.0992 4888	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:43:25.0014 4888	usbohci - ok
17:43:25.0049 4888	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:43:25.0070 4888	usbprint - ok
17:43:25.0111 4888	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:43:25.0123 4888	usbscan - ok
17:43:25.0148 4888	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:43:25.0180 4888	USBSTOR - ok
17:43:25.0198 4888	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:43:25.0217 4888	usbuhci - ok
17:43:25.0249 4888	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:43:25.0293 4888	UxSms - ok
17:43:25.0333 4888	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:25.0342 4888	VaultSvc - ok
17:43:25.0362 4888	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:43:25.0373 4888	vdrvroot - ok
17:43:25.0412 4888	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:43:25.0455 4888	vds - ok
17:43:25.0472 4888	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:43:25.0484 4888	vga - ok
17:43:25.0503 4888	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:43:25.0543 4888	VgaSave - ok
17:43:25.0565 4888	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:43:25.0577 4888	vhdmp - ok
17:43:25.0599 4888	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:43:25.0607 4888	viaide - ok
17:43:25.0620 4888	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:43:25.0629 4888	volmgr - ok
17:43:25.0654 4888	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:43:25.0668 4888	volmgrx - ok
17:43:25.0683 4888	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:43:25.0695 4888	volsnap - ok
17:43:25.0716 4888	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:43:25.0726 4888	vsmraid - ok
17:43:25.0775 4888	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:43:25.0830 4888	VSS - ok
17:43:25.0848 4888	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:43:25.0868 4888	vwifibus - ok
17:43:25.0891 4888	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:43:25.0925 4888	W32Time - ok
17:43:25.0938 4888	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:43:25.0960 4888	WacomPen - ok
17:43:25.0977 4888	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:43:26.0005 4888	WANARP - ok
17:43:26.0008 4888	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:43:26.0035 4888	Wanarpv6 - ok
17:43:26.0176 4888	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:43:26.0204 4888	WatAdminSvc - ok
17:43:26.0247 4888	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:43:26.0290 4888	wbengine - ok
17:43:26.0316 4888	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:43:26.0332 4888	WbioSrvc - ok
17:43:26.0351 4888	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:43:26.0384 4888	wcncsvc - ok
17:43:26.0390 4888	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:43:26.0413 4888	WcsPlugInService - ok
17:43:26.0430 4888	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:43:26.0439 4888	Wd - ok
17:43:26.0461 4888	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:43:26.0479 4888	Wdf01000 - ok
17:43:26.0495 4888	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:43:26.0554 4888	WdiServiceHost - ok
17:43:26.0557 4888	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:43:26.0572 4888	WdiSystemHost - ok
17:43:26.0608 4888	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:43:26.0638 4888	WebClient - ok
17:43:26.0646 4888	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:43:26.0687 4888	Wecsvc - ok
17:43:26.0711 4888	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:43:26.0758 4888	wercplsupport - ok
17:43:26.0814 4888	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:43:26.0854 4888	WerSvc - ok
17:43:26.0873 4888	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:43:26.0901 4888	WfpLwf - ok
17:43:26.0917 4888	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:43:26.0925 4888	WIMMount - ok
17:43:26.0948 4888	WinDefend - ok
17:43:26.0954 4888	WinHttpAutoProxySvc - ok
17:43:26.0996 4888	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:43:27.0027 4888	Winmgmt - ok
17:43:27.0081 4888	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:43:27.0135 4888	WinRM - ok
17:43:27.0175 4888	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:43:27.0198 4888	WinUsb - ok
17:43:27.0231 4888	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:43:27.0265 4888	Wlansvc - ok
17:43:27.0303 4888	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:43:27.0314 4888	WmiAcpi - ok
17:43:27.0336 4888	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:43:27.0364 4888	wmiApSrv - ok
17:43:27.0391 4888	WMPNetworkSvc - ok
17:43:27.0420 4888	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:43:27.0440 4888	WPCSvc - ok
17:43:27.0470 4888	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:43:27.0483 4888	WPDBusEnum - ok
17:43:27.0492 4888	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:43:27.0536 4888	ws2ifsl - ok
17:43:27.0552 4888	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:43:27.0581 4888	wscsvc - ok
17:43:27.0587 4888	WSearch - ok
17:43:27.0640 4888	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:43:27.0708 4888	wuauserv - ok
17:43:27.0743 4888	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:43:27.0771 4888	WudfPf - ok
17:43:27.0801 4888	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:43:27.0845 4888	WUDFRd - ok
17:43:27.0878 4888	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:43:27.0907 4888	wudfsvc - ok
17:43:27.0925 4888	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:43:27.0955 4888	WwanSvc - ok
17:43:28.0008 4888	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:43:28.0099 4888	\Device\Harddisk0\DR0 - ok
17:43:28.0102 4888	Boot (0x1200)   (7112c294c96c9ce0c5fbbb45dd64624a) \Device\Harddisk0\DR0\Partition0
17:43:28.0103 4888	\Device\Harddisk0\DR0\Partition0 - ok
17:43:28.0132 4888	Boot (0x1200)   (e663cdf163cda29cd1f158d727afe038) \Device\Harddisk0\DR0\Partition1
17:43:28.0133 4888	\Device\Harddisk0\DR0\Partition1 - ok
17:43:28.0155 4888	Boot (0x1200)   (09022e3159cefb407e35149eab6dd751) \Device\Harddisk0\DR0\Partition2
17:43:28.0156 4888	\Device\Harddisk0\DR0\Partition2 - ok
17:43:28.0157 4888	============================================================
17:43:28.0157 4888	Scan finished
17:43:28.0157 4888	============================================================
17:43:28.0167 4380	Detected object count: 7
17:43:28.0167 4380	Actual detected object count: 7
17:43:35.0578 4380	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0578 4380	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0580 4380	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0580 4380	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0581 4380	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0581 4380	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0583 4380	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0583 4380	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0584 4380	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0585 4380	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0586 4380	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0586 4380	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:43:35.0588 4380	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0588 4380	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 26.03.2012, 19:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2012, 00:47   #15
Ravenlord=O
 
BKA Virus "Betriebssystem gesperrt" - Standard

BKA Virus "Betriebssystem gesperrt"



Bitteschön:

Code:
ATTFilter
ComboFix 12-03-26.02 - (X) 27.03.2012   0:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4093.2826 [GMT 2:00]
ausgeführt von:: c:\users\(X)\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-26 bis 2012-03-26  ))))))))))))))))))))))))))))))
.
.
2012-03-26 22:30 . 2012-03-26 22:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-26 11:38 . 2012-03-13 19:27	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AE2217D-394F-4DDC-8A97-89648E19A3BA}\mpengine.dll
2012-03-26 11:14 . 2012-03-26 11:14	--------	d-----w-	C:\_OTL
2012-03-24 19:07 . 2012-03-24 19:07	--------	d-----w-	c:\program files (x86)\ESET
2012-03-22 15:28 . 2012-03-22 15:28	--------	d-----w-	c:\users\(X)\AppData\Roaming\Malwarebytes
2012-03-22 15:28 . 2012-03-22 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-22 15:28 . 2012-03-22 15:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 15:28 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-22 14:47 . 2012-03-22 14:47	--------	d-----w-	c:\users\(X)\AppData\Roaming\Avira
2012-03-22 14:41 . 2012-03-22 14:41	--------	d-----w-	c:\programdata\Avira
2012-03-22 14:41 . 2012-03-22 14:41	--------	d-----w-	c:\program files (x86)\Avira
2012-03-22 14:41 . 2012-01-31 07:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-22 14:41 . 2012-01-31 07:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-22 14:41 . 2011-09-16 15:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-16 10:50 . 2012-03-16 10:50	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-16 10:50 . 2012-03-16 10:50	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:02 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 13:02 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:02 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:00 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:00 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:00 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 09:00 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:00 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:00 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:59 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:59 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 17:27 . 2012-03-09 17:27	--------	d-----w-	c:\windows\SysWow64\Wat
2012-03-09 17:27 . 2012-03-09 17:27	--------	d-----w-	c:\windows\system32\Wat
2012-03-06 10:28 . 2012-03-06 10:28	162664	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-04 19:23 . 2012-03-04 19:23	--------	d-----w-	c:\users\(X)\AppData\Roaming\MiKTeX
2012-03-04 19:23 . 2012-03-04 19:23	--------	d-----w-	c:\users\(X)\AppData\Local\MiKTeX
2012-03-04 19:05 . 2012-03-04 19:05	--------	d-----w-	c:\programdata\MiKTeX
2012-03-04 18:47 . 2012-03-04 19:17	--------	d-----w-	c:\users\(X)\AppData\Roaming\benibela
2012-03-04 18:46 . 2012-03-04 18:46	--------	d-----w-	c:\program files (x86)\TexMakerX
2012-03-04 18:43 . 2012-03-04 19:00	--------	d-----w-	c:\program files (x86)\MiKTeX 2.9
2012-03-04 18:40 . 2011-06-10 13:14	15672645	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\TexMakerX\texmakerx21_win32-install.exe
2012-03-04 18:40 . 2011-06-20 13:18	5779456	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\tm\packages\setup-2.9.3959.exe
2012-03-04 18:39 . 2011-06-20 13:18	5779456	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.3959.exe
2012-03-04 18:39 . 2009-11-03 23:00	655872	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll
2012-03-04 18:39 . 2009-11-03 23:00	568832	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll
2012-03-04 18:39 . 2009-11-03 23:00	224768	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll
2012-03-04 18:39 . 2011-06-21 10:16	2042368	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe
2012-03-04 18:39 . 2011-06-21 10:15	2188288	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe
2012-03-04 18:39 . 2011-06-10 13:14	1502208	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe
2012-03-04 18:39 . 2011-06-21 10:14	12592939	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe
2012-03-04 18:39 . 2011-06-21 10:13	12317403	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe
2012-03-04 18:39 . 2011-07-06 15:37	131584	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\Setup.exe
2012-03-04 18:39 . 2009-10-26 08:24	2149888	----a-w-	c:\program files (x86)\Mozilla Firefox\ProTeXt\python26.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 19:27 . 2010-06-27 08:40	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-21 17:15 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-02-21 17:15 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-02-10 10:14 . 2012-02-10 10:15	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{795E9DAC-0F22-43E2-817E-875C8214CF11}\gapaengine.dll
2012-01-31 12:44 . 2010-06-26 08:17	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 13:35	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 13:35	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 13:34	515584	----a-w-	c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 13:34	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 13:34	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2006-05-03 09:06	163328	--sha-w-	c:\windows\SysWOW64\flvDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\(X)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Free YouTube to Mp3 Converter - c:\users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.germansmash.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27  00:38:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-26 22:38
.
Vor Suchlauf: 15 Verzeichnis(se), 74.772.619.264 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 74.149.556.224 Bytes frei
.
- - End Of File - - 7E79439C4C1500228CB6CDA2E9AEF6EC
         

Antwort

Themen zu BKA Virus "Betriebssystem gesperrt"
abgesicherte, abgesicherten, adaware, andere, avira, bereits, betriebssystem, bildschirm, bildschirm weiß, dateisystem, erstellen, fenster, gesperrt, heuristiks/extra, heuristiks/shuriken, heute, konnte, modus, neues, sicherheit, starte, starten, suchfunktion, systemwiederherstellung, thema, virus, wallpaper, würde



Ähnliche Themen: BKA Virus "Betriebssystem gesperrt"


  1. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 04.07.2015 (14)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "Firefox gesperrt" Bundespolizei virus - Win7
    Log-Analyse und Auswertung - 17.11.2013 (19)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Computer wurde gesperrt - "Polizei" Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (15)
  6. Virus "gesperrt durch automatische Informationskontrolle"
    Log-Analyse und Auswertung - 25.11.2012 (6)
  7. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  8. "Windows gesperrt" Virus mit Desktopblockade mit roter Schrift
    Log-Analyse und Auswertung - 31.05.2012 (5)
  9. Virus: "Windows Security Center Achtung! Ihr Computer wurde gesperrt!"
    Log-Analyse und Auswertung - 11.04.2012 (1)
  10. "WIN7" System wurde gesperrt + Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (9)
  11. (2x) 2. VERSUCH - "WIN7" System wurde gesperrt + Skype Virus
    Mülltonne - 12.03.2012 (2)
  12. 50 € "Aus Sicherheitsgründen wurde Ihr System gesperrt"-Virus
    Log-Analyse und Auswertung - 23.02.2012 (10)
  13. Windows gesperrt durch "50 Euro Virus"
    Log-Analyse und Auswertung - 19.02.2012 (28)
  14. Virus? "Achtung! Ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (1)
  15. Virus - Aus Sicherheitsgründen ist Windwos gesperrt, eine "Entsperrung" kostet mich 50 €
    Log-Analyse und Auswertung - 25.01.2012 (7)
  16. Virus/Trojaner "Achtung! Windows wurde aus Sicherheitsgründen gesperrt"
    Log-Analyse und Auswertung - 29.12.2011 (13)
  17. BKA Virus gelöscht / entfernt, aber Desktop immernoch "gesperrt".
    Log-Analyse und Auswertung - 29.11.2011 (26)

Zum Thema BKA Virus "Betriebssystem gesperrt" - Hallo, wie einige andere auch, fiel ich heute auch dem BKA Virus zum Opfer. Wollte mir ein neues Wallpaper holen und dann wurde der Bildschirm weiß und ein Fenster erschien, - BKA Virus "Betriebssystem gesperrt"...
Archiv
Du betrachtest: BKA Virus "Betriebssystem gesperrt" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.