Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.03.2012, 15:42   #1
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Hallo,
ich hab folgendes Problem: Gestern habe ich mir einen Virus gefangen, der meine Verknüpfungen gelöscht (es kommen Fehlermeldungen, dass meine Festplatte zerstört ist). Meine Ordner und mein Laufwerk ist auch leer. Ich habe hier erstmal ein bisschen gelesen und mit Malwarebytes 4 Scans (2 gestern, 2 heute) gemacht. Ich poste hier gleich die drei Logs nach der Reihe. Die Fehlermeldungen sind weg und meine Dateien habe ich mit Unhide wieder sichtbar gemacht. Trotzdem traue ich dem Computer nicht, auch wenn der letzt Scan keine Viren mehr angezeigt hat. Ich hoffe mal ihr könnt mir noch ein paar Tips gegen und noch mal mein System überprüfen.
Hier die Logs von Malwarebytes:

Gestern 1. Scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonas Hanke :: JONASH [Administrator]

26.03.2012 17:34:55
mbam-log-2012-03-25 (17-34-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 693635
Laufzeit: 1 Stunde(n), 34 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Gestern zweiter Scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 8.0.7601.17514
Jonas Hanke :: JONASH [Administrator]

26.03.2012 21:36:55
mbam-log-2012-03-26 (15-36-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 684161
Laufzeit: 1 Stunde(n), 28 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\SystemRestore\FRStaging\Users\Jonas Hanke\Downloads\SoftonicDownloader_fuer_photo-to-sketch.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Heute morgen erster Scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jonas Hanke :: JONASH [Administrator]

27.03.2012 10:55:51
mbam-log-2012-03-26 (18-55-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 726766
Laufzeit: 1 Stunde(n), 28 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$WINDOWS.~Q\DATA\ProgramData\XCMsXSJotCWrp.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der vierte Scan von vorhin ergab zum Glück keine weiteren Viren. Ich hoffe das reicht erstmal an Informationen. Danke schonmal für die Arbeit, die ihr euch macht.
Jonas

Alt 28.03.2012, 14:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 28.03.2012, 18:37   #3
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Hey, danke schomal für die schnelle Antwort. Ich habe beim ersten mal den Scaner gestartet und bei 9 % kam eine Meldung von Avira AntiVir, dass ich einen weiteren Virus habe (hab diesen sofort gelöscht). Der Name ist TR/Kazy.62856.1. Danach habe ich ESET erstmal abgebrochen, dann aber nach kurzer Zeit neugestartet (damit ESET, falls es eine neuinfizierung gäbe, nochmal alle Dateien überprüft). Im zweiten Versuch lief alles gut und nach 3:40 Stunden scanen kam diese Logdatei herraus:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 01:47:02
# local_time=2012-03-28 03:47:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 78627 69473126 76112 0
# compatibility_mode=5893 16776573 100 94 61484 84571113 0 0
# compatibility_mode=8192 67108863 100 0 187 187 0 0
# scanned=15586
# found=0
# cleaned=0
# scan_time=1159
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7810080046c09f46bf30f519d03b1881
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 05:30:18
# local_time=2012-03-28 07:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 79942 69474441 77427 0
# compatibility_mode=5893 16776573 100 94 62799 84572428 0 0
# compatibility_mode=8192 67108863 100 0 1502 1502 0 0
# scanned=406375
# found=0
# cleaned=0
# scan_time=13240
         
__________________

Alt 28.03.2012, 20:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2012, 14:38   #5
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Hier der Inhalt aus der OTL.txt Datei:

Code:
ATTFilter
OTL logfile created on: 29.03.2012 15:21:02 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Jonas Hanke\Desktop
64bit-Windows XP  Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,62% Memory free
15,82 Gb Paging File | 13,75 Gb Available in Paging File | 86,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,72 Gb Total Space | 360,28 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
Drive D: | 7,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JONASH | User Name: Jonas Hanke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
PRC - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.01.30 02:11:17 | 000,327,680 | ---- | M] (Zemi Interactive Inc.) -- C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe
PRC - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.01 13:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.07.14 01:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008.08.08 17:30:40 | 000,532,808 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.27 13:57:43 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
MOD - [2012.03.27 13:55:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll
MOD - [2012.03.27 13:55:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2012.03.26 21:54:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.03.26 21:54:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.03.26 21:54:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.03.26 21:54:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.03.26 21:54:23 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.03.26 21:54:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.03.26 21:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.03.26 21:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.03.26 21:54:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.03.26 21:54:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.03 13:50:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.01 17:34:22 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
MOD - [2008.08.08 17:30:44 | 000,016,712 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.03.27 18:26:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.15 20:33:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.28 17:47:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.25 17:12:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 17:42:58 | 000,763,904 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.27 16:19:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.01.19 18:17:32 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2012.01.19 17:58:11 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.02 13:54:37 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2011.06.28 17:47:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 17:47:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 17:43:22 | 002,702,952 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2011.02.18 17:43:20 | 000,068,712 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2011.02.18 17:43:16 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2011.01.27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.14 13:25:04 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits)
DRV:64bit: - [2010.12.06 15:56:26 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 14:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2010.02.11 19:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.28 02:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.01 21:08:23 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {593DD466-8269-45F1-8534-5E1E2405540A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{593DD466-8269-45F1-8534-5E1E2405540A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3401B925-3912-4D57-9048-E78033D8156B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3401B925-3912-4D57-9048-E78033D8156B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
 
 
 
 
 
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonas Hanke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012.03.25 21:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.03.25 21:52:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDEC6066-9D9D-4130-AE95-87B8EDC0F449}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.iac2 -  File not found
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.iv31 -  File not found
Drivers32:64bit: vidc.iv32 -  File not found
Drivers32:64bit: vidc.iv41 -  File not found
Drivers32:64bit: vidc.iv50 -  File not found
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 15:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.27 17:33:47 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.27 17:33:47 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.26 18:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.26 18:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.03.26 18:32:29 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe
[2012.03.26 17:40:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
[2012.03.26 15:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.26 15:36:38 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.03.25 22:48:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.03.25 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.03.25 22:17:08 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2012.03.25 21:57:24 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2012.03.25 21:37:42 | 000,000,000 | --SD | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Videos
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Saved Games
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Pictures
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Music
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Links
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Favorites
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Downloads
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Documents
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\Desktop
[2012.03.25 21:37:42 | 000,000,000 | R--D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Vorlagen
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Verlauf
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Temporary Internet Files
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Startmenü
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\SendTo
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Recent
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Netzwerkumgebung
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Lokale Einstellungen
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Videos
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Musik
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Eigene Dateien
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Documents\Eigene Bilder
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Druckumgebung
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Cookies
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\AppData\Local\Anwendungsdaten
[2012.03.25 21:37:42 | 000,000,000 | -HSD | C] -- C:\Users\Jonas Hanke\Anwendungsdaten
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Temp
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\Microsoft
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs
[2012.03.25 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData
[2012.03.25 21:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.03.25 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.03.25 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.03.25 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.03.25 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.03.25 21:33:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.03.25 17:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes
[2012.03.25 17:33:57 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.25 17:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.25 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.25 17:33:32 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.18 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\GeneChro
[2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Documents\Arduino
[2012.03.17 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.17 19:12:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\arduino-1.0
[2012.03.17 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\FTDI
[2012.03.15 21:49:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\Desktop\Spiel
[2012.03.11 17:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eligium
[2012.03.11 17:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eligium
[2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.11 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eligium_0_90_1_en
[2012.03.07 19:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixLin
[2012.03.06 16:36:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.03 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas Hanke\AppData\Local\PAYDAY
[2012.03.03 00:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.02.29 16:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2012.02.29 16:28:58 | 000,000,000 | ---D | C] -- C:\BrickForce
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 15:22:26 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 15:22:17 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.29 15:22:17 | 000,698,046 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.29 15:22:17 | 000,652,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.29 15:22:17 | 000,148,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.29 15:22:17 | 000,121,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.29 15:19:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas Hanke\Desktop\OTL.exe
[2012.03.29 15:15:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.29 15:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.29 15:14:13 | 2074,394,623 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 06:55:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.27 19:07:08 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.27 18:26:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.26 21:47:57 | 000,342,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.26 21:34:33 | 001,593,026 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.26 20:07:17 | 000,001,090 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk
[2012.03.26 18:47:01 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.03.26 18:32:31 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jonas Hanke\Desktop\unhide.exe
[2012.03.26 17:08:57 | 000,022,213 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err
[2012.03.26 15:36:39 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.26 06:51:07 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012.03.25 23:00:57 | 000,626,149 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err
[2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.03.25 22:43:34 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.03.25 22:35:08 | 000,022,960 | -H-- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012.03.25 21:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.03.25 21:35:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.25 20:26:45 | 000,004,562 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.03.25 17:30:32 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jonas Hanke\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.22 23:41:36 | 000,499,284 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png
[2012.03.20 23:59:29 | 000,001,475 | ---- | M] () -- C:\Users\Jonas Hanke\.recently-used.xbel
[2012.03.20 19:06:42 | 003,892,467 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv
[2012.03.20 16:53:50 | 001,022,644 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv
[2012.03.18 22:44:11 | 679,171,242 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.17 19:18:31 | 001,256,512 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip
[2012.03.17 18:05:16 | 001,365,803 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip
[2012.03.17 17:49:17 | 090,223,398 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip
[2012.03.17 14:31:42 | 000,000,786 | ---- | M] () -- C:\Windows\ST5UNST.005
[2012.03.16 20:54:22 | 000,005,324 | ---- | M] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png
[2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 22:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.02.28 17:40:59 | 000,014,554 | ---- | M] () -- C:\Users\Jonas Hanke\Desktop\Snake_Jonas.jar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.27 18:26:13 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2012.03.26 20:07:17 | 000,001,090 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Bilder - Verknüpfung.lnk
[2012.03.26 15:36:39 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.26 06:51:07 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012.03.25 22:56:35 | 001,593,026 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.25 22:54:51 | 000,001,419 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.03.25 22:54:43 | 000,001,453 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.25 22:44:43 | 2074,394,623 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.25 22:35:08 | 000,022,960 | -H-- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.03.25 21:37:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.25 21:37:23 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012.03.25 21:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.03.25 21:35:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.25 20:26:46 | 000,004,562 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.03.22 23:53:53 | 000,499,284 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\News_Geleitwort_20.3.12.png
[2012.03.22 22:59:24 | 003,892,467 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Aufgabe 2.2.2.wmv
[2012.03.22 22:59:24 | 001,022,644 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\Microcontroller_Video.wmv
[2012.03.20 23:59:29 | 000,001,475 | ---- | C] () -- C:\Users\Jonas Hanke\.recently-used.xbel
[2012.03.17 19:18:31 | 001,256,512 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\CDM20814_WHQL_Certified.zip
[2012.03.17 18:05:16 | 001,365,803 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_usb_treiber_windows.zip
[2012.03.17 17:46:24 | 090,223,398 | ---- | C] () -- C:\Users\Jonas Hanke\Desktop\ILC2012_arduino_software_windows.zip
[2012.03.17 14:31:37 | 000,000,786 | ---- | C] () -- C:\Windows\ST5UNST.005
[2012.03.16 20:54:21 | 000,005,324 | ---- | C] () -- C:\Users\Jonas Hanke\Documents\Antibiotika.png
[2012.03.07 19:23:29 | 000,001,037 | ---- | C] () -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PixLin.LNK
[2011.12.28 21:31:08 | 000,000,338 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.10.22 14:34:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.09 17:48:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.26 19:03:14 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.26 19:03:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.14 17:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2011.08.14 17:38:50 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2011.08.14 17:38:50 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2011.08.14 17:38:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2011.08.14 17:38:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2011.08.14 17:38:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2011.08.02 20:57:03 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.08.02 20:53:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.07.02 15:24:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.07.01 21:08:23 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2011.06.28 19:34:15 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.25 17:13:03 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.06.25 17:13:03 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.06.25 17:13:01 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.06.25 17:13:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.06.25 17:08:19 | 000,000,101 | ---- | C] () -- C:\Windows\OEM.ini
[2011.06.25 17:08:19 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2011.06.25 16:57:15 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.25 16:57:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.25 16:57:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.25 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\Detlev Hanke\AppData\Roaming\Protector Suite
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla
[2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft
[2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity
[2012.03.25 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\.minecraft
[2011.12.03 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Clonk Rage
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Cornelsen
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Dev-Cpp
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoft
[2012.03.25 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Notepad++
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\ProtectDisc
[2012.03.25 22:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Protector Suite
[2012.03.25 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Jonas Schule\AppData\Roaming\Ubisoft
[2009.07.14 07:08:49 | 000,006,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\.minecraft
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Adobe
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Arduino
[2012.03.25 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Avira
[2012.03.25 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Clonk Rage
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Corel
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Cornelsen
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DAEMON Tools Lite
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Dev-Cpp
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FileZilla
[2012.03.11 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\FOG Downloader
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\gtk-2.0
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Identities
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\InstallShield
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Intel Corporation
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\LolClient
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Macromedia
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Media Center Programs
[2012.03.25 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.03.25 22:34:19 | 000,000,000 | --SD | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Microsoft
[2012.03.25 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NationRed
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Nero
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Notepad++
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\NVIDIA
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\ProtectDisc
[2012.03.25 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Protector Suite
[2012.03.29 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Skype
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\The Creative Assembly
[2012.03.25 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Ubisoft
[2012.03.25 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jonas Hanke\AppData\Roaming\Unity
 
< %APPDATA%\*.exe /s >
[2012.03.06 16:36:36 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Jonas Hanke\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\System Volume Information\SystemRestore\FRStaging\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
[2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.12.16 09:52:04 | 010,992,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk

< End of report >
         


Alt 29.03.2012, 15:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-103105947-377076809-4053833937-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
@Alternate Data Stream - 1810 bytes -> C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk
:Files
C:\Program Files (x86)\Mein Gutscheincode Finder
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden

Alt 29.03.2012, 15:26   #7
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Fix ausgeführt, lief alles ohne Probleme ab. Der Inhalt der Logdatei:
Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XCMsXSJotCWrp.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-103105947-377076809-4053833937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableClock deleted successfully.
ADS C:\Users\Jonas Hanke\Desktop\Empire: Total War.lnk deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Mein Gutscheincode Finder not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Detlev Hanke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 707 bytes
 
User: Jonas Hanke
->Temp folder emptied: 7078751 bytes
->Temporary Internet Files folder emptied: 235389872 bytes
->Java cache emptied: 24760036 bytes
->Flash cache emptied: 1296 bytes
 
User: Jonas Schule
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 3836645 bytes
->Flash cache emptied: 10631 bytes
 
User: Public
 
User: TEMP
 
User: TEMP.JonasH
 
User: TEMP.JonasH.000
 
User: TEMP.JonasH.001
 
User: TEMP.JonasH.002
 
User: TEMP.JonasH.003
 
User: TEMP.JonasH.004
 
User: TEMP.JonasH.005
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43497731 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 593920 bytes
 
Total Files Cleaned = 301,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Detlev Hanke
->Flash cache emptied: 0 bytes
 
User: Jonas Hanke
->Flash cache emptied: 0 bytes
 
User: Jonas Schule
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
 
User: TEMP.JonasH
 
User: TEMP.JonasH.000
 
User: TEMP.JonasH.001
 
User: TEMP.JonasH.002
 
User: TEMP.JonasH.003
 
User: TEMP.JonasH.004
 
User: TEMP.JonasH.005
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161954

Files\Folders moved on Reboot...
C:\Users\Jonas Hanke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 29.03.2012, 15:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2012, 16:22   #9
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Danke nochmal für die schnelle Antworten. Das Scan von dem TDSSKillder ist ohne probleme abgelaufen. Hier der Log:
Code:
ATTFilter
17:15:32.0827 1680	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:15:32.0921 1680	============================================================
17:15:32.0921 1680	Current date / time: 2012/03/29 17:15:32.0921
17:15:32.0921 1680	SystemInfo:
17:15:32.0921 1680	
17:15:32.0921 1680	OS Version: 6.1.7601 ServicePack: 1.0
17:15:32.0921 1680	Product type: Workstation
17:15:32.0921 1680	ComputerName: JONASH
17:15:32.0921 1680	UserName: Jonas Hanke
17:15:32.0921 1680	Windows directory: C:\Windows
17:15:32.0921 1680	System windows directory: C:\Windows
17:15:32.0921 1680	Running under WOW64
17:15:32.0921 1680	Processor architecture: Intel x64
17:15:32.0921 1680	Number of processors: 4
17:15:32.0921 1680	Page size: 0x1000
17:15:32.0921 1680	Boot type: Normal boot
17:15:32.0921 1680	============================================================
17:15:33.0498 1680	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:33.0592 1680	\Device\Harddisk0\DR0:
17:15:33.0592 1680	MBR used
17:15:33.0592 1680	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFA0800, BlocksNum 0x32000
17:15:33.0592 1680	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD2800, BlocksNum 0x56573000
17:15:33.0654 1680	Initialize success
17:15:33.0654 1680	============================================================
17:16:32.0593 5416	============================================================
17:16:32.0593 5416	Scan started
17:16:32.0593 5416	Mode: Manual; SigCheck; TDLFS; 
17:16:32.0593 5416	============================================================
17:16:33.0638 5416	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:16:33.0716 5416	1394ohci - ok
17:16:34.0106 5416	acedrv07        (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
17:16:34.0138 5416	acedrv07 ( UnsignedFile.Multi.Generic ) - warning
17:16:34.0138 5416	acedrv07 - detected UnsignedFile.Multi.Generic (1)
17:16:34.0481 5416	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:16:34.0512 5416	ACPI - ok
17:16:34.0855 5416	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:16:34.0902 5416	AcpiPmi - ok
17:16:35.0105 5416	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:16:35.0120 5416	AdobeARMservice - ok
17:16:35.0510 5416	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:16:35.0542 5416	adp94xx - ok
17:16:35.0916 5416	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:16:35.0947 5416	adpahci - ok
17:16:36.0337 5416	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:16:36.0368 5416	adpu320 - ok
17:16:36.0665 5416	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:16:36.0712 5416	AeLookupSvc - ok
17:16:37.0148 5416	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:16:37.0195 5416	AFD - ok
17:16:37.0538 5416	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:16:37.0554 5416	agp440 - ok
17:16:37.0975 5416	Ak27x64         (99bcfb8c4009e749fda3a8d23d2e5c93) C:\Windows\system32\DRIVERS\Ak27x64.sys
17:16:38.0022 5416	Ak27x64 - ok
17:16:38.0303 5416	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:38.0350 5416	ALG - ok
17:16:38.0740 5416	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:16:38.0755 5416	aliide - ok
17:16:39.0098 5416	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:16:39.0130 5416	amdide - ok
17:16:39.0473 5416	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:16:39.0520 5416	AmdK8 - ok
17:16:39.0910 5416	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:16:39.0941 5416	AmdPPM - ok
17:16:40.0331 5416	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:16:40.0362 5416	amdsata - ok
17:16:40.0736 5416	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:16:40.0768 5416	amdsbs - ok
17:16:41.0095 5416	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:16:41.0126 5416	amdxata - ok
17:16:41.0345 5416	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:16:41.0376 5416	AntiVirSchedulerService - ok
17:16:41.0392 5416	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:16:41.0407 5416	AntiVirService - ok
17:16:41.0797 5416	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:16:41.0875 5416	AppID - ok
17:16:42.0296 5416	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:42.0359 5416	AppIDSvc - ok
17:16:42.0686 5416	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:16:42.0764 5416	Appinfo - ok
17:16:43.0108 5416	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:16:43.0170 5416	AppMgmt - ok
17:16:43.0560 5416	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:16:43.0576 5416	arc - ok
17:16:43.0934 5416	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:16:43.0950 5416	arcsas - ok
17:16:44.0293 5416	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:16:44.0309 5416	aspnet_state - ok
17:16:44.0699 5416	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:44.0792 5416	AsyncMac - ok
17:16:45.0214 5416	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:16:45.0229 5416	atapi - ok
17:16:45.0557 5416	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0635 5416	AudioEndpointBuilder - ok
17:16:45.0650 5416	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:45.0682 5416	AudioSrv - ok
17:16:46.0040 5416	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:16:46.0072 5416	avgntflt - ok
17:16:46.0399 5416	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:16:46.0430 5416	avipbb - ok
17:16:46.0711 5416	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:16:46.0758 5416	AxInstSV - ok
17:16:47.0195 5416	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:16:47.0226 5416	b06bdrv - ok
17:16:47.0616 5416	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:47.0663 5416	b57nd60a - ok
17:16:47.0944 5416	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:47.0990 5416	BDESVC - ok
17:16:48.0365 5416	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:48.0412 5416	Beep - ok
17:16:48.0755 5416	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:16:48.0833 5416	BFE - ok
17:16:49.0223 5416	BfLwf           (6b6ee63887bab99a745d7e3358bc8b20) C:\Windows\system32\DRIVERS\bflwfx64.sys
17:16:49.0238 5416	BfLwf - ok
17:16:49.0582 5416	BFN7x64         (851bfc266ac6424f44f7dfb05de4d803) C:\Windows\system32\drivers\Xeno7x64.sys
17:16:49.0597 5416	BFN7x64 - ok
17:16:49.0706 5416	Bigfoot Networks Killer Service (c08c3a1a45846891b5a97301d179db40) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
17:16:49.0738 5416	Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - warning
17:16:49.0738 5416	Bigfoot Networks Killer Service - detected UnsignedFile.Multi.Generic (1)
17:16:50.0050 5416	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:16:50.0128 5416	BITS - ok
17:16:50.0502 5416	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:50.0533 5416	blbdrive - ok
17:16:50.0908 5416	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:16:50.0939 5416	bowser - ok
17:16:51.0298 5416	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:16:51.0344 5416	BrFiltLo - ok
17:16:51.0703 5416	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:16:51.0734 5416	BrFiltUp - ok
17:16:52.0015 5416	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:16:52.0109 5416	Browser - ok
17:16:52.0514 5416	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:52.0546 5416	Brserid - ok
17:16:52.0920 5416	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:52.0967 5416	BrSerWdm - ok
17:16:53.0341 5416	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:53.0372 5416	BrUsbMdm - ok
17:16:53.0747 5416	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:53.0778 5416	BrUsbSer - ok
17:16:54.0152 5416	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:16:54.0184 5416	BTHMODEM - ok
17:16:54.0464 5416	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:54.0527 5416	bthserv - ok
17:16:54.0886 5416	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:54.0948 5416	cdfs - ok
17:16:55.0322 5416	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:55.0354 5416	cdrom - ok
17:16:55.0650 5416	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:55.0712 5416	CertPropSvc - ok
17:16:56.0102 5416	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:16:56.0134 5416	circlass - ok
17:16:56.0461 5416	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:56.0492 5416	CLFS - ok
17:16:56.0758 5416	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:56.0789 5416	clr_optimization_v2.0.50727_32 - ok
17:16:56.0898 5416	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:56.0929 5416	clr_optimization_v2.0.50727_64 - ok
17:16:57.0163 5416	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:57.0179 5416	clr_optimization_v4.0.30319_32 - ok
17:16:57.0522 5416	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:57.0538 5416	clr_optimization_v4.0.30319_64 - ok
17:16:57.0896 5416	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:57.0928 5416	CmBatt - ok
17:16:58.0271 5416	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:16:58.0302 5416	cmdide - ok
17:16:58.0645 5416	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:16:58.0692 5416	CNG - ok
17:16:59.0020 5416	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:59.0051 5416	Compbatt - ok
17:16:59.0394 5416	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:16:59.0441 5416	CompositeBus - ok
17:16:59.0690 5416	COMSysApp - ok
17:17:00.0065 5416	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:17:00.0080 5416	crcdisk - ok
17:17:00.0361 5416	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:17:00.0455 5416	CryptSvc - ok
17:17:00.0845 5416	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:17:00.0923 5416	CSC - ok
17:17:01.0219 5416	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:17:01.0282 5416	CscService - ok
17:17:01.0594 5416	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:01.0656 5416	DcomLaunch - ok
17:17:01.0952 5416	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:17:02.0030 5416	defragsvc - ok
17:17:02.0405 5416	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:17:02.0452 5416	DfsC - ok
17:17:02.0748 5416	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:17:02.0842 5416	Dhcp - ok
17:17:03.0185 5416	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:17:03.0232 5416	discache - ok
17:17:03.0622 5416	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:17:03.0637 5416	Disk - ok
17:17:03.0996 5416	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:17:04.0043 5416	dmvsc - ok
17:17:04.0308 5416	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:17:04.0370 5416	Dnscache - ok
17:17:04.0651 5416	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:17:04.0745 5416	dot3svc - ok
17:17:05.0026 5416	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:17:05.0104 5416	DPS - ok
17:17:05.0478 5416	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:17:05.0525 5416	drmkaud - ok
17:17:05.0899 5416	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:05.0930 5416	dtsoftbus01 - ok
17:17:06.0289 5416	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:06.0320 5416	DXGKrnl - ok
17:17:06.0601 5416	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:17:06.0679 5416	EapHost - ok
17:17:07.0132 5416	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:17:07.0288 5416	ebdrv - ok
17:17:07.0568 5416	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:17:07.0615 5416	EFS - ok
17:17:07.0787 5416	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:17:07.0849 5416	ehRecvr - ok
17:17:07.0865 5416	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:17:07.0880 5416	ehSched - ok
17:17:08.0208 5416	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:17:08.0239 5416	elxstor - ok
17:17:08.0614 5416	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:17:08.0645 5416	ErrDev - ok
17:17:08.0941 5416	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:17:09.0004 5416	EventSystem - ok
17:17:09.0409 5416	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:17:09.0472 5416	exfat - ok
17:17:09.0830 5416	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:17:09.0893 5416	fastfat - ok
17:17:10.0205 5416	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:17:10.0252 5416	Fax - ok
17:17:10.0610 5416	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:17:10.0657 5416	fdc - ok
17:17:10.0907 5416	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:17:10.0985 5416	fdPHost - ok
17:17:11.0281 5416	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:17:11.0344 5416	FDResPub - ok
17:17:11.0702 5416	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:17:11.0718 5416	FileInfo - ok
17:17:12.0061 5416	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:17:12.0124 5416	Filetrace - ok
17:17:12.0342 5416	FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:12.0389 5416	FLEXnet Licensing Service - ok
17:17:12.0732 5416	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:17:12.0763 5416	flpydisk - ok
17:17:13.0106 5416	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:17:13.0138 5416	FltMgr - ok
17:17:13.0418 5416	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:17:13.0528 5416	FontCache - ok
17:17:13.0715 5416	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:13.0715 5416	FontCache3.0.0.0 - ok
17:17:13.0980 5416	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:17:13.0996 5416	FsDepends - ok
17:17:14.0354 5416	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:14.0370 5416	Fs_Rec - ok
17:17:14.0744 5416	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:17:14.0776 5416	fvevol - ok
17:17:15.0134 5416	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:17:15.0150 5416	gagp30kx - ok
17:17:15.0446 5416	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:17:15.0493 5416	gpsvc - ok
17:17:15.0665 5416	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0696 5416	gupdate - ok
17:17:15.0696 5416	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:15.0712 5416	gupdatem - ok
17:17:16.0039 5416	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:17:16.0055 5416	hamachi - ok
17:17:16.0258 5416	Hamachi2Svc     (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:17:16.0367 5416	Hamachi2Svc - ok
17:17:16.0726 5416	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:17:16.0757 5416	hcw85cir - ok
17:17:17.0131 5416	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:17.0178 5416	HDAudBus - ok
17:17:17.0537 5416	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:17:17.0568 5416	HidBatt - ok
17:17:17.0927 5416	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:17:17.0958 5416	HidBth - ok
17:17:18.0317 5416	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:17:18.0348 5416	HidIr - ok
17:17:18.0613 5416	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:17:18.0691 5416	hidserv - ok
17:17:19.0066 5416	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:19.0081 5416	HidUsb - ok
17:17:19.0362 5416	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:17:19.0440 5416	hkmsvc - ok
17:17:19.0736 5416	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:17:19.0783 5416	HomeGroupListener - ok
17:17:20.0080 5416	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:17:20.0111 5416	HomeGroupProvider - ok
17:17:20.0485 5416	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:17:20.0501 5416	HpSAMD - ok
17:17:20.0860 5416	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:17:20.0922 5416	HTTP - ok
17:17:21.0296 5416	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:17:21.0312 5416	hwpolicy - ok
17:17:21.0686 5416	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:21.0718 5416	i8042prt - ok
17:17:22.0061 5416	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
17:17:22.0076 5416	iaStor - ok
17:17:22.0279 5416	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:17:22.0295 5416	IAStorDataMgrSvc - ok
17:17:22.0685 5416	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:17:22.0716 5416	iaStorV - ok
17:17:22.0919 5416	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:17:22.0950 5416	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:17:22.0950 5416	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:17:23.0200 5416	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:23.0246 5416	idsvc - ok
17:17:23.0761 5416	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:17:24.0073 5416	igfx - ok
17:17:24.0448 5416	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:17:24.0479 5416	iirsp - ok
17:17:24.0760 5416	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:17:24.0838 5416	IKEEXT - ok
17:17:25.0274 5416	IntcAzAudAddService (72a253efca059d8cf303371255624890) C:\Windows\system32\drivers\RTKVHD64.sys
17:17:25.0337 5416	IntcAzAudAddService - ok
17:17:25.0711 5416	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:17:25.0742 5416	IntcDAud - ok
17:17:26.0101 5416	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:17:26.0132 5416	intelide - ok
17:17:26.0476 5416	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:26.0522 5416	intelppm - ok
17:17:26.0819 5416	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:17:26.0881 5416	IPBusEnum - ok
17:17:27.0256 5416	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:27.0318 5416	IpFilterDriver - ok
17:17:27.0599 5416	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:17:27.0661 5416	iphlpsvc - ok
17:17:28.0020 5416	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:17:28.0051 5416	IPMIDRV - ok
17:17:28.0426 5416	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:17:28.0504 5416	IPNAT - ok
17:17:28.0878 5416	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:17:28.0925 5416	IRENUM - ok
17:17:29.0268 5416	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:17:29.0284 5416	isapnp - ok
17:17:29.0643 5416	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:17:29.0658 5416	iScsiPrt - ok
17:17:30.0017 5416	JMCR            (e5f9a5ac854529efbe37e475149615c1) C:\Windows\system32\DRIVERS\jmcr.sys
17:17:30.0033 5416	JMCR - ok
17:17:30.0376 5416	JME             (23078cb27144d6d8510246b282968695) C:\Windows\system32\DRIVERS\JME.sys
17:17:30.0391 5416	JME - ok
17:17:30.0719 5416	johci           (bb851eda4211d8d013d93f361adb13b5) C:\Windows\system32\drivers\johci.sys
17:17:30.0735 5416	johci - ok
17:17:31.0093 5416	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:31.0109 5416	kbdclass - ok
17:17:31.0452 5416	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:17:31.0483 5416	kbdhid - ok
17:17:31.0795 5416	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:31.0811 5416	KeyIso - ok
17:17:32.0154 5416	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:17:32.0185 5416	KSecDD - ok
17:17:32.0513 5416	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:17:32.0544 5416	KSecPkg - ok
17:17:32.0887 5416	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:17:32.0950 5416	ksthunk - ok
17:17:33.0293 5416	ksupmgr         (3ca4073a107b42828732088957960643) C:\Windows\SysWOW64\ksupmgr.exe
17:17:33.0324 5416	ksupmgr - ok
17:17:33.0621 5416	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:17:33.0699 5416	KtmRm - ok
17:17:34.0011 5416	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:17:34.0089 5416	LanmanServer - ok
17:17:34.0401 5416	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:17:34.0463 5416	LanmanWorkstation - ok
17:17:34.0837 5416	lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
17:17:34.0853 5416	lirsgt - ok
17:17:35.0227 5416	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:35.0274 5416	lltdio - ok
17:17:35.0571 5416	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:17:35.0633 5416	lltdsvc - ok
17:17:35.0898 5416	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:17:35.0976 5416	lmhosts - ok
17:17:36.0179 5416	LMS             (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:17:36.0195 5416	LMS - ok
17:17:36.0553 5416	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:17:36.0569 5416	LSI_FC - ok
17:17:36.0928 5416	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:17:36.0943 5416	LSI_SAS - ok
17:17:37.0302 5416	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:17:37.0318 5416	LSI_SAS2 - ok
17:17:37.0677 5416	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:17:37.0708 5416	LSI_SCSI - ok
17:17:38.0051 5416	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:17:38.0129 5416	luafv - ok
17:17:38.0425 5416	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:17:38.0472 5416	Mcx2Svc - ok
17:17:38.0831 5416	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:17:38.0847 5416	megasas - ok
17:17:39.0205 5416	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:17:39.0237 5416	MegaSR - ok
17:17:39.0611 5416	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:17:39.0627 5416	MEIx64 - ok
17:17:39.0892 5416	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:39.0970 5416	MMCSS - ok
17:17:40.0344 5416	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:17:40.0407 5416	Modem - ok
17:17:40.0750 5416	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:17:40.0797 5416	monitor - ok
17:17:41.0171 5416	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:41.0187 5416	mouclass - ok
17:17:41.0530 5416	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:41.0561 5416	mouhid - ok
17:17:41.0935 5416	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:17:41.0951 5416	mountmgr - ok
17:17:42.0294 5416	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:17:42.0325 5416	mpio - ok
17:17:42.0684 5416	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:17:42.0731 5416	mpsdrv - ok
17:17:43.0027 5416	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:17:43.0105 5416	MpsSvc - ok
17:17:43.0464 5416	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:17:43.0495 5416	MRxDAV - ok
17:17:43.0823 5416	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:43.0870 5416	mrxsmb - ok
17:17:44.0213 5416	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:44.0244 5416	mrxsmb10 - ok
17:17:44.0572 5416	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:44.0587 5416	mrxsmb20 - ok
17:17:44.0899 5416	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:17:44.0931 5416	msahci - ok
17:17:45.0258 5416	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:17:45.0274 5416	msdsm - ok
17:17:45.0555 5416	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:17:45.0586 5416	MSDTC - ok
17:17:45.0945 5416	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:17:45.0991 5416	Msfs - ok
17:17:46.0366 5416	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:17:46.0428 5416	mshidkmdf - ok
17:17:46.0787 5416	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:17:46.0803 5416	msisadrv - ok
17:17:47.0099 5416	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:17:47.0177 5416	MSiSCSI - ok
17:17:47.0442 5416	msiserver - ok
17:17:47.0583 5416	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:47.0645 5416	MSKSSRV - ok
17:17:48.0004 5416	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:48.0066 5416	MSPCLOCK - ok
17:17:48.0441 5416	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:17:48.0519 5416	MSPQM - ok
17:17:48.0862 5416	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:17:48.0893 5416	MsRPC - ok
17:17:49.0205 5416	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:49.0221 5416	mssmbios - ok
17:17:49.0595 5416	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:17:49.0657 5416	MSTEE - ok
17:17:49.0985 5416	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:17:50.0016 5416	MTConfig - ok
17:17:50.0359 5416	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:17:50.0375 5416	Mup - ok
17:17:50.0656 5416	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:17:50.0734 5416	napagent - ok
17:17:51.0124 5416	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:51.0171 5416	NativeWifiP - ok
17:17:51.0373 5416	NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
17:17:51.0405 5416	NAUpdate - ok
17:17:51.0779 5416	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:17:51.0810 5416	NDIS - ok
17:17:52.0169 5416	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:52.0216 5416	NdisCap - ok
17:17:52.0575 5416	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:52.0637 5416	NdisTapi - ok
17:17:52.0996 5416	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:53.0058 5416	Ndisuio - ok
17:17:53.0386 5416	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:53.0448 5416	NdisWan - ok
17:17:53.0791 5416	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:17:53.0838 5416	NDProxy - ok
17:17:54.0181 5416	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:17:54.0213 5416	NetBIOS - ok
17:17:54.0556 5416	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:17:54.0603 5416	NetBT - ok
17:17:54.0883 5416	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:54.0915 5416	Netlogon - ok
17:17:55.0211 5416	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:17:55.0289 5416	Netman - ok
17:17:55.0601 5416	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0617 5416	NetMsmqActivator - ok
17:17:55.0632 5416	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:55.0648 5416	NetPipeActivator - ok
17:17:55.0929 5416	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:17:56.0007 5416	netprofm - ok
17:17:56.0319 5416	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0334 5416	NetTcpActivator - ok
17:17:56.0350 5416	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:56.0365 5416	NetTcpPortSharing - ok
17:17:56.0740 5416	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:17:56.0755 5416	nfrd960 - ok
17:17:57.0036 5416	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:17:57.0083 5416	NlaSvc - ok
17:17:57.0442 5416	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:17:57.0489 5416	Npfs - ok
17:17:57.0754 5416	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:17:57.0832 5416	nsi - ok
17:17:58.0175 5416	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:17:58.0222 5416	nsiproxy - ok
17:17:58.0596 5416	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:17:58.0659 5416	Ntfs - ok
17:17:58.0986 5416	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:17:59.0049 5416	Null - ok
17:17:59.0423 5416	nusb3hub        (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:17:59.0439 5416	nusb3hub - ok
17:17:59.0797 5416	nusb3xhc        (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:17:59.0829 5416	nusb3xhc - ok
17:18:00.0437 5416	nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:18:00.0562 5416	nvlddmkm - ok
17:18:00.0889 5416	nvpciflt        (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:18:00.0905 5416	nvpciflt - ok
17:18:01.0248 5416	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:18:01.0279 5416	nvraid - ok
17:18:01.0623 5416	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:18:01.0638 5416	nvstor - ok
17:18:01.0935 5416	NVSvc           (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:18:01.0981 5416	NVSvc - ok
17:18:02.0231 5416	nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:18:02.0325 5416	nvUpdatusService - ok
17:18:02.0683 5416	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:18:02.0715 5416	nv_agp - ok
17:18:03.0042 5416	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:18:03.0073 5416	ohci1394 - ok
17:18:03.0261 5416	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:03.0276 5416	ose - ok
17:18:03.0448 5416	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:03.0588 5416	osppsvc - ok
17:18:03.0869 5416	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:03.0916 5416	p2pimsvc - ok
17:18:04.0212 5416	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:18:04.0259 5416	p2psvc - ok
17:18:04.0618 5416	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:18:04.0649 5416	Parport - ok
17:18:05.0023 5416	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:18:05.0039 5416	partmgr - ok
17:18:05.0320 5416	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:18:05.0367 5416	PcaSvc - ok
17:18:05.0710 5416	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:18:05.0741 5416	pci - ok
17:18:06.0100 5416	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:18:06.0115 5416	pciide - ok
17:18:06.0459 5416	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:18:06.0490 5416	pcmcia - ok
17:18:06.0817 5416	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:18:06.0849 5416	pcw - ok
17:18:07.0207 5416	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:18:07.0270 5416	PEAUTH - ok
17:18:07.0582 5416	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:18:07.0629 5416	PeerDistSvc - ok
17:18:07.0956 5416	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:18:07.0987 5416	PerfHost - ok
17:18:08.0315 5416	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:18:08.0393 5416	pla - ok
17:18:08.0705 5416	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:18:08.0767 5416	PlugPlay - ok
17:18:09.0033 5416	PnkBstrA - ok
17:18:09.0111 5416	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:18:09.0142 5416	PNRPAutoReg - ok
17:18:09.0423 5416	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:09.0454 5416	PNRPsvc - ok
17:18:09.0501 5416	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:18:09.0547 5416	PolicyAgent - ok
17:18:09.0844 5416	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:18:09.0906 5416	Power - ok
17:18:10.0093 5416	PowerBiosServer (02778106ea187027005ef106e25dfda7) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
17:18:10.0125 5416	PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning
17:18:10.0125 5416	PowerBiosServer - detected UnsignedFile.Multi.Generic (1)
17:18:10.0468 5416	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:18:10.0530 5416	PptpMiniport - ok
17:18:10.0873 5416	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:18:10.0905 5416	Processor - ok
17:18:11.0170 5416	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:18:11.0248 5416	ProfSvc - ok
17:18:11.0544 5416	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:11.0560 5416	ProtectedStorage - ok
17:18:11.0919 5416	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:18:11.0981 5416	Psched - ok
17:18:12.0168 5416	PSI_SVC_2       (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:18:12.0184 5416	PSI_SVC_2 - ok
17:18:12.0574 5416	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:18:12.0652 5416	ql2300 - ok
17:18:13.0026 5416	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:18:13.0042 5416	ql40xx - ok
17:18:13.0307 5416	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:18:13.0354 5416	QWAVE - ok
17:18:13.0697 5416	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:18:13.0744 5416	QWAVEdrv - ok
17:18:14.0071 5416	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:14.0134 5416	RasAcd - ok
17:18:14.0493 5416	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:14.0539 5416	RasAgileVpn - ok
17:18:14.0820 5416	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:18:14.0898 5416	RasAuto - ok
17:18:15.0257 5416	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:15.0319 5416	Rasl2tp - ok
17:18:15.0616 5416	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:18:15.0678 5416	RasMan - ok
17:18:16.0037 5416	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:16.0115 5416	RasPppoe - ok
17:18:16.0474 5416	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:16.0536 5416	RasSstp - ok
17:18:16.0879 5416	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:16.0942 5416	rdbss - ok
17:18:17.0285 5416	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:17.0332 5416	rdpbus - ok
17:18:17.0644 5416	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:17.0691 5416	RDPCDD - ok
17:18:18.0018 5416	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:18:18.0049 5416	RDPDR - ok
17:18:18.0377 5416	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:18:18.0455 5416	RDPENCDD - ok
17:18:18.0767 5416	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:18:18.0814 5416	RDPREFMP - ok
17:18:19.0126 5416	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:18:19.0157 5416	RDPWD - ok
17:18:19.0500 5416	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:18:19.0516 5416	rdyboost - ok
17:18:19.0781 5416	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:18:19.0859 5416	RemoteAccess - ok
17:18:20.0140 5416	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:18:20.0202 5416	RemoteRegistry - ok
17:18:20.0483 5416	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:18:20.0545 5416	RpcEptMapper - ok
17:18:20.0842 5416	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:18:20.0889 5416	RpcLocator - ok
17:18:21.0169 5416	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:18:21.0232 5416	RpcSs - ok
17:18:21.0591 5416	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:21.0637 5416	rspndr - ok
17:18:21.0965 5416	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:18:22.0012 5416	s3cap - ok
17:18:22.0261 5416	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:22.0293 5416	SamSs - ok
17:18:22.0651 5416	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:18:22.0683 5416	sbp2port - ok
17:18:22.0948 5416	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:18:23.0010 5416	SCardSvr - ok
17:18:23.0353 5416	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:18:23.0416 5416	scfilter - ok
17:18:23.0728 5416	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:18:23.0775 5416	Schedule - ok
17:18:24.0055 5416	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:18:24.0118 5416	SCPolicySvc - ok
17:18:24.0165 5416	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:18:24.0196 5416	SDRSVC - ok
17:18:24.0383 5416	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:18:24.0414 5416	SeaPort - ok
17:18:24.0773 5416	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:18:24.0820 5416	secdrv - ok
17:18:25.0116 5416	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:18:25.0194 5416	seclogon - ok
17:18:25.0475 5416	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:18:25.0537 5416	SENS - ok
17:18:25.0818 5416	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:18:25.0849 5416	SensrSvc - ok
17:18:26.0224 5416	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:18:26.0255 5416	Serenum - ok
17:18:26.0614 5416	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:18:26.0645 5416	Serial - ok
17:18:27.0019 5416	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:18:27.0051 5416	sermouse - ok
17:18:27.0347 5416	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:18:27.0409 5416	SessionEnv - ok
17:18:27.0753 5416	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:18:27.0799 5416	sffdisk - ok
17:18:28.0127 5416	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:18:28.0158 5416	sffp_mmc - ok
17:18:28.0533 5416	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:18:28.0564 5416	sffp_sd - ok
17:18:28.0938 5416	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:18:28.0969 5416	sfloppy - ok
17:18:29.0250 5416	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:18:29.0328 5416	SharedAccess - ok
17:18:29.0625 5416	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:18:29.0687 5416	ShellHWDetection - ok
17:18:30.0046 5416	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:18:30.0061 5416	SiSRaid2 - ok
17:18:30.0405 5416	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:18:30.0420 5416	SiSRaid4 - ok
17:18:30.0763 5416	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:18:30.0826 5416	Smb - ok
17:18:31.0153 5416	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:18:31.0185 5416	SNMPTRAP - ok
17:18:31.0543 5416	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:18:31.0575 5416	spldr - ok
17:18:31.0855 5416	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:18:31.0949 5416	Spooler - ok
17:18:32.0308 5416	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:18:32.0370 5416	sppsvc - ok
17:18:32.0667 5416	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:18:32.0745 5416	sppuinotify - ok
17:18:33.0103 5416	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:18:33.0166 5416	srv - ok
17:18:33.0540 5416	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:18:33.0571 5416	srv2 - ok
17:18:33.0899 5416	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:33.0930 5416	srvnet - ok
17:18:34.0211 5416	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:18:34.0273 5416	SSDPSRV - ok
17:18:34.0554 5416	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:18:34.0617 5416	SstpSvc - ok
17:18:34.0757 5416	Steam Client Service - ok
17:18:35.0100 5416	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:18:35.0131 5416	stexstor - ok
17:18:35.0428 5416	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:18:35.0490 5416	stisvc - ok
17:18:35.0833 5416	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:18:35.0865 5416	storflt - ok
17:18:36.0099 5416	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:18:36.0145 5416	StorSvc - ok
17:18:36.0504 5416	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:18:36.0535 5416	storvsc - ok
17:18:36.0863 5416	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:18:36.0879 5416	swenum - ok
17:18:37.0159 5416	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:18:37.0237 5416	swprv - ok
17:18:37.0596 5416	SynTP           (c80b9cce2239d092421a390147a692ed) C:\Windows\system32\DRIVERS\SynTP.sys
17:18:37.0612 5416	SynTP - ok
17:18:37.0939 5416	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:18:38.0002 5416	SysMain - ok
17:18:38.0283 5416	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:18:38.0345 5416	TabletInputService - ok
17:18:38.0626 5416	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:18:38.0688 5416	TapiSrv - ok
17:18:38.0985 5416	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:18:39.0031 5416	TBS - ok
17:18:39.0453 5416	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:18:39.0515 5416	Tcpip - ok
17:18:39.0905 5416	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:39.0936 5416	TCPIP6 - ok
17:18:40.0279 5416	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:18:40.0342 5416	tcpipreg - ok
17:18:40.0701 5416	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:18:40.0747 5416	TDPIPE - ok
17:18:41.0075 5416	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:18:41.0122 5416	TDTCP - ok
17:18:41.0449 5416	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:18:41.0496 5416	tdx - ok
17:18:41.0871 5416	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:18:41.0886 5416	TermDD - ok
17:18:42.0183 5416	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:18:42.0245 5416	TermService - ok
17:18:42.0541 5416	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:18:42.0573 5416	Themes - ok
17:18:42.0853 5416	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:18:42.0916 5416	THREADORDER - ok
17:18:43.0212 5416	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:18:43.0290 5416	TrkWks - ok
17:18:43.0431 5416	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:18:43.0524 5416	TrustedInstaller - ok
17:18:43.0805 5416	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:43.0867 5416	tssecsrv - ok
17:18:44.0195 5416	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:18:44.0226 5416	TsUsbFlt - ok
17:18:44.0554 5416	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:18:44.0585 5416	TsUsbGD - ok
17:18:44.0944 5416	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:45.0006 5416	tunnel - ok
17:18:45.0365 5416	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:18:45.0396 5416	uagp35 - ok
17:18:45.0724 5416	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:18:45.0802 5416	udfs - ok
17:18:46.0098 5416	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:18:46.0129 5416	UI0Detect - ok
17:18:46.0504 5416	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:18:46.0519 5416	uliagpkx - ok
17:18:46.0847 5416	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:18:46.0894 5416	umbus - ok
17:18:47.0221 5416	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:18:47.0268 5416	UmPass - ok
17:18:47.0533 5416	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:18:47.0580 5416	UmRdpService - ok
17:18:47.0814 5416	UNS             (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:18:47.0923 5416	UNS - ok
17:18:48.0235 5416	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:18:48.0298 5416	upnphost - ok
17:18:48.0657 5416	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:18:48.0719 5416	usbaudio - ok
17:18:49.0047 5416	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:49.0078 5416	usbccgp - ok
17:18:49.0421 5416	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:18:49.0452 5416	usbcir - ok
17:18:49.0780 5416	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:18:49.0795 5416	usbehci - ok
17:18:50.0139 5416	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:50.0185 5416	usbhub - ok
17:18:50.0513 5416	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:18:50.0560 5416	usbohci - ok
17:18:50.0903 5416	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:18:50.0934 5416	usbprint - ok
17:18:51.0293 5416	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:18:51.0324 5416	usbscan - ok
17:18:51.0636 5416	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:51.0683 5416	USBSTOR - ok
17:18:52.0026 5416	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:18:52.0073 5416	usbuhci - ok
17:18:52.0416 5416	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:18:52.0463 5416	usbvideo - ok
17:18:52.0728 5416	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:18:52.0791 5416	UxSms - ok
17:18:53.0071 5416	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:53.0103 5416	VaultSvc - ok
17:18:53.0461 5416	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:18:53.0477 5416	vdrvroot - ok
17:18:53.0758 5416	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:18:53.0820 5416	vds - ok
17:18:54.0179 5416	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:54.0226 5416	vga - ok
17:18:54.0569 5416	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:18:54.0647 5416	VgaSave - ok
17:18:54.0990 5416	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:18:55.0021 5416	vhdmp - ok
17:18:55.0365 5416	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:18:55.0380 5416	viaide - ok
17:18:55.0708 5416	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:18:55.0739 5416	vmbus - ok
17:18:56.0067 5416	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:18:56.0113 5416	VMBusHID - ok
17:18:56.0410 5416	vmm             (b2e25db5a6a178c056342abd747b7326) C:\Windows\system32\Treiber\vmm.sys
17:18:56.0425 5416	vmm - ok
17:18:56.0784 5416	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:18:56.0800 5416	volmgr - ok
17:18:57.0143 5416	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:18:57.0174 5416	volmgrx - ok
17:18:57.0517 5416	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:18:57.0549 5416	volsnap - ok
17:18:57.0892 5416	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:18:57.0923 5416	vsmraid - ok
17:18:58.0235 5416	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:18:58.0344 5416	VSS - ok
17:18:58.0687 5416	VUSB3HUB        (cc38015bb30360b1b1afeb995791004a) C:\Windows\system32\drivers\ViaHub3.sys
17:18:58.0734 5416	VUSB3HUB ( UnsignedFile.Multi.Generic ) - warning
17:18:58.0734 5416	VUSB3HUB - detected UnsignedFile.Multi.Generic (1)
17:18:59.0062 5416	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:59.0109 5416	vwifibus - ok
17:18:59.0467 5416	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:59.0514 5416	vwififlt - ok
17:18:59.0873 5416	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:18:59.0904 5416	vwifimp - ok
17:19:00.0201 5416	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:19:00.0247 5416	W32Time - ok
17:19:00.0622 5416	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:19:00.0653 5416	WacomPen - ok
17:19:00.0996 5416	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0074 5416	WANARP - ok
17:19:01.0090 5416	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:19:01.0105 5416	Wanarpv6 - ok
17:19:01.0417 5416	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:19:01.0495 5416	WatAdminSvc - ok
17:19:01.0807 5416	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:19:01.0870 5416	wbengine - ok
17:19:02.0182 5416	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:19:02.0213 5416	WbioSrvc - ok
17:19:02.0478 5416	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:19:02.0541 5416	wcncsvc - ok
17:19:02.0821 5416	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:19:02.0853 5416	WcsPlugInService - ok
17:19:03.0227 5416	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:19:03.0243 5416	Wd - ok
17:19:03.0601 5416	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:19:03.0633 5416	Wdf01000 - ok
17:19:03.0913 5416	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0960 5416	WdiServiceHost - ok
17:19:03.0960 5416	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:19:03.0976 5416	WdiSystemHost - ok
17:19:04.0272 5416	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:19:04.0319 5416	WebClient - ok
17:19:04.0615 5416	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:19:04.0678 5416	Wecsvc - ok
17:19:04.0959 5416	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:19:04.0974 5416	wercplsupport - ok
17:19:05.0271 5416	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:19:05.0333 5416	WerSvc - ok
17:19:05.0676 5416	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:05.0739 5416	WfpLwf - ok
17:19:06.0051 5416	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:19:06.0066 5416	WIMMount - ok
17:19:06.0191 5416	WinDefend - ok
17:19:06.0207 5416	WinHttpAutoProxySvc - ok
17:19:06.0581 5416	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:19:06.0643 5416	Winmgmt - ok
17:19:06.0971 5416	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:19:07.0080 5416	WinRM - ok
17:19:07.0455 5416	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:19:07.0501 5416	WinUsb - ok
17:19:07.0767 5416	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:19:07.0813 5416	Wlansvc - ok
17:19:07.0954 5416	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:19:08.0016 5416	wlidsvc - ok
17:19:08.0359 5416	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:19:08.0406 5416	WmiAcpi - ok
17:19:08.0781 5416	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:19:08.0827 5416	wmiApSrv - ok
17:19:08.0952 5416	WMPNetworkSvc - ok
17:19:09.0249 5416	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:19:09.0264 5416	WPCSvc - ok
17:19:09.0545 5416	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:19:09.0592 5416	WPDBusEnum - ok
17:19:09.0966 5416	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:19:09.0997 5416	ws2ifsl - ok
17:19:10.0278 5416	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:19:10.0325 5416	wscsvc - ok
17:19:10.0575 5416	WSearch - ok
17:19:10.0746 5416	WTGService      (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
17:19:10.0762 5416	WTGService - ok
17:19:11.0089 5416	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:19:11.0230 5416	wuauserv - ok
17:19:11.0589 5416	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:19:11.0651 5416	WudfPf - ok
17:19:11.0994 5416	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:19:12.0057 5416	WUDFRd - ok
17:19:12.0322 5416	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:19:12.0384 5416	wudfsvc - ok
17:19:12.0649 5416	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:19:12.0696 5416	WwanSvc - ok
17:19:12.0805 5416	X6va007 - ok
17:19:12.0868 5416	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:19:13.0117 5416	\Device\Harddisk0\DR0 - ok
17:19:13.0117 5416	Boot (0x1200)   (6c34b1637b51abca3e9a1cc8c4582bdf) \Device\Harddisk0\DR0\Partition0
17:19:13.0133 5416	\Device\Harddisk0\DR0\Partition0 - ok
17:19:13.0164 5416	Boot (0x1200)   (092fc2bba5e835859f3e88bde18a02c0) \Device\Harddisk0\DR0\Partition1
17:19:13.0164 5416	\Device\Harddisk0\DR0\Partition1 - ok
17:19:13.0164 5416	============================================================
17:19:13.0164 5416	Scan finished
17:19:13.0164 5416	============================================================
17:19:13.0180 5388	Detected object count: 5
17:19:13.0180 5388	Actual detected object count: 5
17:19:32.0025 5388	acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388	acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:32.0025 5388	Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388	Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:32.0025 5388	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:32.0025 5388	PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0025 5388	PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:32.0040 5388	VUSB3HUB ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:32.0040 5388	VUSB3HUB ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 29.03.2012, 19:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2012, 20:50   #11
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Hey, ComboFix habe ich ausgeführt, wie bei den anderen Scans verlief es ohne Probleme. Hier die Logdatei:
Code:
ATTFilter
ComboFix 12-03-29.02 - Jonas Hanke 29.03.2012  21:24:49.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8099.6298 [GMT 2:00]
ausgeführt von:: c:\users\Jonas Hanke\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\server.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46	607296	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2074-05-07 17:38 . 2006-11-21 19:48	203576	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-03-29 19:30 . 2012-03-29 19:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-29 14:19 . 2012-03-29 14:19	--------	d-----w-	C:\_OTL
2012-03-28 13:24 . 2012-03-28 13:24	--------	d-----w-	c:\program files (x86)\ESET
2012-03-27 16:26 . 2011-08-26 17:02	2484592	----a-w-	c:\windows\SysWow64\pbsvc_p4f.exe
2012-03-27 15:35 . 2012-03-27 15:35	--------	d-----w-	c:\users\UpdatusUser
2012-03-27 11:52 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{381D2696-DDF5-419C-B9DE-5365A7ECE694}\mpengine.dll
2012-03-26 19:38 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-26 19:38 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-26 19:38 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-26 16:52 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2012-03-26 16:52 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-03-26 16:52 . 2011-04-22 22:15	27520	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2012-03-26 16:52 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2012-03-26 16:52 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2012-03-26 16:52 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2012-03-26 16:52 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-26 16:52 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-03-26 16:46 . 2012-03-26 16:46	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-03-26 15:18 . 2011-02-05 17:10	642944	----a-w-	c:\windows\system32\winload.efi
2012-03-26 15:16 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-26 15:16 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-26 15:16 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-26 15:15 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-26 15:15 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-26 15:15 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-26 13:36 . 2012-03-26 13:36	--------	d-----w-	C:\Malwarebytes' Anti-Malware
2012-03-25 20:31 . 2012-03-25 20:49	--------	d-----w-	c:\windows\Panther
2012-03-25 20:28 . 2012-03-25 20:28	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-03-25 20:17 . 2012-03-25 20:36	--------	d-----w-	C:\$WINDOWS.~Q
2012-03-25 19:57 . 2012-03-25 20:10	--------	d-----w-	C:\$INPLACE.~TR
2012-03-25 19:37 . 2012-03-25 20:59	--------	d-----w-	c:\users\Jonas Schule
2012-03-25 19:37 . 2012-03-25 20:26	--------	d-----w-	c:\users\Detlev Hanke
2012-03-25 19:37 . 2012-03-25 20:49	--------	d-----w-	c:\users\Jonas Hanke
2012-03-25 19:36 . 2012-03-25 19:44	--------	d-----w-	c:\program files\Protector Suite
2012-03-25 19:35 . 2012-03-25 19:35	--------	d-----w-	c:\windows\SysWow64\RTCOM
2012-03-25 19:35 . 2012-03-25 19:35	--------	d-----w-	c:\program files\Realtek
2012-03-25 19:35 . 2012-03-25 19:35	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-27 15:35	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-03-25 19:35 . 2012-03-25 19:35	--------	d-----w-	c:\program files\Synaptics
2012-03-25 15:33 . 2012-03-25 20:08	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-25 15:33 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-25 15:33 . 2012-03-26 13:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 17:27 . 2012-03-25 20:08	--------	d-----w-	c:\users\TEMP.JonasH.004
2012-03-23 16:58 . 2012-03-25 20:08	--------	d-----w-	c:\users\TEMP.JonasH.005
2012-03-17 11:24 . 2012-03-25 20:08	--------	d-----w-	c:\users\TEMP.JonasH.003
2012-03-14 20:53 . 2012-03-25 20:08	--------	d-----w-	c:\users\TEMP.JonasH.002
2012-03-11 15:13 . 2012-03-25 19:50	--------	d-----w-	c:\program files (x86)\Eligium
2012-03-11 13:05 . 2012-03-25 19:50	--------	d-----w-	c:\program files (x86)\eligium_0_90_1_en
2012-03-09 15:25 . 2012-03-25 20:08	--------	d-----w-	c:\users\TEMP.JonasH.001
2012-03-08 20:36 . 2012-03-08 20:36	1798656	------w-	c:\windows\SysWow64\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36	110592	------w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 20:36 . 2012-03-08 20:36	2308096	------w-	c:\windows\system32\jscript9.dll
2012-03-08 20:36 . 2012-03-08 20:36	135168	------w-	c:\windows\system32\IEAdvpack.dll
2012-03-07 17:23 . 2012-03-25 19:59	--------	d-----w-	c:\program files (x86)\PixLin
2012-03-07 17:23 . 1998-11-03 11:04	1355776	----a-w-	c:\windows\SysWow64\MSVBVM50.dll
2012-03-07 17:23 . 1998-05-15 19:01	99866	----a-w-	c:\windows\SysWow64\VB5DE.dll
2012-03-07 17:23 . 1997-01-15 23:00	29696	----a-w-	c:\windows\SysWow64\VB5StKit.dll
2012-03-02 22:16 . 2012-03-25 19:47	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-29 14:28 . 2012-03-25 18:09	--------	d-----w-	C:\BrickForce
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 18:09 . 2011-08-26 17:06	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 18:09 . 2011-08-26 17:03	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-03-27 16:26 . 2011-08-26 17:03	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-03-26 16:47 . 2011-06-28 17:28	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-01 00:02 . 2011-08-09 16:28	962368	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2011-08-09 16:28	2660160	----a-w-	c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-08-09 16:28	260416	----a-w-	c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2011-08-09 16:28	2301248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-08-09 16:28	1737536	----a-w-	c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-09 16:28	1466176	----a-w-	c:\windows\system32\nvgenco64.dll
2012-02-29 21:00 . 2010-12-26 05:05	3089728	----a-w-	c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-12-26 05:06	6074176	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-12-26 05:06	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2010-12-26 05:06	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-12-26 05:06	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-12-26 05:06	55616	----a-w-	c:\windows\system32\nv3dappshextr.dll
2012-02-29 20:59 . 2010-12-26 05:06	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2010-12-26 05:06	849728	----a-w-	c:\windows\system32\nv3dappshext.dll
2012-02-29 20:59 . 2010-12-26 05:06	2515790	----a-w-	c:\windows\system32\nvcoproc.bin
2012-02-23 07:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-02 16:52 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-02 15:07 . 2012-02-02 15:07	750488	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-02-02 15:07 . 2011-09-05 17:45	660368	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-21 12:50 . 2012-01-19 15:57	310984	----a-w-	c:\windows\system32\drivers\atksgt.sys
2012-01-20 19:12 . 2012-01-18 20:49	164880	----a-w-	c:\users\Jonas Hanke\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-01-19 15:58 . 2012-01-19 15:57	42696	----a-w-	c:\windows\system32\drivers\lirsgt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 5975704]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story_DE\PrePatch.exe" [2012-01-30 327680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5635736]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
R1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va007;X6va007;c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-02-18 763904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-27 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.0 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 08:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 13:48	5947656	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 13:48	5947656	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-LEGO Rock Raiders - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_p4f.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\JONASH~1\AppData\Local\Temp\007D73E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\cchservice.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29  21:37:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-29 19:37
.
Vor Suchlauf: 20 Verzeichnis(se), 386.336.530.432 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 387.156.635.648 Bytes frei
.
- - End Of File - - EA939EB7AA78B769CF1618C999F7F098
         
Da AntiVir bei mir versagt hat, wollte ich fragen, welches Antivieren Programm du mir empfehlst (kann auch Geld kosten, ich würde jetzt auf Malwarebytes tippen?) ?

Alt 29.03.2012, 21:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2012, 19:04   #13
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Hey, leider geht das aswMBR.exe nicht. Ich habe AntiVir abgeschaltet und das Programm als Administrator ausgeführt und trotzdem stürzt es bei mir immer an einer Stelle ab: "C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Aplications (weiter konnte ich den Dateipfad nich lesen, weil dann das Programm abgestürzt ist). Ich habe 3 mal probiert das System scannen zu lassen, aber jedesmal trat das selbe Problem auf.

Alt 30.03.2012, 20:03   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2012, 20:26   #15
sunjojo
/// Malwareteam
 
Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Standard

Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden



Danke, jetzt hat es geklappt. Hier der Inhalt der Logdatei:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 21:24:43
-----------------------------
21:24:43.053    OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:43.053    Number of processors: 4 586 0x2A07
21:24:43.054    ComputerName: JONASH  UserName: 
21:24:44.328    Initialize success
21:24:49.913    AVAST engine defs: 12033000
21:24:53.618    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:24:53.622    Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
21:24:53.647    Disk 0 MBR read successfully
21:24:53.650    Disk 0 MBR scan
21:24:53.656    Disk 0 Windows 7 default MBR code
21:24:53.661    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         8000 MB offset 2048
21:24:53.676    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 16386048
21:24:53.688    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       707302 MB offset 16590848
21:24:53.708    Disk 0 scanning C:\Windows\system32\drivers
21:25:00.962    Service scanning
21:25:27.136    Modules scanning
21:25:27.145    Disk 0 trace - called modules:
21:25:27.203    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:25:27.208    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009692060]
21:25:27.423    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083e7050]
21:25:27.430    Scan finished successfully
21:25:46.783    Disk 0 MBR has been saved successfully to "C:\Users\Jonas Hanke\Desktop\MBR.dat"
21:25:46.786    The log file has been saved successfully to "C:\Users\Jonas Hanke\Desktop\aswMBR.txt"
         

Antwort

Themen zu Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden
administrator, anti-malware, autostart, code, computer, dateien, dateisystem, explorer, fehlermeldungen, festplatte, folge, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, keine viren, laufwerk, malwarebytes, microsoft, ordner, problem, pup.bundleoffer.downloader.s, quarantäne, software, speicher, system, system volume information, trojan.agent, viren, virus



Ähnliche Themen: Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden


  1. Windows 7 Desktop wird leer und löscht alle Dateien auf dem PC
    Alles rund um Windows - 27.12.2013 (4)
  2. Windows 7: Anwendungen funktionieren nicht mehr - Programmordner leer, Verknüpfungen noch da
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (15)
  3. Ordner externer Medien sind nicht zu öffnende Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (9)
  4. externe Festplatte: Ordner nur noch als Verknüpfungen vorhanden
    Log-Analyse und Auswertung - 02.07.2012 (1)
  5. Virus verwandelt Ordner externer Datenträger in Verknüpfungen!
    Log-Analyse und Auswertung - 25.03.2012 (29)
  6. Virus - Ordner auf externen Datenträgern werden zu Verknüpfungen
    Log-Analyse und Auswertung - 23.02.2012 (7)
  7. Verknüpfungen auf externen Geräten - Ordner öffnen sich nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (1)
  8. Virus: Ordner auf Wechselmedien nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (8)
  9. TR/Crypt.ZPACK.Gen2 löscht Pfade und löscht progs und Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 06.11.2011 (1)
  10. Nach Virus sind Ordner Verknüpfungen
    Log-Analyse und Auswertung - 21.08.2011 (12)
  11. Virus: igfxcf32.exe - Verursachte dass bei 2 USB Sticks stat der Ordner nur noch Verknüpfungen...
    Log-Analyse und Auswertung - 16.08.2011 (1)
  12. Ordner sind leer, Startmenü auf der linken seite leer, festplatte leer, aber sind noch 70GB drauf
    Log-Analyse und Auswertung - 01.06.2011 (1)
  13. Virus/Trojaner der Ordner auf Usb-Stick in Verknüpfungen verwandelt
    Log-Analyse und Auswertung - 20.05.2011 (20)
  14. Virus auf Stick löscht Ordner und Dateien
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (12)
  15. keine taskleiste mehr, ordner können nicht geöffnet werden, papierkorb bleibt nach dem löschen leer
    Alles rund um Windows - 01.03.2011 (13)
  16. Unbekannter Virus! Festplate als Ordner + Verknüpfungen + autorun
    Mülltonne - 10.12.2009 (7)
  17. Ordner leer - Können dennoch nicht gelöscht werden!!!
    Alles rund um Windows - 11.10.2006 (2)

Zum Thema Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden - Hallo, ich hab folgendes Problem: Gestern habe ich mir einen Virus gefangen, der meine Verknüpfungen gelöscht (es kommen Fehlermeldungen, dass meine Festplatte zerstört ist). Meine Ordner und mein Laufwerk ist - Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden...
Archiv
Du betrachtest: Virus löscht Verknüpfungen, Ordner leer/nicht vorhanden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.