Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Data Restore" entfernt - Rechner komplett sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.03.2012, 15:40   #1
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Hallo!

Am Dienstag habe ich mir den "Data Restore" Trojaner eingefangen.
Ich war sehr froh als ich die Anleitung zum Entfernen des Plagegeistes auf eurem Board entdeckt habe.

Der Anleitung bin ich gefolgt. Beim ersten Mal tauchten nach dem Neustart erneut die Fake-Meldungen des "Data Restore" auf. Daraufhin habe ich das ganze noch mal durchgespielt, so dass alle Fehlmeldungen verschwanden und auch die Ordner wieder sichtbar waren. Der Rootkit-Scan war übrigens immer negativ.
Ich habe seitdem den Malwarebytes-Anti-Malware-Scanner mehrmals ausgeführt, wobei auch keine infizierten Objekte mehr gefunden wurden.

Nun bin ich aber unsicher ob der Rechner tatsächlich "komplett sauber" ist und wäre euch daher sehr dankbar wenn ihr einen Blick auf meine Logs werfen würdet.
Ihr findet die Logs im Anhang. Vom Anti-Malware-Scanner findet ihr den ersten Log mit dem positiven Befund vom 27.03. und einen aktuellen, negativen von heute.

Ich hoffe, dass ich alles richtig verstanden habe und die richtigen Logfiles geladen sind. Vielen lieben Dank für eure Hilfe !!

Alt 29.03.2012, 22:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 30.03.2012, 12:56   #3
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Danke für die fixe Antwort!

Ich habe Malwarebytes erstmalig nach dem Trojaner-Fund installiert und ausgeführt. Daher gibt es 8 Logs vom 27.03., als die Probleme auftraten und welche vom 28.03. und gestern. Ich werde sie trotzdem mal im Anhang hochladen.

Davor habe ich nur die Freeware von Antivir benutzt, die ich jetzt nach dem Trojaner deinstalliert und durch avast! ersetzt habe.
__________________

Alt 30.03.2012, 15:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2012, 21:05   #5
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Danke für den Tipp!

Der Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e7155bfd6c2e1d4cbb776f26a76407af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 07:48:43
# local_time=2012-03-30 09:48:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 15006 84762023 0 0
# compatibility_mode=8192 67108863 100 0 4135 4135 0 0
# scanned=206904
# found=0
# cleaned=0
# scan_time=4749


Alt 30.03.2012, 21:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> "Data Restore" entfernt - Rechner komplett sauber?

Alt 30.03.2012, 22:10   #7
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Achsoo, okay. Ab jetzt alles in Code Tags.
Ich hoffe ich hab beim OTL Scan alle Häkchen richtig gesetzt.


Tada:
Code:
ATTFilter
OTL logfile created on: 30.03.2012 22:36:56 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Verena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,54% Memory free
15,90 Gb Paging File | 13,40 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,22 Gb Total Space | 439,92 Gb Free Space | 64,39% Space Free | Partition Type: NTFS
Drive D: | 15,12 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
 
Computer Name: ANTONHP | User Name: Verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Verena\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74a1075c047edd51ba44cebf5ecf715c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.27 18:57:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.30 14:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.04 16:16:03 | 000,000,000 | ---D | M]
 
[2011.09.02 21:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Extensions
[2012.03.12 13:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\bydxbmjh.default\extensions
[2011.09.11 17:06:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\bydxbmjh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.23 12:58:08 | 000,000,933 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\11-suche.xml
[2012.02.23 12:58:08 | 000,002,419 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 12:58:08 | 000,010,525 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\gmx-suche.xml
[2012.02.23 12:58:08 | 000,002,457 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\lastminute.xml
[2012.02.23 12:58:08 | 000,005,508 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\searchplugins\webde-suche.xml
[2011.09.02 21:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.27 18:57:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYDXBMJH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYDXBMJH.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.03.30 14:56:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 12:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 12:22:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.27 12:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 12:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 12:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 12:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2140B430-FC1D-4A06-9FE7-C11A4652CD5E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D280C-A08C-4A45-9351-73FD699A5F51}: DhcpNameServer = 149.205.5.81 149.205.5.82
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 18:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.30 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7DE59BD3-859E-4014-A6AC-4B9EB957CC64}
[2012.03.29 23:39:31 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{9FC9FC32-8067-4D1F-9230-36E2577EB158}
[2012.03.29 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E5E1498F-8AD9-48B0-80F9-3934B51EE256}
[2012.03.29 00:44:03 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{805A3C3E-3E09-4345-8572-088961B756F9}
[2012.03.28 14:59:42 | 000,000,000 | ---D | C] -- C:\Users\Verena\Schreibzeug
[2012.03.28 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{F59A8384-D8BE-40A6-86C3-42B64B141FAB}
[2012.03.28 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1BE4A761-0E96-4CCE-AEBA-19A229ED521A}
[2012.03.27 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{62F36148-CB6D-40C9-BFC5-83F08E6E9B0E}
[2012.03.27 23:49:33 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6CFC8EFA-558B-422C-8B51-604ABF731095}
[2012.03.27 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Google
[2012.03.27 18:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.03.27 18:58:07 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.27 18:58:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.03.27 18:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.03.27 18:58:06 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.27 18:58:05 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.27 18:58:04 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.27 18:58:02 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.27 18:58:02 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.27 18:57:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.27 18:57:44 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.27 18:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.03.27 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.03.27 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Malwarebytes
[2012.03.27 12:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 12:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.27 12:47:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.27 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.27 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.27 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{92F4D7CC-ACC6-4B1A-A600-DF7204600C8F}
[2012.03.27 11:44:19 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B359B319-3596-430B-B56A-049133B1A5B8}
[2012.03.26 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{53A5D670-CCCC-4B2E-9682-A04D8CDC47EE}
[2012.03.26 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6627A0FB-9E3F-4315-8B2A-C32C084E1F30}
[2012.03.25 10:57:57 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6B876348-F144-4FFC-9521-52892AFEBE4C}
[2012.03.25 10:57:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0137B535-022C-478E-9BA1-F688A5332FA5}
[2012.03.24 18:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.03.24 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\HP
[2012.03.24 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{8C9A0191-6369-4EFA-96AF-BA768BDE84DE}
[2012.03.24 13:03:36 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{FF97B204-06EB-433C-A99D-B22FFDF4B27E}
[2012.03.23 19:33:17 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{936DF3A9-1A1F-4769-9C6F-EC654A517A3B}
[2012.03.23 19:33:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{327F5B6A-61F8-4D3A-B33E-8FB780F9A801}
[2012.03.23 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0E8A1308-F05A-4643-B3ED-0EFEAF65B293}
[2012.03.23 01:10:11 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{86DE3A03-2595-49D2-B2B6-97BD881F3072}
[2012.03.22 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{52F24D7B-A3E3-45A8-861A-F584580EA687}
[2012.03.22 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6C465391-88FE-4C93-9C6A-942EC1D3BAB1}
[2012.03.21 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5D8CF032-3511-413B-B81F-34B03EDF7391}
[2012.03.21 20:37:07 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{F007C06B-D976-4C8B-A822-747BCF02783E}
[2012.03.21 01:21:00 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{BA3A2929-ADB4-4005-903E-3398F0E6F7F8}
[2012.03.21 01:20:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{4148D761-EACF-4B0D-BA0B-167ACD922055}
[2012.03.20 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{980D9CFE-F466-4878-89BA-05C7233526D0}
[2012.03.20 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{EDA6A1F3-3BB8-4D40-9D0D-F0AE5FD86E72}
[2012.03.19 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7974FFDB-D432-41F5-8107-0F05E033129D}
[2012.03.19 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5BBBA0B6-EFB7-4FD0-B554-4D4086E602BC}
[2012.03.18 12:50:37 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E77A8953-D5FD-48D5-94BC-8A911341E3F7}
[2012.03.17 15:36:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B80B823B-07BF-4A60-9731-ECFCB7F8D90D}
[2012.03.17 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1D512595-7685-4717-B5C2-04CD252B097F}
[2012.03.17 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{33CAAEBE-95BB-4A2D-A47C-DD7AE4B05267}
[2012.03.17 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{BDFD6ECE-37EB-42D3-9166-F4488740C877}
[2012.03.16 12:06:35 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5E438559-3856-4D19-806F-FDCC04D9BA51}
[2012.03.16 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{CB195FD8-FA41-4700-B65A-48D33D58F655}
[2012.03.15 13:21:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E8D5AB5A-CFB7-498A-9DD5-D0215EC3F8B9}
[2012.03.15 13:21:53 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D3505055-7AA5-4AA1-A2DB-547A3EA31DF3}
[2012.03.14 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{0ED2AF54-9DAE-48A8-9C93-06AE4E5F5213}
[2012.03.14 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5CA89D5A-ACC4-4329-94DE-2B111F61ADFD}
[2012.03.13 15:38:17 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{94B29E8E-25F8-4170-90A2-BC9975DBA02F}
[2012.03.13 15:38:15 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{DB5365FA-A11B-4827-90E1-DA4F90EDE0C4}
[2012.03.12 13:02:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D8C5DAB1-66A1-45A1-A22F-EE5D6F20421E}
[2012.03.12 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{E0EAAFFA-619E-4EBD-B6D6-36B42E174A9F}
[2012.03.07 13:22:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{70F768FF-3E4F-4662-9491-75005296BA39}
[2012.03.07 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{55540994-458E-4C4B-BCF9-5E737EAB20EB}
[2012.03.06 15:35:48 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{9E542BF3-6C19-4F21-8F26-51F45D4F0394}
[2012.03.06 15:35:46 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{2A3577A1-398F-4557-BC9E-2AFAD8407431}
[2012.03.06 00:00:49 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{5C425601-144C-4B59-9CEE-D75A1CC546E6}
[2012.03.05 11:48:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{C3291ABF-3314-4226-A3F1-5C3EDED730FC}
[2012.03.05 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{1F63E325-AA75-4707-B8ED-87125CB231B6}
[2012.03.04 17:07:21 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{90DB17D9-5472-4783-B68B-3E9C1B5E168C}
[2012.03.04 17:07:19 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{7D859632-159B-4FE9-8F8E-E61C4926B575}
[2012.03.04 02:59:53 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{6E7AB8D8-C1BF-48A3-9423-20E92C0389CE}
[2012.03.04 02:59:41 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{D6AC19D2-E43A-4351-992E-202664509F4E}
[2012.03.03 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{89A8AF1E-0ADE-4263-A78A-BE047EDC1B77}
[2012.03.03 14:59:22 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{B800525C-DE5B-4EEA-84A3-5B276D610241}
[2012.03.03 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{51F9B59C-9512-42D1-B9C2-FBFEA8D05315}
[2012.03.03 01:28:16 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{2ABFB055-A8E6-4456-9F87-3E021F2A3C52}
[2012.03.02 02:30:05 | 000,000,000 | ---D | C] -- C:\Users\Verena\Documents\Schlotta Studium
[2012.03.02 02:22:27 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{32AFF12A-2D81-42D9-9CCB-592AB679D865}
[2012.03.02 02:22:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\{DB385579-FB23-41D4-9953-EA7C495DFEC0}
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 22:16:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 18:16:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 18:06:12 | 000,222,101 | ---- | M] () -- C:\Users\Verena\Desktop\eset.png
[2012.03.30 18:05:36 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 18:05:36 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 18:03:50 | 003,522,350 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 18:03:50 | 001,480,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 18:03:50 | 001,047,326 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 18:03:50 | 000,933,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 18:03:50 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 17:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 17:58:12 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 13:47:14 | 000,009,342 | ---- | M] () -- C:\Users\Verena\Desktop\Logs Malwarebytes.zip
[2012.03.29 16:56:13 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.29 16:19:44 | 000,035,818 | ---- | M] () -- C:\Users\Verena\Desktop\Logfiles.zip
[2012.03.29 15:39:49 | 000,000,000 | ---- | M] () -- C:\Users\Verena\defogger_reenable
[2012.03.27 18:58:07 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.27 18:58:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.03.27 14:30:43 | 000,000,456 | ---- | M] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,264 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,176 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04Ar
[2012.03.27 12:47:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 11:43:19 | 539,522,007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.24 18:34:13 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012.03.18 18:00:29 | 000,002,742 | ---- | M] () -- C:\Users\Verena\Documents\instrus.dxp
[2012.03.18 17:33:07 | 000,001,362 | ---- | M] () -- C:\Users\Verena\Desktop\Free YouTube to MP3 Converter.lnk
[2012.03.15 19:40:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.14 21:44:26 | 002,350,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 21:52:36 | 000,001,276 | ---- | M] () -- C:\Users\Verena\Desktop\Free YouTube Download.lnk
[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.03.30 18:06:12 | 000,222,101 | ---- | C] () -- C:\Users\Verena\Desktop\eset.png
[2012.03.30 13:47:13 | 000,009,342 | ---- | C] () -- C:\Users\Verena\Desktop\Logs Malwarebytes.zip
[2012.03.29 16:19:44 | 000,035,818 | ---- | C] () -- C:\Users\Verena\Desktop\Logfiles.zip
[2012.03.29 15:39:49 | 000,000,000 | ---- | C] () -- C:\Users\Verena\defogger_reenable
[2012.03.27 18:58:18 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 18:58:12 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 18:58:07 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.27 18:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.03.27 15:34:49 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 14:23:39 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.27 14:23:39 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.03.27 14:23:39 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2012.03.27 14:23:39 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.27 14:23:39 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.27 14:23:38 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.03.27 14:23:38 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.27 14:23:38 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.27 14:23:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.27 14:23:38 | 000,001,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.27 14:23:38 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.27 14:23:38 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.27 14:23:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.27 14:23:38 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.27 14:23:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.27 14:23:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.27 14:23:37 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.03.27 14:23:37 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.27 14:23:35 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.03.27 14:23:35 | 000,002,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2012.03.27 14:23:35 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk
[2012.03.27 14:23:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.27 14:23:35 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.27 14:23:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.27 14:23:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.27 14:23:33 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.03.27 12:21:59 | 000,000,264 | ---- | C] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 12:21:59 | 000,000,176 | ---- | C] () -- C:\ProgramData\~eypiplihxRU04Ar
[2012.03.27 12:21:55 | 000,000,456 | ---- | C] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.24 18:34:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.03.18 17:28:24 | 000,002,742 | ---- | C] () -- C:\Users\Verena\Documents\instrus.dxp
[2012.03.15 19:40:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.05 01:35:36 | 000,001,276 | ---- | C] () -- C:\Users\Verena\Desktop\Free YouTube Download.lnk
[2011.10.12 11:13:55 | 000,005,120 | ---- | C] () -- C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.02 17:05:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.02 17:00:58 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.09.16 00:46:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011.09.15 21:38:13 | 000,000,421 | ---- | C] () -- C:\Program Files\Adobe CS3.lnk
[2011.07.07 10:53:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.07 10:45:52 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.07.07 10:44:39 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.07 10:44:38 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.07 10:44:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.07 10:44:36 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.07 10:40:18 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.04.09 20:49:45 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.02.22 16:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2011.12.23 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canneverbe Limited
[2012.03.18 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft
[2012.03.05 01:35:46 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 13:38:29 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ
[2011.12.24 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ScanSoft
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Synaptics
[2011.10.08 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Windows Live Writer
[2011.12.24 00:14:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zeon
[2011.09.03 22:37:00 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\_MDLogs
[2012.03.03 23:19:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.29 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Adobe
[2011.12.05 09:19:56 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Apple Computer
[2011.09.02 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ATI
[2011.10.02 17:55:03 | 000,000,000 | R--D | M] -- C:\Users\Verena\AppData\Roaming\Brother
[2011.12.23 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canneverbe Limited
[2011.09.10 13:11:31 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\CyberLink
[2011.09.16 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DivX
[2012.03.18 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft
[2012.03.05 01:35:46 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Hewlett-Packard
[2012.01.14 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\hpqlog
[2012.03.30 13:38:29 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ
[2011.09.02 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Identities
[2011.10.02 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\InstallShield
[2011.09.02 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Intel Corporation
[2011.09.02 18:38:15 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Macromedia
[2012.03.27 12:47:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Malwarebytes
[2011.07.07 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Media Center Programs
[2012.01.15 20:10:15 | 000,000,000 | --SD | M] -- C:\Users\Verena\AppData\Roaming\Microsoft
[2011.09.02 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Mozilla
[2011.12.24 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ScanSoft
[2012.03.30 15:18:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Skype
[2011.09.02 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Synaptics
[2011.12.04 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\vlc
[2011.10.08 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Windows Live Writer
[2011.12.24 00:14:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zeon
[2011.09.03 22:37:00 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2011.11.29 22:12:15 | 000,010,134 | R--- | M] () -- C:\Users\Verena\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX1\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Verena\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<            >

< End of report >
         

Alt 30.03.2012, 23:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
O3 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
[2012.03.27 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.27 14:30:43 | 000,000,456 | ---- | M] () -- C:\ProgramData\eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,264 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04A
[2012.03.27 14:30:22 | 000,000,176 | ---- | M] () -- C:\ProgramData\~eypiplihxRU04Ar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.03.2012, 20:42   #9
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Besten Dank dir!

Ich habe wie beim letzten Mal "Scanne alle Benutzer" und bei allen möglichen Feldern "Benutze SafeList" aktiviert. Ich hoffe das ist korrekt.

Aber du siehst ja auch sicherlich anhand der Logs ob ich die Häkchen richtig gesetzt habe!?

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1938355905-3105704289-2259580596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\eypiplihxRU04A moved successfully.
C:\ProgramData\~eypiplihxRU04A moved successfully.
C:\ProgramData\~eypiplihxRU04Ar moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Verena
->Temp folder emptied: 219675925 bytes
->Temporary Internet Files folder emptied: 396807606 bytes
->Java cache emptied: 1042994 bytes
->FireFox cache emptied: 49863075 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164836053 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 12757 bytes
 
Total Files Cleaned = 794,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Verena
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03312012_212714

Files\Folders moved on Reboot...
C:\Users\Verena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 02.04.2012, 10:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2012, 09:14   #11
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Danke für die Mühen!

Oh, oh, es wurden 2 verdächtige Objekte gefunden.

Code:
ATTFilter
10:03:00.0738 6112	TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
10:03:00.0863 6112	============================================================
10:03:00.0863 6112	Current date / time: 2012/04/03 10:03:00.0863
10:03:00.0863 6112	SystemInfo:
10:03:00.0863 6112	
10:03:00.0863 6112	OS Version: 6.1.7601 ServicePack: 1.0
10:03:00.0863 6112	Product type: Workstation
10:03:00.0863 6112	ComputerName: ANTONHP
10:03:00.0863 6112	UserName: Verena
10:03:00.0863 6112	Windows directory: C:\Windows
10:03:00.0863 6112	System windows directory: C:\Windows
10:03:00.0863 6112	Running under WOW64
10:03:00.0863 6112	Processor architecture: Intel x64
10:03:00.0863 6112	Number of processors: 4
10:03:00.0863 6112	Page size: 0x1000
10:03:00.0863 6112	Boot type: Normal boot
10:03:00.0863 6112	============================================================
10:03:02.0001 6112	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:03:02.0017 6112	\Device\Harddisk0\DR0:
10:03:02.0017 6112	MBR used
10:03:02.0017 6112	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:03:02.0017 6112	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55672800
10:03:02.0017 6112	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x556D6800, BlocksNum 0x1E3C000
10:03:02.0017 6112	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
10:03:02.0267 6112	Initialize success
10:03:02.0267 6112	============================================================
10:05:34.0941 1784	============================================================
10:05:34.0941 1784	Scan started
10:05:34.0941 1784	Mode: Manual; SigCheck; TDLFS; 
10:05:34.0941 1784	============================================================
10:05:35.0331 1784	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:05:35.0472 1784	1394ohci - ok
10:05:35.0581 1784	Accelerometer   (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:05:35.0628 1784	Accelerometer - ok
10:05:35.0737 1784	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:05:35.0768 1784	ACPI - ok
10:05:35.0862 1784	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:05:35.0924 1784	AcpiPmi - ok
10:05:36.0033 1784	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:05:36.0049 1784	AdobeARMservice - ok
10:05:36.0158 1784	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:05:36.0205 1784	adp94xx - ok
10:05:36.0314 1784	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:05:36.0345 1784	adpahci - ok
10:05:36.0439 1784	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:05:36.0470 1784	adpu320 - ok
10:05:36.0548 1784	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:05:36.0642 1784	AeLookupSvc - ok
10:05:36.0720 1784	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:05:36.0798 1784	AESTFilters - ok
10:05:36.0891 1784	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:05:36.0969 1784	AFD - ok
10:05:37.0047 1784	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:05:37.0079 1784	agp440 - ok
10:05:37.0157 1784	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:05:37.0203 1784	ALG - ok
10:05:37.0297 1784	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:05:37.0328 1784	aliide - ok
10:05:37.0406 1784	AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe
10:05:37.0469 1784	AMD External Events Utility - ok
10:05:37.0562 1784	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:05:37.0593 1784	amdide - ok
10:05:37.0703 1784	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:05:37.0749 1784	AmdK8 - ok
10:05:38.0077 1784	amdkmdag        (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys
10:05:38.0451 1784	amdkmdag - ok
10:05:38.0561 1784	amdkmdap        (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys
10:05:38.0607 1784	amdkmdap - ok
10:05:38.0701 1784	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:05:38.0748 1784	AmdPPM - ok
10:05:38.0841 1784	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:05:38.0873 1784	amdsata - ok
10:05:38.0966 1784	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:05:38.0997 1784	amdsbs - ok
10:05:39.0153 1784	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:05:39.0169 1784	amdxata - ok
10:05:39.0309 1784	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:05:39.0372 1784	AppID - ok
10:05:39.0465 1784	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:05:39.0543 1784	AppIDSvc - ok
10:05:39.0637 1784	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:05:39.0715 1784	Appinfo - ok
10:05:39.0824 1784	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:05:39.0855 1784	arc - ok
10:05:39.0949 1784	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:05:39.0980 1784	arcsas - ok
10:05:40.0074 1784	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
10:05:40.0089 1784	aswFsBlk - ok
10:05:40.0199 1784	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
10:05:40.0230 1784	aswMonFlt - ok
10:05:40.0323 1784	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
10:05:40.0339 1784	aswRdr - ok
10:05:40.0479 1784	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
10:05:40.0542 1784	aswSnx - ok
10:05:40.0635 1784	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
10:05:40.0667 1784	aswSP - ok
10:05:40.0760 1784	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
10:05:40.0776 1784	aswTdi - ok
10:05:40.0869 1784	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:05:40.0947 1784	AsyncMac - ok
10:05:41.0041 1784	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:05:41.0072 1784	atapi - ok
10:05:41.0197 1784	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:05:41.0306 1784	AudioEndpointBuilder - ok
10:05:41.0353 1784	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:05:41.0400 1784	AudioSrv - ok
10:05:41.0447 1784	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:05:41.0478 1784	avast! Antivirus - ok
10:05:41.0571 1784	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:05:41.0634 1784	AxInstSV - ok
10:05:41.0727 1784	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:05:41.0790 1784	b06bdrv - ok
10:05:41.0883 1784	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:05:41.0930 1784	b57nd60a - ok
10:05:42.0102 1784	BCM43XX         (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:05:42.0164 1784	BCM43XX - ok
10:05:42.0242 1784	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:05:42.0305 1784	BDESVC - ok
10:05:42.0398 1784	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:05:42.0492 1784	Beep - ok
10:05:42.0632 1784	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:05:42.0757 1784	BFE - ok
10:05:42.0851 1784	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:05:43.0007 1784	BITS - ok
10:05:43.0100 1784	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:05:43.0147 1784	blbdrive - ok
10:05:43.0194 1784	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:05:43.0225 1784	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
10:05:43.0225 1784	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
10:05:43.0303 1784	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:05:43.0350 1784	bowser - ok
10:05:43.0443 1784	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:05:43.0506 1784	BrFiltLo - ok
10:05:43.0584 1784	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:05:43.0631 1784	BrFiltUp - ok
10:05:43.0724 1784	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:05:43.0818 1784	Browser - ok
10:05:43.0927 1784	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:05:43.0989 1784	Brserid - ok
10:05:44.0083 1784	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:05:44.0177 1784	BrSerWdm - ok
10:05:44.0270 1784	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:05:44.0317 1784	BrUsbMdm - ok
10:05:44.0411 1784	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:05:44.0442 1784	BrUsbSer - ok
10:05:44.0535 1784	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:05:44.0582 1784	BTHMODEM - ok
10:05:44.0676 1784	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:05:44.0754 1784	bthserv - ok
10:05:44.0847 1784	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:05:44.0941 1784	cdfs - ok
10:05:45.0035 1784	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:05:45.0097 1784	cdrom - ok
10:05:45.0191 1784	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:05:45.0269 1784	CertPropSvc - ok
10:05:45.0362 1784	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:05:45.0409 1784	circlass - ok
10:05:45.0503 1784	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:05:45.0534 1784	CLFS - ok
10:05:45.0627 1784	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:05:45.0643 1784	clr_optimization_v2.0.50727_32 - ok
10:05:45.0752 1784	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:05:45.0768 1784	clr_optimization_v2.0.50727_64 - ok
10:05:45.0908 1784	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:05:45.0924 1784	clr_optimization_v4.0.30319_32 - ok
10:05:46.0080 1784	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:05:46.0111 1784	clr_optimization_v4.0.30319_64 - ok
10:05:46.0205 1784	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:05:46.0220 1784	clwvd - ok
10:05:46.0314 1784	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:05:46.0376 1784	CmBatt - ok
10:05:46.0454 1784	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:05:46.0485 1784	cmdide - ok
10:05:46.0579 1784	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:05:46.0657 1784	CNG - ok
10:05:46.0735 1784	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:05:46.0766 1784	Compbatt - ok
10:05:46.0860 1784	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:05:46.0907 1784	CompositeBus - ok
10:05:46.0969 1784	COMSysApp - ok
10:05:47.0063 1784	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:05:47.0094 1784	crcdisk - ok
10:05:47.0187 1784	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:05:47.0281 1784	CryptSvc - ok
10:05:47.0390 1784	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:05:47.0499 1784	DcomLaunch - ok
10:05:47.0593 1784	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:05:47.0702 1784	defragsvc - ok
10:05:47.0811 1784	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:05:47.0921 1784	DfsC - ok
10:05:47.0999 1784	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:05:48.0108 1784	Dhcp - ok
10:05:48.0186 1784	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:05:48.0279 1784	discache - ok
10:05:48.0389 1784	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:05:48.0420 1784	Disk - ok
10:05:48.0498 1784	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:05:48.0560 1784	Dnscache - ok
10:05:48.0638 1784	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:05:48.0732 1784	dot3svc - ok
10:05:48.0810 1784	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:05:48.0888 1784	DPS - ok
10:05:48.0981 1784	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:05:49.0028 1784	drmkaud - ok
10:05:49.0169 1784	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:05:49.0215 1784	DXGKrnl - ok
10:05:49.0293 1784	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:05:49.0387 1784	EapHost - ok
10:05:49.0559 1784	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:05:49.0683 1784	ebdrv - ok
10:05:49.0761 1784	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:05:49.0808 1784	EFS - ok
10:05:49.0917 1784	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:05:49.0995 1784	ehRecvr - ok
10:05:50.0073 1784	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:05:50.0120 1784	ehSched - ok
10:05:50.0214 1784	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:05:50.0261 1784	elxstor - ok
10:05:50.0354 1784	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:05:50.0385 1784	ErrDev - ok
10:05:50.0495 1784	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:05:50.0588 1784	EventSystem - ok
10:05:50.0682 1784	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:05:50.0760 1784	exfat - ok
10:05:50.0853 1784	ezSharedSvc - ok
10:05:50.0900 1784	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:05:50.0994 1784	fastfat - ok
10:05:51.0087 1784	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:05:51.0165 1784	Fax - ok
10:05:51.0243 1784	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:05:51.0290 1784	fdc - ok
10:05:51.0384 1784	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:05:51.0462 1784	fdPHost - ok
10:05:51.0540 1784	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:05:51.0633 1784	FDResPub - ok
10:05:51.0711 1784	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:05:51.0743 1784	FileInfo - ok
10:05:51.0821 1784	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:05:51.0930 1784	Filetrace - ok
10:05:51.0977 1784	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:05:52.0023 1784	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:05:52.0023 1784	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:05:52.0086 1784	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:05:52.0133 1784	flpydisk - ok
10:05:52.0226 1784	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:05:52.0273 1784	FltMgr - ok
10:05:52.0382 1784	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:05:52.0445 1784	FontCache - ok
10:05:52.0538 1784	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:05:52.0569 1784	FontCache3.0.0.0 - ok
10:05:52.0647 1784	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:05:52.0679 1784	FsDepends - ok
10:05:52.0757 1784	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:05:52.0788 1784	Fs_Rec - ok
10:05:52.0881 1784	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:05:52.0913 1784	fvevol - ok
10:05:52.0991 1784	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:05:53.0022 1784	gagp30kx - ok
10:05:53.0162 1784	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:05:53.0240 1784	gpsvc - ok
10:05:53.0334 1784	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:53.0349 1784	gupdate - ok
10:05:53.0396 1784	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:53.0412 1784	gupdatem - ok
10:05:53.0490 1784	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:05:53.0537 1784	hcw85cir - ok
10:05:53.0630 1784	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:05:53.0693 1784	HdAudAddService - ok
10:05:53.0802 1784	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:05:53.0849 1784	HDAudBus - ok
10:05:53.0927 1784	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:05:53.0973 1784	HidBatt - ok
10:05:54.0067 1784	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:05:54.0114 1784	HidBth - ok
10:05:54.0207 1784	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:05:54.0254 1784	HidIr - ok
10:05:54.0332 1784	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:05:54.0426 1784	hidserv - ok
10:05:54.0519 1784	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:05:54.0551 1784	HidUsb - ok
10:05:54.0644 1784	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:05:54.0738 1784	hkmsvc - ok
10:05:54.0816 1784	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:05:54.0878 1784	HomeGroupListener - ok
10:05:54.0972 1784	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:05:55.0019 1784	HomeGroupProvider - ok
10:05:55.0112 1784	HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:05:55.0143 1784	HP Health Check Service - ok
10:05:55.0190 1784	HPClientSvc     (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:05:55.0221 1784	HPClientSvc - ok
10:05:55.0346 1784	hpCMSrv         (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:05:55.0409 1784	hpCMSrv - ok
10:05:55.0502 1784	HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:05:55.0518 1784	HPDrvMntSvc.exe - ok
10:05:55.0611 1784	hpdskflt        (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:05:55.0627 1784	hpdskflt - ok
10:05:55.0721 1784	hpqwmiex        (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:05:55.0767 1784	hpqwmiex - ok
10:05:55.0861 1784	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:05:55.0877 1784	HpSAMD - ok
10:05:55.0970 1784	hpsrv           (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe
10:05:55.0986 1784	hpsrv - ok
10:05:56.0048 1784	HPWMISVC        (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:05:56.0064 1784	HPWMISVC - ok
10:05:56.0157 1784	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:05:56.0267 1784	HTTP - ok
10:05:56.0360 1784	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:05:56.0391 1784	hwpolicy - ok
10:05:56.0485 1784	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:05:56.0516 1784	i8042prt - ok
10:05:56.0610 1784	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
10:05:56.0641 1784	iaStor - ok
10:05:56.0781 1784	IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:05:56.0797 1784	IAStorDataMgrSvc - ok
10:05:56.0906 1784	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:05:56.0937 1784	iaStorV - ok
10:05:57.0062 1784	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:05:57.0109 1784	idsvc - ok
10:05:57.0203 1784	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:05:57.0234 1784	iirsp - ok
10:05:57.0327 1784	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:05:57.0437 1784	IKEEXT - ok
10:05:57.0530 1784	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:05:57.0577 1784	IntcDAud - ok
10:05:57.0655 1784	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:05:57.0671 1784	intelide - ok
10:05:58.0045 1784	intelkmd        (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys
10:05:58.0357 1784	intelkmd - ok
10:05:58.0466 1784	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:05:58.0497 1784	intelppm - ok
10:05:58.0591 1784	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:05:58.0685 1784	IPBusEnum - ok
10:05:58.0778 1784	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:05:58.0841 1784	IpFilterDriver - ok
10:05:58.0950 1784	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:05:59.0059 1784	iphlpsvc - ok
10:05:59.0137 1784	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:05:59.0199 1784	IPMIDRV - ok
10:05:59.0277 1784	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:05:59.0387 1784	IPNAT - ok
10:05:59.0480 1784	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:05:59.0527 1784	IRENUM - ok
10:05:59.0605 1784	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:05:59.0636 1784	isapnp - ok
10:05:59.0714 1784	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:05:59.0761 1784	iScsiPrt - ok
10:05:59.0839 1784	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:05:59.0855 1784	kbdclass - ok
10:05:59.0948 1784	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:05:59.0979 1784	kbdhid - ok
10:06:00.0073 1784	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:00.0120 1784	KeyIso - ok
10:06:00.0213 1784	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:06:00.0229 1784	KSecDD - ok
10:06:00.0338 1784	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:06:00.0369 1784	KSecPkg - ok
10:06:00.0463 1784	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:06:00.0557 1784	ksthunk - ok
10:06:00.0650 1784	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:06:00.0759 1784	KtmRm - ok
10:06:00.0869 1784	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:06:00.0978 1784	LanmanServer - ok
10:06:01.0056 1784	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:06:01.0149 1784	LanmanWorkstation - ok
10:06:01.0243 1784	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:06:01.0337 1784	lltdio - ok
10:06:01.0415 1784	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:06:01.0493 1784	lltdsvc - ok
10:06:01.0571 1784	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:06:01.0680 1784	lmhosts - ok
10:06:01.0758 1784	LMS             (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:06:01.0789 1784	LMS - ok
10:06:01.0883 1784	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:06:01.0914 1784	LSI_FC - ok
10:06:02.0007 1784	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:06:02.0039 1784	LSI_SAS - ok
10:06:02.0132 1784	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:06:02.0148 1784	LSI_SAS2 - ok
10:06:02.0257 1784	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:06:02.0288 1784	LSI_SCSI - ok
10:06:02.0382 1784	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:06:02.0460 1784	luafv - ok
10:06:02.0538 1784	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:06:02.0600 1784	Mcx2Svc - ok
10:06:02.0663 1784	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:06:02.0694 1784	megasas - ok
10:06:02.0819 1784	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:06:02.0850 1784	MegaSR - ok
10:06:02.0943 1784	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:06:02.0975 1784	MEIx64 - ok
10:06:03.0068 1784	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:06:03.0084 1784	Microsoft Office Groove Audit Service - ok
10:06:03.0162 1784	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:06:03.0271 1784	MMCSS - ok
10:06:03.0365 1784	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:06:03.0458 1784	Modem - ok
10:06:03.0552 1784	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:06:03.0599 1784	monitor - ok
10:06:03.0692 1784	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:06:03.0723 1784	mouclass - ok
10:06:03.0817 1784	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:06:03.0864 1784	mouhid - ok
10:06:03.0942 1784	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:06:03.0973 1784	mountmgr - ok
10:06:04.0067 1784	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:06:04.0098 1784	mpio - ok
10:06:04.0191 1784	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:06:04.0269 1784	mpsdrv - ok
10:06:04.0347 1784	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:06:04.0457 1784	MpsSvc - ok
10:06:04.0550 1784	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:06:04.0613 1784	MRxDAV - ok
10:06:04.0706 1784	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:06:04.0753 1784	mrxsmb - ok
10:06:04.0847 1784	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:06:04.0878 1784	mrxsmb10 - ok
10:06:04.0971 1784	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:06:05.0003 1784	mrxsmb20 - ok
10:06:05.0096 1784	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:06:05.0112 1784	msahci - ok
10:06:05.0205 1784	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:06:05.0237 1784	msdsm - ok
10:06:05.0299 1784	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:06:05.0346 1784	MSDTC - ok
10:06:05.0455 1784	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:06:05.0517 1784	Msfs - ok
10:06:05.0595 1784	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:06:05.0673 1784	mshidkmdf - ok
10:06:05.0751 1784	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:06:05.0783 1784	msisadrv - ok
10:06:05.0876 1784	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:06:05.0954 1784	MSiSCSI - ok
10:06:06.0001 1784	msiserver - ok
10:06:06.0095 1784	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:06:06.0204 1784	MSKSSRV - ok
10:06:06.0297 1784	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:06:06.0391 1784	MSPCLOCK - ok
10:06:06.0500 1784	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:06:06.0578 1784	MSPQM - ok
10:06:06.0672 1784	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:06:06.0719 1784	MsRPC - ok
10:06:06.0797 1784	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:06:06.0828 1784	mssmbios - ok
10:06:06.0921 1784	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:06:06.0999 1784	MSTEE - ok
10:06:07.0077 1784	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:06:07.0124 1784	MTConfig - ok
10:06:07.0202 1784	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:06:07.0218 1784	Mup - ok
10:06:07.0311 1784	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:06:07.0421 1784	napagent - ok
10:06:07.0530 1784	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:06:07.0592 1784	NativeWifiP - ok
10:06:07.0717 1784	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:06:07.0764 1784	NDIS - ok
10:06:07.0857 1784	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:06:07.0935 1784	NdisCap - ok
10:06:08.0045 1784	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:06:08.0107 1784	NdisTapi - ok
10:06:08.0201 1784	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:06:08.0294 1784	Ndisuio - ok
10:06:08.0372 1784	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:06:08.0466 1784	NdisWan - ok
10:06:08.0591 1784	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:06:08.0684 1784	NDProxy - ok
10:06:08.0762 1784	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:06:08.0856 1784	NetBIOS - ok
10:06:08.0949 1784	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:06:09.0012 1784	NetBT - ok
10:06:09.0105 1784	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:09.0137 1784	Netlogon - ok
10:06:09.0230 1784	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:06:09.0339 1784	Netman - ok
10:06:09.0417 1784	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:06:09.0495 1784	netprofm - ok
10:06:09.0605 1784	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:06:09.0636 1784	NetTcpPortSharing - ok
10:06:09.0714 1784	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:06:09.0745 1784	nfrd960 - ok
10:06:09.0839 1784	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:06:09.0932 1784	NlaSvc - ok
10:06:10.0026 1784	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:06:10.0057 1784	Npfs - ok
10:06:10.0135 1784	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:06:10.0213 1784	nsi - ok
10:06:10.0291 1784	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:06:10.0385 1784	nsiproxy - ok
10:06:10.0509 1784	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:06:10.0572 1784	Ntfs - ok
10:06:10.0650 1784	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:06:10.0743 1784	Null - ok
10:06:10.0837 1784	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:06:10.0899 1784	NVENETFD - ok
10:06:11.0009 1784	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:06:11.0040 1784	nvraid - ok
10:06:11.0149 1784	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:06:11.0196 1784	nvstor - ok
10:06:11.0274 1784	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:06:11.0305 1784	nv_agp - ok
10:06:11.0399 1784	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:06:11.0430 1784	odserv - ok
10:06:11.0523 1784	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:06:11.0570 1784	ohci1394 - ok
10:06:11.0648 1784	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:06:11.0679 1784	ose - ok
10:06:11.0773 1784	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:06:11.0835 1784	p2pimsvc - ok
10:06:11.0929 1784	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:06:11.0976 1784	p2psvc - ok
10:06:12.0054 1784	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:06:12.0101 1784	Parport - ok
10:06:12.0194 1784	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:06:12.0225 1784	partmgr - ok
10:06:12.0303 1784	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:06:12.0366 1784	PcaSvc - ok
10:06:12.0459 1784	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:06:12.0491 1784	pci - ok
10:06:12.0584 1784	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:06:12.0600 1784	pciide - ok
10:06:12.0693 1784	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:06:12.0740 1784	pcmcia - ok
10:06:12.0803 1784	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:06:12.0834 1784	pcw - ok
10:06:12.0943 1784	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:06:13.0068 1784	PEAUTH - ok
10:06:13.0161 1784	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:06:13.0193 1784	PerfHost - ok
10:06:13.0317 1784	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:06:13.0411 1784	pla - ok
10:06:13.0520 1784	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:06:13.0598 1784	PlugPlay - ok
10:06:13.0661 1784	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:06:13.0723 1784	PNRPAutoReg - ok
10:06:13.0801 1784	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:06:13.0848 1784	PNRPsvc - ok
10:06:13.0941 1784	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:06:14.0035 1784	PolicyAgent - ok
10:06:14.0129 1784	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:06:14.0238 1784	Power - ok
10:06:14.0331 1784	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:06:14.0441 1784	PptpMiniport - ok
10:06:14.0519 1784	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:06:14.0565 1784	Processor - ok
10:06:14.0659 1784	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:06:14.0768 1784	ProfSvc - ok
10:06:14.0846 1784	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:14.0877 1784	ProtectedStorage - ok
10:06:14.0971 1784	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:06:15.0049 1784	Psched - ok
10:06:15.0158 1784	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:06:15.0236 1784	ql2300 - ok
10:06:15.0330 1784	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:06:15.0361 1784	ql40xx - ok
10:06:15.0439 1784	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:06:15.0501 1784	QWAVE - ok
10:06:15.0579 1784	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:06:15.0626 1784	QWAVEdrv - ok
10:06:15.0704 1784	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:06:15.0782 1784	RasAcd - ok
10:06:15.0876 1784	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:06:15.0954 1784	RasAgileVpn - ok
10:06:16.0047 1784	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:06:16.0141 1784	RasAuto - ok
10:06:16.0235 1784	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:06:16.0344 1784	Rasl2tp - ok
10:06:16.0437 1784	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:06:16.0547 1784	RasMan - ok
10:06:16.0640 1784	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:06:16.0749 1784	RasPppoe - ok
10:06:16.0859 1784	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:06:16.0952 1784	RasSstp - ok
10:06:17.0061 1784	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:06:17.0171 1784	rdbss - ok
10:06:17.0249 1784	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:06:17.0296 1784	rdpbus - ok
10:06:17.0389 1784	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:06:17.0467 1784	RDPCDD - ok
10:06:17.0561 1784	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:06:17.0639 1784	RDPENCDD - ok
10:06:17.0748 1784	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:06:17.0810 1784	RDPREFMP - ok
10:06:17.0904 1784	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:06:17.0951 1784	RDPWD - ok
10:06:18.0060 1784	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:06:18.0091 1784	rdyboost - ok
10:06:18.0154 1784	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:06:18.0247 1784	RemoteAccess - ok
10:06:18.0341 1784	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:06:18.0450 1784	RemoteRegistry - ok
10:06:18.0528 1784	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:06:18.0606 1784	RpcEptMapper - ok
10:06:18.0684 1784	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:06:18.0746 1784	RpcLocator - ok
10:06:18.0871 1784	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:06:18.0965 1784	RpcSs - ok
10:06:19.0074 1784	RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
10:06:19.0105 1784	RSPCIESTOR - ok
10:06:19.0199 1784	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:06:19.0292 1784	rspndr - ok
10:06:19.0386 1784	RTL8167         (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:06:19.0417 1784	RTL8167 - ok
10:06:19.0526 1784	RTL8187B        (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
10:06:19.0573 1784	RTL8187B - ok
10:06:19.0651 1784	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:19.0682 1784	SamSs - ok
10:06:19.0760 1784	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:06:19.0792 1784	sbp2port - ok
10:06:19.0870 1784	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:06:19.0963 1784	SCardSvr - ok
10:06:20.0041 1784	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:06:20.0119 1784	scfilter - ok
10:06:20.0228 1784	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:06:20.0369 1784	Schedule - ok
10:06:20.0462 1784	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:06:20.0525 1784	SCPolicySvc - ok
10:06:20.0618 1784	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
10:06:20.0681 1784	sdbus - ok
10:06:20.0759 1784	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:06:20.0821 1784	SDRSVC - ok
10:06:20.0915 1784	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:06:21.0008 1784	secdrv - ok
10:06:21.0086 1784	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:06:21.0180 1784	seclogon - ok
10:06:21.0274 1784	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:06:21.0367 1784	SENS - ok
10:06:21.0461 1784	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:06:21.0508 1784	SensrSvc - ok
10:06:21.0617 1784	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:06:21.0664 1784	Serenum - ok
10:06:21.0757 1784	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:06:21.0804 1784	Serial - ok
10:06:21.0913 1784	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:06:21.0960 1784	sermouse - ok
10:06:22.0038 1784	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:06:22.0132 1784	SessionEnv - ok
10:06:22.0225 1784	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:06:22.0256 1784	sffdisk - ok
10:06:22.0350 1784	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:06:22.0397 1784	sffp_mmc - ok
10:06:22.0475 1784	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:06:22.0522 1784	sffp_sd - ok
10:06:22.0615 1784	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:06:22.0646 1784	sfloppy - ok
10:06:22.0740 1784	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:06:22.0834 1784	SharedAccess - ok
10:06:22.0927 1784	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:06:23.0036 1784	ShellHWDetection - ok
10:06:23.0130 1784	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:06:23.0161 1784	SiSRaid2 - ok
10:06:23.0224 1784	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:06:23.0255 1784	SiSRaid4 - ok
10:06:23.0348 1784	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:06:23.0426 1784	Smb - ok
10:06:23.0520 1784	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:06:23.0567 1784	SNMPTRAP - ok
10:06:23.0660 1784	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:06:23.0676 1784	spldr - ok
10:06:23.0785 1784	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:06:23.0879 1784	Spooler - ok
10:06:24.0035 1784	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:06:24.0206 1784	sppsvc - ok
10:06:24.0269 1784	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:06:24.0362 1784	sppuinotify - ok
10:06:24.0456 1784	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:06:24.0518 1784	srv - ok
10:06:24.0612 1784	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:06:24.0659 1784	srv2 - ok
10:06:24.0768 1784	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:06:24.0815 1784	SrvHsfHDA - ok
10:06:24.0924 1784	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:06:25.0002 1784	SrvHsfV92 - ok
10:06:25.0096 1784	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:06:25.0158 1784	SrvHsfWinac - ok
10:06:25.0252 1784	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:06:25.0283 1784	srvnet - ok
10:06:25.0361 1784	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:06:25.0454 1784	SSDPSRV - ok
10:06:25.0532 1784	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:06:25.0642 1784	SstpSvc - ok
10:06:25.0720 1784	STacSV          (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
10:06:25.0766 1784	STacSV - ok
10:06:25.0844 1784	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:06:25.0876 1784	stexstor - ok
10:06:25.0985 1784	STHDA           (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
10:06:26.0063 1784	STHDA - ok
10:06:26.0156 1784	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:06:26.0234 1784	stisvc - ok
10:06:26.0312 1784	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:06:26.0328 1784	swenum - ok
10:06:26.0406 1784	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:06:26.0531 1784	swprv - ok
10:06:26.0656 1784	SynTP           (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
10:06:26.0702 1784	SynTP - ok
10:06:26.0827 1784	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:06:26.0936 1784	SysMain - ok
10:06:27.0014 1784	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:06:27.0077 1784	TabletInputService - ok
10:06:27.0155 1784	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:06:27.0233 1784	TapiSrv - ok
10:06:27.0311 1784	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:06:27.0373 1784	TBS - ok
10:06:27.0514 1784	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:06:27.0607 1784	Tcpip - ok
10:06:27.0732 1784	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:06:27.0794 1784	TCPIP6 - ok
10:06:27.0872 1784	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:06:27.0950 1784	tcpipreg - ok
10:06:28.0044 1784	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:06:28.0091 1784	TDPIPE - ok
10:06:28.0200 1784	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:06:28.0231 1784	TDTCP - ok
10:06:28.0309 1784	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:06:28.0403 1784	tdx - ok
10:06:28.0496 1784	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:06:28.0512 1784	TermDD - ok
10:06:28.0621 1784	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:06:28.0730 1784	TermService - ok
10:06:28.0808 1784	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:06:28.0855 1784	Themes - ok
10:06:28.0933 1784	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:06:29.0027 1784	THREADORDER - ok
10:06:29.0089 1784	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:06:29.0198 1784	TrkWks - ok
10:06:29.0261 1784	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:06:29.0354 1784	TrustedInstaller - ok
10:06:29.0448 1784	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:06:29.0542 1784	tssecsrv - ok
10:06:29.0635 1784	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:06:29.0682 1784	TsUsbFlt - ok
10:06:29.0760 1784	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:06:29.0791 1784	TsUsbGD - ok
10:06:29.0900 1784	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:06:30.0010 1784	tunnel - ok
10:06:30.0088 1784	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:06:30.0119 1784	uagp35 - ok
10:06:30.0228 1784	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:06:30.0337 1784	udfs - ok
10:06:30.0400 1784	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:06:30.0446 1784	UI0Detect - ok
10:06:30.0524 1784	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:06:30.0556 1784	uliagpkx - ok
10:06:30.0649 1784	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:06:30.0696 1784	umbus - ok
10:06:30.0790 1784	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:06:30.0852 1784	UmPass - ok
10:06:31.0008 1784	UNS             (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:06:31.0070 1784	UNS - ok
10:06:31.0148 1784	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:06:31.0258 1784	upnphost - ok
10:06:31.0351 1784	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:06:31.0382 1784	usbccgp - ok
10:06:31.0476 1784	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:06:31.0523 1784	usbcir - ok
10:06:31.0601 1784	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:06:31.0663 1784	usbehci - ok
10:06:31.0757 1784	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:06:31.0819 1784	usbhub - ok
10:06:31.0897 1784	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:06:31.0944 1784	usbohci - ok
10:06:32.0038 1784	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:06:32.0084 1784	usbprint - ok
10:06:32.0162 1784	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:06:32.0194 1784	usbscan - ok
10:06:32.0272 1784	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:06:32.0303 1784	USBSTOR - ok
10:06:32.0381 1784	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:06:32.0412 1784	usbuhci - ok
10:06:32.0506 1784	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:06:32.0537 1784	usbvideo - ok
10:06:32.0599 1784	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:06:32.0646 1784	UxSms - ok
10:06:32.0740 1784	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:06:32.0771 1784	VaultSvc - ok
10:06:32.0849 1784	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:06:32.0880 1784	vdrvroot - ok
10:06:32.0958 1784	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:06:33.0052 1784	vds - ok
10:06:33.0145 1784	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:06:33.0176 1784	vga - ok
10:06:33.0270 1784	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:06:33.0332 1784	VgaSave - ok
10:06:33.0426 1784	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:06:33.0457 1784	vhdmp - ok
10:06:33.0551 1784	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:06:33.0582 1784	viaide - ok
10:06:33.0676 1784	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:06:33.0691 1784	volmgr - ok
10:06:33.0785 1784	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:06:33.0832 1784	volmgrx - ok
10:06:33.0925 1784	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:06:33.0956 1784	volsnap - ok
10:06:34.0050 1784	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:06:34.0081 1784	vsmraid - ok
10:06:34.0175 1784	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:06:34.0315 1784	VSS - ok
10:06:34.0393 1784	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:06:34.0440 1784	vwifibus - ok
10:06:34.0549 1784	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:06:34.0612 1784	vwififlt - ok
10:06:34.0705 1784	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:06:34.0752 1784	vwifimp - ok
10:06:34.0830 1784	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:06:34.0924 1784	W32Time - ok
10:06:35.0002 1784	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:06:35.0048 1784	WacomPen - ok
10:06:35.0142 1784	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:06:35.0251 1784	WANARP - ok
10:06:35.0282 1784	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:06:35.0360 1784	Wanarpv6 - ok
10:06:35.0454 1784	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:06:35.0548 1784	wbengine - ok
10:06:35.0626 1784	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:06:35.0672 1784	WbioSrvc - ok
10:06:35.0766 1784	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:06:35.0828 1784	wcncsvc - ok
10:06:35.0906 1784	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:06:35.0953 1784	WcsPlugInService - ok
10:06:36.0031 1784	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:06:36.0062 1784	Wd - ok
10:06:36.0172 1784	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:06:36.0218 1784	Wdf01000 - ok
10:06:36.0296 1784	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:06:36.0359 1784	WdiServiceHost - ok
10:06:36.0374 1784	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:06:36.0406 1784	WdiSystemHost - ok
10:06:36.0484 1784	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:06:36.0562 1784	WebClient - ok
10:06:36.0624 1784	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:06:36.0702 1784	Wecsvc - ok
10:06:36.0780 1784	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:06:36.0858 1784	wercplsupport - ok
10:06:36.0952 1784	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:06:37.0030 1784	WerSvc - ok
10:06:37.0123 1784	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:06:37.0201 1784	WfpLwf - ok
10:06:37.0420 1784	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:06:37.0451 1784	WIMMount - ok
10:06:37.0466 1784	WinDefend - ok
10:06:37.0482 1784	WinHttpAutoProxySvc - ok
10:06:37.0591 1784	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:06:37.0685 1784	Winmgmt - ok
10:06:37.0794 1784	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:06:37.0888 1784	WinRM - ok
10:06:38.0028 1784	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:06:38.0075 1784	WinUsb - ok
10:06:38.0184 1784	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:06:38.0262 1784	Wlansvc - ok
10:06:38.0324 1784	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:06:38.0340 1784	wlcrasvc - ok
10:06:38.0480 1784	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:06:38.0590 1784	wlidsvc - ok
10:06:38.0683 1784	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:06:38.0730 1784	WmiAcpi - ok
10:06:38.0824 1784	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:06:38.0886 1784	wmiApSrv - ok
10:06:38.0933 1784	WMPNetworkSvc - ok
10:06:39.0026 1784	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:06:39.0058 1784	WPCSvc - ok
10:06:39.0136 1784	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:06:39.0182 1784	WPDBusEnum - ok
10:06:39.0276 1784	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:06:39.0338 1784	ws2ifsl - ok
10:06:39.0416 1784	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:06:39.0463 1784	wscsvc - ok
10:06:39.0510 1784	WSearch - ok
10:06:39.0604 1784	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:06:39.0728 1784	wuauserv - ok
10:06:39.0806 1784	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:06:39.0900 1784	WudfPf - ok
10:06:40.0009 1784	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:06:40.0087 1784	WUDFRd - ok
10:06:40.0181 1784	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:06:40.0259 1784	wudfsvc - ok
10:06:40.0337 1784	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:06:40.0399 1784	WwanSvc - ok
10:06:40.0446 1784	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:06:40.0586 1784	\Device\Harddisk0\DR0 - ok
10:06:40.0586 1784	Boot (0x1200)   (9bc5c6090102e8ead8bbbd374367bac1) \Device\Harddisk0\DR0\Partition0
10:06:40.0586 1784	\Device\Harddisk0\DR0\Partition0 - ok
10:06:40.0618 1784	Boot (0x1200)   (c90f8e782a9aa717079c275f1a1a23f4) \Device\Harddisk0\DR0\Partition1
10:06:40.0618 1784	\Device\Harddisk0\DR0\Partition1 - ok
10:06:40.0649 1784	Boot (0x1200)   (4a9b47396c18ede7a2e3cd9bb14b25d6) \Device\Harddisk0\DR0\Partition2
10:06:40.0649 1784	\Device\Harddisk0\DR0\Partition2 - ok
10:06:40.0664 1784	Boot (0x1200)   (93988f2ef0e69b8c8f2289a50245578b) \Device\Harddisk0\DR0\Partition3
10:06:40.0664 1784	\Device\Harddisk0\DR0\Partition3 - ok
10:06:40.0664 1784	============================================================
10:06:40.0664 1784	Scan finished
10:06:40.0664 1784	============================================================
10:06:40.0696 1040	Detected object count: 2
10:06:40.0696 1040	Actual detected object count: 2
10:06:59.0088 1040	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:06:59.0088 1040	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:06:59.0088 1040	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:06:59.0088 1040	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 03.04.2012, 15:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2012, 22:21   #13
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



hat gut geklappt, vielen dank!

Code:
ATTFilter
ComboFix 12-04-03.02 - Verena 04.04.2012  22:44:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8140.6336 [GMT 2:00]
ausgeführt von:: c:\users\Verena\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))
.
.
2012-04-04 21:05 . 2012-04-04 21:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-03 18:19 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF59A96A-E0DA-4B5D-86D7-ABB8BE0EF27B}\mpengine.dll
2012-03-31 19:27 . 2012-03-31 19:27	--------	d-----w-	C:\_OTL
2012-03-30 16:20 . 2012-03-30 16:20	--------	d-----w-	c:\program files (x86)\ESET
2012-03-30 12:56 . 2012-03-30 12:56	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-30 12:56 . 2012-03-30 12:56	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-28 12:59 . 2012-03-28 12:59	--------	d-----w-	c:\users\Verena\Schreibzeug
2012-03-27 16:58 . 2012-03-27 16:58	--------	d-----w-	c:\users\Verena\AppData\Local\Google
2012-03-27 16:58 . 2012-03-27 16:58	--------	d-----w-	c:\program files (x86)\Google
2012-03-27 16:58 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-27 16:58 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-27 16:58 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-27 16:58 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-27 16:58 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-27 16:58 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-27 16:58 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-27 16:57 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-27 16:57 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-27 16:57 . 2012-03-27 16:57	--------	d-----w-	c:\programdata\AVAST Software
2012-03-27 16:57 . 2012-03-27 16:57	--------	d-----w-	c:\program files\AVAST Software
2012-03-27 10:47 . 2012-03-27 10:47	--------	d-----w-	c:\users\Verena\AppData\Roaming\Malwarebytes
2012-03-27 10:47 . 2012-03-27 10:47	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-27 10:47 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 10:47 . 2012-03-27 13:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:35 . 2012-03-24 16:35	--------	d-----w-	c:\programdata\HP
2012-03-24 16:33 . 2012-03-24 16:36	--------	d-----w-	c:\users\Verena\AppData\Local\HP
2012-03-14 14:11 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 14:11 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 14:11 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:26 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 13:26 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 13:26 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 13:25 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 13:25 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:25 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:25 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:25 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 13:25 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:25 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 16:58]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 16:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 149.205.5.81 149.205.5.82
FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\bydxbmjh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-04  23:11:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-04 21:11
.
Vor Suchlauf: 15 Verzeichnis(se), 472.112.701.440 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 471.993.106.432 Bytes frei
.
- - End Of File - - 8BFBD902A9C7545DA8B47B5717FA3B6C
         

Alt 04.04.2012, 23:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 21:07   #15
Vererena
 
"Data Restore" entfernt - Rechner komplett sauber? - Standard

"Data Restore" entfernt - Rechner komplett sauber?



Wow,ich hätte nicht erwartet, dass so viele verschiedene Scans erforderlich sind. Ich bin dir für deine Geduld sehr dankbar!

Hier der aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 21:40:39
-----------------------------
21:40:39.746    OS Version: Windows x64 6.1.7601 Service Pack 1
21:40:39.746    Number of processors: 4 586 0x2A07
21:40:39.746    ComputerName: ANTONHP  UserName: Verena
21:40:42.227    Initialize success
21:40:42.305    AVAST engine defs: 12040500
21:40:58.576    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:58.576    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
21:40:58.622    Disk 0 MBR read successfully
21:40:58.622    Disk 0 MBR scan
21:40:58.622    Disk 0 Windows 7 default MBR code
21:40:58.638    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:40:58.654    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       699621 MB offset 409600
21:40:58.685    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15480 MB offset 1433233408
21:40:58.700    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
21:40:58.747    Disk 0 scanning C:\Windows\system32\drivers
21:41:06.797    Service scanning
21:41:32.178    Modules scanning
21:41:32.194    Disk 0 trace - called modules:
21:41:32.225    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
21:41:32.240    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008184060]
21:41:32.240    3 CLASSPNP.SYS[fffff88001b5543f] -> nt!IofCallDriver -> [0xfffffa8007e82b10]
21:41:32.240    5 hpdskflt.sys[fffff88001afc361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d3d050]
21:41:34.658    AVAST engine scan C:\Windows
21:41:40.072    AVAST engine scan C:\Windows\system32
21:43:28.570    AVAST engine scan C:\Windows\system32\drivers
21:43:40.270    AVAST engine scan C:\Users\Verena
21:54:38.685    AVAST engine scan C:\ProgramData
21:55:59.290    Scan finished successfully
21:57:39.317    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\Logs\MBR.dat"
21:57:39.333    The log file has been saved successfully to "C:\Users\Verena\Desktop\Logs\aswMBR Log.txt"
         

Antwort

Themen zu "Data Restore" entfernt - Rechner komplett sauber?
aktuelle, anleitung, board, data, dienstag, entdeck, entdeckt, entfernen, entfernt, erneut, geladen, hoffe, infizierte, komplett, logfiles, neustart, ordner, rechner, restore, richtig, sauber, sichtbar, trojaner, würde



Ähnliche Themen: "Data Restore" entfernt - Rechner komplett sauber?


  1. Free antivirus - "restore message" - Nachricht im Infobereich
    Antiviren-, Firewall- und andere Schutzprogramme - 18.02.2015 (16)
  2. Malwarebytes hat "Babylon" entdeckt und beseitigt, ist mein Rechner jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (15)
  3. "Polizei-Trojaner - österr. Variante" - Ist mein PC wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  4. Trojanerbefall mit "Windows Pro Web H." - Rechner sauber?
    Log-Analyse und Auswertung - 03.06.2012 (21)
  5. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  6. "Bundespolizei Trojaner" komplett entfernt?
    Log-Analyse und Auswertung - 01.12.2011 (36)
  7. JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (19)
  8. Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche
    Log-Analyse und Auswertung - 22.10.2011 (22)
  9. Data Restore Virus kann nicht entfernt werden
    Log-Analyse und Auswertung - 21.10.2011 (22)
  10. Gefakte Data Restore Warnung eineholt /Trojaner nicht vollständig entfernt
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (3)
  11. Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (19)
  12. "Windows Recovery" mit Malwarebytes entfernt -- Notebook evtl. noch nicht sauber?
    Log-Analyse und Auswertung - 25.06.2011 (18)
  13. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  14. "Windows Restore" Fenster - Nachrichtenfenster über Systemfehler - unaufgeforderter Systemneustart
    Log-Analyse und Auswertung - 24.04.2011 (13)
  15. Rechner lahmgelegt durch "kb.dll" - Wie kann der Trojaner entfernt werden? Arbeiten kaum möglich :-(
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (17)
  16. TR/Crypt.ZPACK.Gen ist mein Rechner jetzt "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2010 (15)
  17. Crypt.ZPACK.Gen - ist mein Rechner jetzt endlich wieder "sauber"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (1)

Zum Thema "Data Restore" entfernt - Rechner komplett sauber? - Hallo! Am Dienstag habe ich mir den "Data Restore" Trojaner eingefangen. Ich war sehr froh als ich die Anleitung zum Entfernen des Plagegeistes auf eurem Board entdeckt habe. Der Anleitung - "Data Restore" entfernt - Rechner komplett sauber?...
Archiv
Du betrachtest: "Data Restore" entfernt - Rechner komplett sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.