Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.03.2012, 22:01   #1
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Hallo,

vor einigen Stunden habe ich die Meldung "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." bekommen und seitdem komme ich nicht mehr ins Windows. Ich habe den PC schon im abgesicherten Modus mit Netzwerkunterstützung gestartet und sowohl mit Malwarebytes' Anti-Malware, als auch mit Antivir einen Systemcheck durchgeführt. Anti-Malware hatte ein paar Funde, die ich danach gesäubert habe. Allerdings ist die Warnmeldung unter Windows nach wie vor vorhanden. Jetzt bin ich ein bisschen ratlos und wende mich daher hilfesuchend an euch.

Betriebssystem ist Win 7 Home Premium Service Pack 1 (64 Bit).

OTL-Logs habe ich schon erstellt, sie befinden sich im Anhang. Da die OTL.txt zu groß war, habe ich beide Dateien (OTL und Extras) gezippt.

Den Log von Malwarebytes' Anti-Malware mit den Funden habe ich auch beigefügt.

Für Hilfe wäre ich wirklich sehr dankbar.
Angehängte Dateien
Dateityp: zip Logs.zip (22,0 KB, 53x aufgerufen)
Dateityp: txt mbam-log-2012-03-29 (17-33-52).txt (4,3 KB, 150x aufgerufen)

Alt 30.03.2012, 16:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 30.03.2012, 19:53   #3
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Danke schonmal für die Hilfe.

ESET ist durchgelaufen, habe alles befolgt wie beschrieben, hier die log.txt:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-29 05:08:57
# local_time=2012-03-29 07:08:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2250348 2250348 0 0
# compatibility_mode=5893 16776574 100 94 1966551 84669598 0 0
# compatibility_mode=8192 67108863 100 0 270 270 0 0
# scanned=40635
# found=0
# cleaned=0
# scan_time=1189
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=47935f6f7bb2f8488d784200fd034e01
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 05:41:01
# local_time=2012-03-30 07:41:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2332722 2332722 0 0
# compatibility_mode=5893 16776574 100 94 2048925 84751972 0 0
# compatibility_mode=8192 67108863 100 0 82644 82644 0 0
# scanned=445611
# found=2
# cleaned=0
# scan_time=7138
C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe	a variant of Win32/Kryptik.ADFV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\49899aba-6a9c7c82	a variant of Java/Exploit.CVE-2012-0507.D trojan (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 30.03.2012, 21:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.04.2012, 21:34   #5
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



EDIT: Im ersten Moment schien der normale Modus wieder zu funktionieren, weil bisher immer sofort der schwarze Bildschirm mit der Bezahlaufforderung kam und das diesmal ausblieb. Nach 15 Minuten kam er dann aber doch wieder.

Im Startmenü vermisse ich soweit eigentlich nichts.


Alt 02.04.2012, 12:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."

Alt 02.04.2012, 17:27   #7
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



So, alles ausgeführt. Hier das OTL-Log.
Warum Opera allerdings als laufender Prozess aufgeführt wird, obwohl ich ihn extra vor dem Klick auf "Quick Scan" beendet habe, ist mir schleierhaft.

Code:
ATTFilter
OTL logfile created on: 02.04.2012 17:04:01 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,17 Gb Available Physical Memory | 89,79% Memory free
15,96 Gb Paging File | 15,18 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1547,35 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 29,97 Gb Free Space | 59,93% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 347,46 Gb Free Space | 37,30% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\..\SearchScopes,DefaultScope = {5533C762-1B10-4633-820A-3E3C2C2057A0}
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\..\SearchScopes\{5533C762-1B10-4633-820A-3E3C2C2057A0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKU\S-1-5-21-739523016-1728194525-3442210898-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.29 20:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.11 20:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Christoph\AppData\Roaming\10016 [2012.03.15 11:36:19 | 000,000,000 | ---D | M]
 
[2012.03.11 20:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.03.11 20:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.15 11:36:19 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\CHRISTOPH\APPDATA\ROAMING\10016
[2012.02.16 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [SkypePM] C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe File not found
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F705B830-3D09-48E9-8657-CD0CA5A0FE70}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell - "" = AutoRun
O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 16:50:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.03.29 20:28:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.03.29 20:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.03.29 20:07:45 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.29 20:07:45 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.29 20:07:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.29 20:07:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.29 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.03.29 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.03.29 19:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.03.29 19:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.29 19:37:02 | 003,645,304 | ---- | C] (Piriform Ltd) -- C:\Users\Christoph\Desktop\ccsetup317.exe
[2012.03.29 18:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.29 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2012.03.29 17:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 17:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.29 17:33:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.29 17:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.28 23:47:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.28 23:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.03.28 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation
[2012.03.28 22:50:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\.thumbnails
[2012.03.28 22:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.03.25 19:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
[2012.03.25 19:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX
[2012.03.25 18:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2012.03.25 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.03.25 15:32:59 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.03.25 15:27:24 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.03.24 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\LOLReplay
[2012.03.22 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Braid
[2012.03.22 20:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.03.22 20:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.03.22 20:31:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\FUSSBALL MANAGER 12
[2012.03.21 12:01:54 | 000,000,000 | ---D | C] -- C:\Users\Christoph\riotsGamesLogs
[2012.03.21 01:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.03.20 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Apps
[2012.03.20 17:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.03.20 17:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.20 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.20 17:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012.03.20 17:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.03.20 17:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS5
[2012.03.15 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\UAs
[2012.03.15 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\10016
[2012.03.15 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xmldm
[2012.03.15 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\kock
[2012.03.13 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\BioWare
[2012.03.13 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\ICQ
[2012.03.13 12:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2012.03.13 12:56:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Last.fm
[2012.03.13 12:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2012.03.13 12:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2012.03.13 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Spotify
[2012.03.13 12:43:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Spotify
[2012.03.11 20:11:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Mozilla
[2012.03.11 20:11:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Mozilla
[2012.03.11 20:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.03.11 13:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.11 13:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.03.11 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Microsoft Help
[2012.03.11 13:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.03.11 13:14:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.03.09 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\vlc
[2012.03.09 18:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.03.09 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.03.09 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012.03.09 16:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012.03.08 01:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.08 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.03.05 23:30:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\EA Games
[2012.03.05 23:08:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Prince of Persia
[2012.03.05 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.03.05 22:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012.03.05 22:59:33 | 001,347,584 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012.03.05 22:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012.03.05 22:59:13 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.03.05 22:59:13 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.03.05 22:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.03.05 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Rockstar Games
[2012.03.05 22:26:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.03.05 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Rockstar Games
[2012.03.05 22:18:12 | 000,000,000 | RH-D | C] -- C:\Users\Christoph\AppData\Roaming\SecuROM
[2012.03.05 22:18:11 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.03.05 21:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.03.05 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2012.03.05 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\SoftGrid Client
[2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.03.05 19:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.05 19:29:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TP
[2012.03.05 14:29:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.05 14:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.05 14:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.03.05 14:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.03.05 13:29:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Adobe
[2012.03.05 12:56:45 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\My Games
[2012.03.05 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.03.04 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\ElevatedDiagnostics
[2012.03.04 23:23:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Diagnostics
[2012.03.03 22:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012.03.03 20:44:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.03.03 20:43:51 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\NVIDIA
[2012.03.03 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Eidos
[2012.03.03 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Diablo III
[2012.03.03 20:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.03.03 20:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.03.03 20:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.03.03 20:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012.03.03 20:30:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.03.03 20:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.03.03 20:30:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.03.03 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.03 20:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012.03.03 20:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.03.03 20:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.03.03 20:22:29 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Winamp
[2012.03.03 20:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.03.03 20:01:30 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\LolClient
[2012.03.03 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2012.03.03 19:58:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon
[2012.03.03 19:55:06 | 000,564,792 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012.03.03 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.03.03 19:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.03.03 19:49:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2012.03.03 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.03.03 19:01:59 | 000,000,000 | ---D | C] -- C:\Images
[2012.03.03 19:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.03.03 18:59:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2012.03.03 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2012.03.03 18:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.03.03 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira
[2012.03.03 18:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.03 18:43:21 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.03 18:43:21 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.03 18:43:21 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.03 18:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.03 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.03 18:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.03 18:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.03.03 18:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012.03.03 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.03.03 18:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.03.03 17:38:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Skype
[2012.03.03 17:38:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.03 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.03 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Opera
[2012.03.03 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Opera
[2012.03.03 17:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.03.03 17:27:04 | 000,000,000 | ---D | C] -- C:\Games
[2012.03.03 17:26:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\PMB Files
[2012.03.03 17:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.03.03 17:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.03.03 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Adobe
[2012.03.03 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 16:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 16:59:26 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 16:57:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 16:57:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 16:56:20 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.02 16:56:20 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.02 16:56:20 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.02 16:56:20 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.02 16:56:20 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.02 16:50:00 | 565,020,539 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.29 21:56:48 | 000,022,569 | ---- | M] () -- C:\Users\Christoph\Desktop\Logs.zip
[2012.03.29 20:28:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.03.29 20:07:51 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.29 20:07:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.03.29 20:06:20 | 074,761,776 | ---- | M] () -- C:\Users\Christoph\Desktop\avast_free1426_antivirus_setup.exe
[2012.03.29 19:43:51 | 000,115,610 | ---- | M] () -- C:\Users\Christoph\Desktop\cc_20120329_194337.reg
[2012.03.29 19:37:22 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.29 19:37:02 | 003,645,304 | ---- | M] (Piriform Ltd) -- C:\Users\Christoph\Desktop\ccsetup317.exe
[2012.03.29 17:33:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.28 23:03:50 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.03.27 23:07:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.03.25 18:54:53 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk
[2012.03.24 12:14:18 | 000,001,806 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.03.21 20:12:23 | 000,001,446 | ---- | M] () -- C:\Users\Christoph\Desktop\Creep Timer.lnk
[2012.03.20 19:54:46 | 004,863,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.19 15:28:47 | 000,001,846 | ---- | M] () -- C:\Users\Christoph\Desktop\ICQ7.7.lnk
[2012.03.16 15:34:00 | 000,000,034 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res
[2012.03.15 21:45:22 | 016,886,781 | ---- | M] () -- C:\Users\Christoph\Desktop\kima23150312.pdf
[2012.03.13 12:43:48 | 000,001,837 | ---- | M] () -- C:\Users\Christoph\Desktop\Spotify.lnk
[2012.03.09 18:12:07 | 000,000,510 | ---- | M] () -- C:\Users\Christoph\vpnstandard.pcf
[2012.03.09 18:11:04 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.09 18:10:15 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012.03.07 01:19:04 | 008,679,466 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.05 22:59:13 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.03.05 22:59:13 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.03.05 22:18:11 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.03.05 19:43:22 | 000,000,221 | ---- | M] () -- C:\Users\Christoph\Desktop\Frozen Synapse.url
[2012.03.05 19:42:29 | 000,000,221 | ---- | M] () -- C:\Users\Christoph\Desktop\Braid.url
[2012.03.05 14:29:16 | 000,000,222 | ---- | M] () -- C:\Users\Christoph\Desktop\Rayman Origins Demo.url
[2012.03.05 14:13:18 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.03.05 12:38:30 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Crysis SP Demo.lnk
[2012.03.04 01:53:45 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.03.04 01:53:45 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.03.03 20:11:05 | 000,007,598 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012.03.03 19:55:06 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012.03.03 19:55:06 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.03.03 18:56:05 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012.03.03 18:43:23 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.03 18:21:45 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.03 18:14:39 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.03.03 17:38:31 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.03 17:31:16 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.02 16:50:00 | 565,020,539 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.29 21:56:02 | 000,022,569 | ---- | C] () -- C:\Users\Christoph\Desktop\Logs.zip
[2012.03.29 20:07:51 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.03.29 20:07:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.03.29 20:05:38 | 074,761,776 | ---- | C] () -- C:\Users\Christoph\Desktop\avast_free1426_antivirus_setup.exe
[2012.03.29 19:43:43 | 000,115,610 | ---- | C] () -- C:\Users\Christoph\Desktop\cc_20120329_194337.reg
[2012.03.29 19:37:22 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.29 17:33:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.28 23:03:50 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.03.27 23:07:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.03.27 13:32:31 | 000,054,054 | ---- | C] () -- C:\Users\Christoph\Desktop\deko.jpg
[2012.03.25 18:54:53 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk
[2012.03.25 18:37:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.25 02:29:48 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.03.24 12:14:18 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.03.21 20:12:23 | 000,001,446 | ---- | C] () -- C:\Users\Christoph\Desktop\Creep Timer.lnk
[2012.03.20 17:04:32 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.03.19 15:28:47 | 000,001,846 | ---- | C] () -- C:\Users\Christoph\Desktop\ICQ7.7.lnk
[2012.03.15 21:42:35 | 016,886,781 | ---- | C] () -- C:\Users\Christoph\Desktop\kima23150312.pdf
[2012.03.15 11:36:15 | 000,000,034 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res
[2012.03.13 12:43:48 | 000,001,837 | ---- | C] () -- C:\Users\Christoph\Desktop\Spotify.lnk
[2012.03.13 12:43:48 | 000,001,823 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.03.11 20:09:50 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.09 18:12:07 | 000,000,510 | ---- | C] () -- C:\Users\Christoph\vpnstandard.pcf
[2012.03.09 18:10:15 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012.03.09 18:10:10 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012.03.09 16:18:55 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2012.03.05 22:35:05 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.03.05 19:43:22 | 000,000,221 | ---- | C] () -- C:\Users\Christoph\Desktop\Frozen Synapse.url
[2012.03.05 19:42:29 | 000,000,221 | ---- | C] () -- C:\Users\Christoph\Desktop\Braid.url
[2012.03.05 19:29:46 | 008,679,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.05 14:29:16 | 000,000,222 | ---- | C] () -- C:\Users\Christoph\Desktop\Rayman Origins Demo.url
[2012.03.05 14:13:18 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.03.05 12:38:30 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Crysis SP Demo.lnk
[2012.03.03 20:32:30 | 002,497,985 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.03.03 20:11:05 | 000,007,598 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012.03.03 19:55:06 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.03.03 18:56:05 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012.03.03 18:43:23 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.03 18:21:45 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.03 18:10:03 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.03.03 17:38:31 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.03 17:31:16 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.03.03 17:31:16 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.15 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\10016
[2012.03.28 22:51:53 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation
[2012.03.22 20:35:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Braid
[2012.03.28 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2012.03.03 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon
[2012.03.29 17:24:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2012.03.15 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\kock
[2012.03.03 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient
[2012.03.03 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Opera
[2012.03.16 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2012.03.29 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Spotify
[2012.03.05 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP
[2012.03.16 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\UAs
[2012.03.16 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xmldm
[2009.07.14 07:08:49 | 000,027,740 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.15 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\10016
[2012.03.27 21:14:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Adobe
[2012.03.03 18:48:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Avira
[2012.03.28 22:51:53 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Blender Foundation
[2012.03.22 20:35:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Braid
[2012.03.28 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2012.03.03 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon
[2012.03.29 17:24:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2012.03.03 16:58:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Identities
[2012.03.03 16:59:08 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Intel Corporation
[2012.03.15 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\kock
[2012.03.03 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient
[2011.09.29 18:09:51 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Macromedia
[2012.03.29 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Media Center Programs
[2012.03.11 13:26:57 | 000,000,000 | --SD | M] -- C:\Users\Christoph\AppData\Roaming\Microsoft
[2012.03.11 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Mozilla
[2012.03.05 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\NVIDIA
[2012.03.03 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Opera
[2012.03.05 22:18:12 | 000,000,000 | RH-D | M] -- C:\Users\Christoph\AppData\Roaming\SecuROM
[2012.04.02 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Skype
[2012.03.16 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2012.03.29 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Spotify
[2012.03.05 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP
[2012.03.16 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\UAs
[2012.03.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\vlc
[2012.03.29 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Winamp
[2012.03.16 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2012.03.03 19:58:41 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Christoph\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.11.23 21:16:09 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christoph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.13 12:43:48 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\Christoph\AppData\Roaming\Spotify\spotify.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 02.04.2012, 20:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-739523016-1728194525-3442210898-1001..\Run: [SkypePM] C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell - "" = AutoRun
O33 - MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\Shell\AutoRun\command - "" = H:\Autorun.exe
[2012.03.15 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\UAs
[2012.03.15 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\10016
[2012.03.15 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xmldm
[2012.03.15 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\kock
:Files
C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2012, 11:31   #9
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Vielen, vielen Dank für die Hilfe! Ihr leistet wirklich eine super Arbeit hier auf dem Board!

Hier das Log nach dem Fix. Dass die SkypePM.exe nicht mehr gefunden wurde, liegt daran, dass sie kurz vorher schon - aus Versehen - von Antivir gelöscht wurde.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-739523016-1728194525-3442210898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5200b576-655c-11e1-bc23-8c89a59baa7e}\ not found.
File H:\Autorun.exe not found.
C:\Users\Christoph\AppData\Roaming\UAs folder moved successfully.
C:\Users\Christoph\AppData\Roaming\10016\components folder moved successfully.
C:\Users\Christoph\AppData\Roaming\10016 folder moved successfully.
C:\Users\Christoph\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Christoph\AppData\Roaming\kock folder moved successfully.
========== FILES ==========
File\Folder C:\Users\Christoph\AppData\Local\Skype\SkypePM.exe not found.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christoph
->Temp folder emptied: 497736447 bytes
->Temporary Internet Files folder emptied: 10670928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51445321 bytes
->Opera cache emptied: 9415188 bytes
->Flash cache emptied: 70347 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19382 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 54794079001 bytes
 
Total Files Cleaned = 52.799,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Christoph
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04022012_211611

Files\Folders moved on Reboot...
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 04.04.2012, 13:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Zitat:
Total Files Cleaned = 52.799,00 mb
Neuer Rekord?
Du hattest fast 53 GB in Temordnern

Läuft der normale Modus nun wieder?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 16:07   #11
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Zitat:
Zitat von cosinus Beitrag anzeigen
Neuer Rekord?
Du hattest fast 53 GB in Temordnern

Läuft der normale Modus nun wieder?
Hm, ups. Das ist merkwürdig. Dabei sind der Rechner und damit die Windows-Installation noch gar nicht so alt.

Der normale Modus läuft jetzt wieder.

Alt 05.04.2012, 16:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Achso, das meiste war einfach nur im Papierkorb

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2012, 13:00   #13
josa
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Nachdem ich über die Ostertage nicht zu Hause und entsprechend am Rechner war, hier jetzt das vom TDSS-Killer. Frohe Ostern übrigens, nachträglich.

Code:
ATTFilter
12:53:34.0194 5656	TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37
12:53:34.0245 5656	============================================================
12:53:34.0245 5656	Current date / time: 2012/04/10 12:53:34.0245
12:53:34.0245 5656	SystemInfo:
12:53:34.0245 5656	
12:53:34.0245 5656	OS Version: 6.1.7601 ServicePack: 1.0
12:53:34.0245 5656	Product type: Workstation
12:53:34.0245 5656	ComputerName: CHRISTOPH-PC
12:53:34.0246 5656	UserName: Christoph
12:53:34.0246 5656	Windows directory: C:\Windows
12:53:34.0246 5656	System windows directory: C:\Windows
12:53:34.0246 5656	Running under WOW64
12:53:34.0246 5656	Processor architecture: Intel x64
12:53:34.0246 5656	Number of processors: 8
12:53:34.0246 5656	Page size: 0x1000
12:53:34.0246 5656	Boot type: Normal boot
12:53:34.0246 5656	============================================================
12:53:41.0596 5656	Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:41.0606 5656	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:41.0615 5656	\Device\Harddisk0\DR0:
12:53:41.0615 5656	MBR used
12:53:41.0615 5656	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:53:41.0615 5656	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800
12:53:41.0615 5656	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000
12:53:41.0615 5656	\Device\Harddisk1\DR1:
12:53:41.0615 5656	MBR used
12:53:41.0615 5656	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:53:41.0733 5656	Initialize success
12:53:41.0733 5656	============================================================
12:54:37.0810 5224	============================================================
12:54:37.0810 5224	Scan started
12:54:37.0810 5224	Mode: Manual; SigCheck; TDLFS; 
12:54:37.0810 5224	============================================================
12:54:38.0063 5224	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:54:38.0157 5224	1394ohci - ok
12:54:38.0202 5224	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:54:38.0217 5224	ACPI - ok
12:54:38.0243 5224	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:54:38.0318 5224	AcpiPmi - ok
12:54:38.0432 5224	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:54:38.0441 5224	AdobeARMservice - ok
12:54:38.0533 5224	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:38.0540 5224	AdobeFlashPlayerUpdateSvc - ok
12:54:38.0620 5224	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:54:38.0642 5224	adp94xx - ok
12:54:38.0693 5224	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:54:38.0711 5224	adpahci - ok
12:54:38.0750 5224	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:54:38.0765 5224	adpu320 - ok
12:54:38.0799 5224	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:54:38.0951 5224	AeLookupSvc - ok
12:54:39.0005 5224	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:54:39.0057 5224	AFD - ok
12:54:39.0093 5224	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:54:39.0106 5224	agp440 - ok
12:54:39.0134 5224	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:54:39.0192 5224	ALG - ok
12:54:39.0220 5224	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:54:39.0231 5224	aliide - ok
12:54:39.0268 5224	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:54:39.0277 5224	amdide - ok
12:54:39.0310 5224	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:54:39.0342 5224	AmdK8 - ok
12:54:39.0373 5224	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:54:39.0413 5224	AmdPPM - ok
12:54:39.0469 5224	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:54:39.0483 5224	amdsata - ok
12:54:39.0533 5224	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:54:39.0548 5224	amdsbs - ok
12:54:39.0575 5224	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:54:39.0584 5224	amdxata - ok
12:54:39.0639 5224	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:54:39.0650 5224	AntiVirSchedulerService - ok
12:54:39.0669 5224	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:54:39.0679 5224	AntiVirService - ok
12:54:39.0741 5224	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:54:39.0867 5224	AppID - ok
12:54:39.0895 5224	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:54:39.0949 5224	AppIDSvc - ok
12:54:39.0989 5224	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:54:40.0063 5224	Appinfo - ok
12:54:40.0118 5224	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:54:40.0132 5224	arc - ok
12:54:40.0175 5224	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:54:40.0185 5224	arcsas - ok
12:54:40.0234 5224	asmthub3        (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys
12:54:40.0314 5224	asmthub3 - ok
12:54:40.0363 5224	asmtxhci        (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys
12:54:40.0425 5224	asmtxhci - ok
12:54:40.0466 5224	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
12:54:40.0475 5224	aswMonFlt - ok
12:54:40.0508 5224	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:54:40.0576 5224	AsyncMac - ok
12:54:40.0636 5224	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:54:40.0649 5224	atapi - ok
12:54:40.0707 5224	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:54:40.0778 5224	AudioEndpointBuilder - ok
12:54:40.0793 5224	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:54:40.0817 5224	AudioSrv - ok
12:54:40.0863 5224	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:54:40.0868 5224	avast! Antivirus - ok
12:54:40.0906 5224	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:54:40.0911 5224	avgntflt - ok
12:54:40.0928 5224	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:54:40.0933 5224	avipbb - ok
12:54:40.0947 5224	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:54:40.0951 5224	avkmgr - ok
12:54:40.0967 5224	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:54:41.0079 5224	AxInstSV - ok
12:54:41.0130 5224	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:54:41.0184 5224	b06bdrv - ok
12:54:41.0226 5224	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:54:41.0267 5224	b57nd60a - ok
12:54:41.0318 5224	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:54:41.0359 5224	BDESVC - ok
12:54:41.0373 5224	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:54:41.0435 5224	Beep - ok
12:54:41.0535 5224	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:54:41.0584 5224	BFE - ok
12:54:41.0652 5224	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:54:41.0712 5224	BITS - ok
12:54:41.0767 5224	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:54:41.0809 5224	blbdrive - ok
12:54:41.0858 5224	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:54:41.0918 5224	bowser - ok
12:54:41.0941 5224	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:54:41.0969 5224	BrFiltLo - ok
12:54:42.0013 5224	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:54:42.0045 5224	BrFiltUp - ok
12:54:42.0104 5224	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:54:42.0153 5224	Browser - ok
12:54:42.0214 5224	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:54:42.0298 5224	Brserid - ok
12:54:42.0367 5224	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:54:42.0398 5224	BrSerWdm - ok
12:54:42.0446 5224	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:54:42.0475 5224	BrUsbMdm - ok
12:54:42.0523 5224	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:54:42.0550 5224	BrUsbSer - ok
12:54:42.0594 5224	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:54:42.0622 5224	BTHMODEM - ok
12:54:42.0675 5224	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:54:42.0711 5224	bthserv - ok
12:54:42.0745 5224	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:54:42.0809 5224	cdfs - ok
12:54:42.0857 5224	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:54:42.0888 5224	cdrom - ok
12:54:42.0943 5224	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:54:43.0062 5224	CertPropSvc - ok
12:54:43.0137 5224	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:54:43.0171 5224	circlass - ok
12:54:43.0202 5224	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:54:43.0214 5224	CLFS - ok
12:54:43.0282 5224	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:43.0295 5224	clr_optimization_v2.0.50727_32 - ok
12:54:43.0339 5224	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:54:43.0351 5224	clr_optimization_v2.0.50727_64 - ok
12:54:43.0419 5224	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:43.0439 5224	clr_optimization_v4.0.30319_32 - ok
12:54:43.0461 5224	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:54:43.0472 5224	clr_optimization_v4.0.30319_64 - ok
12:54:43.0521 5224	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:54:43.0551 5224	CmBatt - ok
12:54:43.0595 5224	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:54:43.0601 5224	cmdide - ok
12:54:43.0647 5224	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:54:43.0674 5224	CNG - ok
12:54:43.0696 5224	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:54:43.0708 5224	Compbatt - ok
12:54:43.0744 5224	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:54:43.0780 5224	CompositeBus - ok
12:54:43.0811 5224	COMSysApp - ok
12:54:43.0832 5224	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:54:43.0843 5224	crcdisk - ok
12:54:43.0870 5224	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:54:43.0935 5224	CryptSvc - ok
12:54:43.0988 5224	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
12:54:43.0997 5224	CVirtA - ok
12:54:44.0054 5224	CVPND           (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:54:44.0084 5224	CVPND - ok
12:54:44.0117 5224	CVPNDRVA        (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
12:54:44.0131 5224	CVPNDRVA - ok
12:54:44.0163 5224	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:54:44.0232 5224	DcomLaunch - ok
12:54:44.0258 5224	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:54:44.0316 5224	defragsvc - ok
12:54:44.0348 5224	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:54:44.0413 5224	DfsC - ok
12:54:44.0467 5224	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:54:44.0522 5224	Dhcp - ok
12:54:44.0555 5224	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:54:44.0605 5224	discache - ok
12:54:44.0655 5224	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:54:44.0668 5224	Disk - ok
12:54:44.0705 5224	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
12:54:44.0714 5224	DNE - ok
12:54:44.0753 5224	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:54:44.0801 5224	Dnscache - ok
12:54:44.0825 5224	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:54:44.0881 5224	dot3svc - ok
12:54:44.0917 5224	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:54:44.0981 5224	DPS - ok
12:54:45.0014 5224	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:54:45.0050 5224	drmkaud - ok
12:54:45.0091 5224	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:54:45.0113 5224	DXGKrnl - ok
12:54:45.0133 5224	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:54:45.0184 5224	EapHost - ok
12:54:45.0278 5224	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:54:45.0374 5224	ebdrv - ok
12:54:45.0432 5224	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:54:45.0502 5224	EFS - ok
12:54:45.0559 5224	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:54:45.0624 5224	ehRecvr - ok
12:54:45.0641 5224	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:54:45.0686 5224	ehSched - ok
12:54:45.0752 5224	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:54:45.0773 5224	elxstor - ok
12:54:45.0819 5224	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:54:45.0854 5224	ErrDev - ok
12:54:45.0908 5224	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:54:45.0968 5224	EventSystem - ok
12:54:46.0021 5224	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:54:46.0070 5224	exfat - ok
12:54:46.0106 5224	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:54:46.0173 5224	fastfat - ok
12:54:46.0241 5224	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:54:46.0309 5224	Fax - ok
12:54:46.0335 5224	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:54:46.0371 5224	fdc - ok
12:54:46.0406 5224	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:54:46.0466 5224	fdPHost - ok
12:54:46.0510 5224	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:54:46.0576 5224	FDResPub - ok
12:54:46.0610 5224	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:54:46.0616 5224	FileInfo - ok
12:54:46.0630 5224	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:54:46.0669 5224	Filetrace - ok
12:54:46.0709 5224	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:54:46.0726 5224	flpydisk - ok
12:54:46.0768 5224	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:54:46.0784 5224	FltMgr - ok
12:54:46.0818 5224	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:54:46.0856 5224	FontCache - ok
12:54:46.0907 5224	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:54:46.0913 5224	FontCache3.0.0.0 - ok
12:54:46.0938 5224	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:54:46.0945 5224	FsDepends - ok
12:54:46.0971 5224	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:54:46.0976 5224	Fs_Rec - ok
12:54:46.0994 5224	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:54:47.0004 5224	fvevol - ok
12:54:47.0019 5224	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:54:47.0026 5224	gagp30kx - ok
12:54:47.0068 5224	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:54:47.0113 5224	gpsvc - ok
12:54:47.0156 5224	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:54:47.0173 5224	hcw85cir - ok
12:54:47.0213 5224	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:54:47.0248 5224	HdAudAddService - ok
12:54:47.0297 5224	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:54:47.0342 5224	HDAudBus - ok
12:54:47.0391 5224	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:54:47.0425 5224	HidBatt - ok
12:54:47.0471 5224	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:54:47.0501 5224	HidBth - ok
12:54:47.0544 5224	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:54:47.0559 5224	HidIr - ok
12:54:47.0595 5224	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:54:47.0644 5224	hidserv - ok
12:54:47.0687 5224	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:54:47.0702 5224	HidUsb - ok
12:54:47.0723 5224	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:54:47.0783 5224	hkmsvc - ok
12:54:47.0827 5224	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:54:47.0883 5224	HomeGroupListener - ok
12:54:47.0898 5224	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:54:47.0934 5224	HomeGroupProvider - ok
12:54:47.0984 5224	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:54:47.0997 5224	HpSAMD - ok
12:54:48.0040 5224	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:54:48.0114 5224	HTTP - ok
12:54:48.0148 5224	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:54:48.0155 5224	hwpolicy - ok
12:54:48.0188 5224	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:54:48.0202 5224	i8042prt - ok
12:54:48.0238 5224	iaStor          (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
12:54:48.0256 5224	iaStor - ok
12:54:48.0338 5224	IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:54:48.0346 5224	IAStorDataMgrSvc - ok
12:54:48.0376 5224	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:54:48.0396 5224	iaStorV - ok
12:54:48.0479 5224	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:54:48.0507 5224	idsvc - ok
12:54:48.0644 5224	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:54:48.0784 5224	igfx - ok
12:54:48.0822 5224	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:54:48.0834 5224	iirsp - ok
12:54:48.0874 5224	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:54:48.0937 5224	IKEEXT - ok
12:54:49.0032 5224	IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
12:54:49.0068 5224	IntcAzAudAddService - ok
12:54:49.0101 5224	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:54:49.0108 5224	intelide - ok
12:54:49.0133 5224	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:54:49.0157 5224	intelppm - ok
12:54:49.0199 5224	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:54:49.0254 5224	IPBusEnum - ok
12:54:49.0296 5224	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:54:49.0331 5224	IpFilterDriver - ok
12:54:49.0399 5224	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:54:49.0451 5224	iphlpsvc - ok
12:54:49.0497 5224	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:54:49.0523 5224	IPMIDRV - ok
12:54:49.0541 5224	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:54:49.0585 5224	IPNAT - ok
12:54:49.0607 5224	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:54:49.0643 5224	IRENUM - ok
12:54:49.0686 5224	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:54:49.0697 5224	isapnp - ok
12:54:49.0736 5224	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:54:49.0751 5224	iScsiPrt - ok
12:54:49.0780 5224	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:54:49.0792 5224	kbdclass - ok
12:54:49.0806 5224	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:54:49.0834 5224	kbdhid - ok
12:54:49.0876 5224	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:54:49.0889 5224	KeyIso - ok
12:54:49.0904 5224	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:54:49.0915 5224	KSecDD - ok
12:54:49.0937 5224	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:54:49.0949 5224	KSecPkg - ok
12:54:49.0961 5224	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:54:50.0011 5224	ksthunk - ok
12:54:50.0053 5224	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:54:50.0106 5224	KtmRm - ok
12:54:50.0158 5224	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:54:50.0220 5224	LanmanServer - ok
12:54:50.0256 5224	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:54:50.0301 5224	LanmanWorkstation - ok
12:54:50.0348 5224	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:54:50.0450 5224	lltdio - ok
12:54:50.0468 5224	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:54:50.0512 5224	lltdsvc - ok
12:54:50.0533 5224	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:54:50.0578 5224	lmhosts - ok
12:54:50.0673 5224	LMS             (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:54:50.0687 5224	LMS - ok
12:54:50.0731 5224	LoopBeMidi1     (37efb026e1a8a79fbe7044a241281b3e) C:\Windows\system32\drivers\loopbe1.sys
12:54:50.0790 5224	LoopBeMidi1 - ok
12:54:50.0841 5224	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:54:50.0855 5224	LSI_FC - ok
12:54:50.0878 5224	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:54:50.0892 5224	LSI_SAS - ok
12:54:50.0926 5224	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:54:50.0940 5224	LSI_SAS2 - ok
12:54:50.0971 5224	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:54:50.0984 5224	LSI_SCSI - ok
12:54:51.0031 5224	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:54:51.0074 5224	luafv - ok
12:54:51.0093 5224	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:54:51.0097 5224	MBAMProtector - ok
12:54:51.0149 5224	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:54:51.0170 5224	MBAMService - ok
12:54:51.0200 5224	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:54:51.0225 5224	Mcx2Svc - ok
12:54:51.0243 5224	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:54:51.0254 5224	megasas - ok
12:54:51.0304 5224	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:54:51.0319 5224	MegaSR - ok
12:54:51.0362 5224	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
12:54:51.0370 5224	MEIx64 - ok
12:54:51.0395 5224	MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
12:54:51.0402 5224	MemeoBackgroundService - ok
12:54:51.0425 5224	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:54:51.0493 5224	MMCSS - ok
12:54:51.0553 5224	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:54:51.0609 5224	Modem - ok
12:54:51.0641 5224	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:54:51.0671 5224	monitor - ok
12:54:51.0724 5224	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:54:51.0729 5224	mouclass - ok
12:54:51.0754 5224	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:54:51.0777 5224	mouhid - ok
12:54:51.0812 5224	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:54:51.0819 5224	mountmgr - ok
12:54:51.0872 5224	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:54:51.0880 5224	mpio - ok
12:54:51.0896 5224	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:54:51.0931 5224	mpsdrv - ok
12:54:51.0972 5224	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:54:52.0011 5224	MpsSvc - ok
12:54:52.0060 5224	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:54:52.0080 5224	MRxDAV - ok
12:54:52.0125 5224	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:54:52.0169 5224	mrxsmb - ok
12:54:52.0189 5224	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:54:52.0214 5224	mrxsmb10 - ok
12:54:52.0278 5224	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:54:52.0305 5224	mrxsmb20 - ok
12:54:52.0339 5224	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:54:52.0350 5224	msahci - ok
12:54:52.0389 5224	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:54:52.0403 5224	msdsm - ok
12:54:52.0442 5224	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:54:52.0452 5224	MSDTC - ok
12:54:52.0486 5224	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:54:52.0526 5224	Msfs - ok
12:54:52.0611 5224	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:54:52.0651 5224	mshidkmdf - ok
12:54:52.0699 5224	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:54:52.0709 5224	msisadrv - ok
12:54:52.0743 5224	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:54:52.0785 5224	MSiSCSI - ok
12:54:52.0791 5224	msiserver - ok
12:54:52.0847 5224	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:54:52.0899 5224	MSKSSRV - ok
12:54:52.0908 5224	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:54:52.0969 5224	MSPCLOCK - ok
12:54:53.0020 5224	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:54:53.0057 5224	MSPQM - ok
12:54:53.0113 5224	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:54:53.0132 5224	MsRPC - ok
12:54:53.0164 5224	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:54:53.0173 5224	mssmbios - ok
12:54:53.0203 5224	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:54:53.0235 5224	MSTEE - ok
12:54:53.0271 5224	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:54:53.0310 5224	MTConfig - ok
12:54:53.0343 5224	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:54:53.0354 5224	Mup - ok
12:54:53.0392 5224	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:54:53.0447 5224	napagent - ok
12:54:53.0503 5224	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:54:53.0546 5224	NativeWifiP - ok
12:54:53.0613 5224	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:54:53.0639 5224	NDIS - ok
12:54:53.0683 5224	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:54:53.0719 5224	NdisCap - ok
12:54:53.0753 5224	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:54:53.0784 5224	NdisTapi - ok
12:54:53.0819 5224	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:54:53.0867 5224	Ndisuio - ok
12:54:53.0902 5224	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:54:53.0956 5224	NdisWan - ok
12:54:53.0976 5224	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:54:54.0013 5224	NDProxy - ok
12:54:54.0066 5224	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:54:54.0118 5224	NetBIOS - ok
12:54:54.0150 5224	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:54:54.0193 5224	NetBT - ok
12:54:54.0249 5224	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:54:54.0264 5224	Netlogon - ok
12:54:54.0294 5224	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:54:54.0345 5224	Netman - ok
12:54:54.0384 5224	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:54:54.0427 5224	netprofm - ok
12:54:54.0504 5224	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:54.0517 5224	NetTcpPortSharing - ok
12:54:54.0557 5224	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:54:54.0570 5224	nfrd960 - ok
12:54:54.0602 5224	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:54:54.0662 5224	NlaSvc - ok
12:54:54.0689 5224	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:54:54.0732 5224	Npfs - ok
12:54:54.0745 5224	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:54:54.0813 5224	nsi - ok
12:54:54.0837 5224	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:54:54.0892 5224	nsiproxy - ok
12:54:54.0962 5224	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:54:55.0014 5224	Ntfs - ok
12:54:55.0027 5224	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:54:55.0065 5224	Null - ok
12:54:55.0120 5224	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
12:54:55.0133 5224	NVHDA - ok
12:54:55.0316 5224	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:54:55.0444 5224	nvlddmkm - ok
12:54:55.0496 5224	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:54:55.0510 5224	nvraid - ok
12:54:55.0548 5224	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:54:55.0562 5224	nvstor - ok
12:54:55.0617 5224	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
12:54:55.0643 5224	nvsvc - ok
12:54:55.0726 5224	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:54:55.0761 5224	nvUpdatusService - ok
12:54:55.0800 5224	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:54:55.0808 5224	nv_agp - ok
12:54:55.0877 5224	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:55.0896 5224	odserv - ok
12:54:55.0939 5224	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:54:55.0961 5224	ohci1394 - ok
12:54:56.0011 5224	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:56.0023 5224	ose - ok
12:54:56.0054 5224	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:54:56.0110 5224	p2pimsvc - ok
12:54:56.0134 5224	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:54:56.0165 5224	p2psvc - ok
12:54:56.0222 5224	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:54:56.0248 5224	Parport - ok
12:54:56.0275 5224	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:54:56.0285 5224	partmgr - ok
12:54:56.0304 5224	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:54:56.0341 5224	PcaSvc - ok
12:54:56.0400 5224	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:54:56.0414 5224	pci - ok
12:54:56.0453 5224	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:54:56.0463 5224	pciide - ok
12:54:56.0488 5224	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:54:56.0500 5224	pcmcia - ok
12:54:56.0526 5224	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:54:56.0535 5224	pcw - ok
12:54:56.0571 5224	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:54:56.0606 5224	PEAUTH - ok
12:54:56.0653 5224	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:54:56.0681 5224	PerfHost - ok
12:54:56.0762 5224	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:54:56.0861 5224	pla - ok
12:54:56.0932 5224	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:54:56.0975 5224	PlugPlay - ok
12:54:56.0989 5224	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:54:57.0009 5224	PNRPAutoReg - ok
12:54:57.0042 5224	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:54:57.0051 5224	PNRPsvc - ok
12:54:57.0093 5224	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:54:57.0126 5224	PolicyAgent - ok
12:54:57.0171 5224	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:54:57.0193 5224	Power - ok
12:54:57.0236 5224	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:54:57.0289 5224	PptpMiniport - ok
12:54:57.0323 5224	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:54:57.0343 5224	Processor - ok
12:54:57.0383 5224	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:54:57.0418 5224	ProfSvc - ok
12:54:57.0471 5224	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:54:57.0485 5224	ProtectedStorage - ok
12:54:57.0523 5224	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:54:57.0582 5224	Psched - ok
12:54:57.0664 5224	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:54:57.0719 5224	ql2300 - ok
12:54:57.0745 5224	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:54:57.0757 5224	ql40xx - ok
12:54:57.0791 5224	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:54:57.0812 5224	QWAVE - ok
12:54:57.0875 5224	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:54:57.0911 5224	QWAVEdrv - ok
12:54:57.0926 5224	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:54:57.0973 5224	RasAcd - ok
12:54:58.0015 5224	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:54:58.0074 5224	RasAgileVpn - ok
12:54:58.0108 5224	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:54:58.0161 5224	RasAuto - ok
12:54:58.0192 5224	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:58.0247 5224	Rasl2tp - ok
12:54:58.0287 5224	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:54:58.0323 5224	RasMan - ok
12:54:58.0352 5224	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:58.0400 5224	RasPppoe - ok
12:54:58.0461 5224	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:54:58.0512 5224	RasSstp - ok
12:54:58.0549 5224	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:54:58.0598 5224	rdbss - ok
12:54:58.0636 5224	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:54:58.0665 5224	rdpbus - ok
12:54:58.0716 5224	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:58.0780 5224	RDPCDD - ok
12:54:58.0814 5224	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:54:58.0869 5224	RDPENCDD - ok
12:54:58.0913 5224	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:54:58.0968 5224	RDPREFMP - ok
12:54:59.0015 5224	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:54:59.0061 5224	RDPWD - ok
12:54:59.0090 5224	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:54:59.0105 5224	rdyboost - ok
12:54:59.0129 5224	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:54:59.0184 5224	RemoteAccess - ok
12:54:59.0225 5224	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:54:59.0285 5224	RemoteRegistry - ok
12:54:59.0316 5224	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:54:59.0384 5224	RpcEptMapper - ok
12:54:59.0396 5224	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:54:59.0420 5224	RpcLocator - ok
12:54:59.0454 5224	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:54:59.0477 5224	RpcSs - ok
12:54:59.0501 5224	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:54:59.0536 5224	rspndr - ok
12:54:59.0596 5224	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:54:59.0614 5224	RTL8167 - ok
12:54:59.0671 5224	RTL8192su       (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
12:54:59.0695 5224	RTL8192su - ok
12:54:59.0733 5224	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:54:59.0745 5224	SamSs - ok
12:54:59.0771 5224	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:54:59.0781 5224	sbp2port - ok
12:54:59.0805 5224	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:54:59.0837 5224	SCardSvr - ok
12:54:59.0855 5224	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:54:59.0889 5224	scfilter - ok
12:54:59.0934 5224	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:54:59.0996 5224	Schedule - ok
12:55:00.0032 5224	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:55:00.0053 5224	SCPolicySvc - ok
12:55:00.0066 5224	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:55:00.0111 5224	SDRSVC - ok
12:55:00.0137 5224	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:55:00.0195 5224	secdrv - ok
12:55:00.0229 5224	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:55:00.0269 5224	seclogon - ok
12:55:00.0305 5224	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:55:00.0373 5224	SENS - ok
12:55:00.0412 5224	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:55:00.0477 5224	SensrSvc - ok
12:55:00.0511 5224	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:55:00.0538 5224	Serenum - ok
12:55:00.0587 5224	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:55:00.0606 5224	Serial - ok
12:55:00.0646 5224	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:55:00.0680 5224	sermouse - ok
12:55:00.0721 5224	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:55:00.0783 5224	SessionEnv - ok
12:55:00.0818 5224	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:55:00.0863 5224	sffdisk - ok
12:55:00.0898 5224	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:55:00.0915 5224	sffp_mmc - ok
12:55:00.0950 5224	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:55:00.0967 5224	sffp_sd - ok
12:55:00.0987 5224	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:55:01.0017 5224	sfloppy - ok
12:55:01.0058 5224	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:55:01.0124 5224	SharedAccess - ok
12:55:01.0161 5224	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:55:01.0215 5224	ShellHWDetection - ok
12:55:01.0266 5224	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:55:01.0276 5224	SiSRaid2 - ok
12:55:01.0297 5224	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:55:01.0310 5224	SiSRaid4 - ok
12:55:01.0376 5224	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:55:01.0387 5224	SkypeUpdate - ok
12:55:01.0417 5224	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:55:01.0458 5224	Smb - ok
12:55:01.0505 5224	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:55:01.0534 5224	SNMPTRAP - ok
12:55:01.0570 5224	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:55:01.0579 5224	spldr - ok
12:55:01.0616 5224	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:55:01.0663 5224	Spooler - ok
12:55:01.0724 5224	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:55:01.0831 5224	sppsvc - ok
12:55:01.0877 5224	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:55:01.0936 5224	sppuinotify - ok
12:55:02.0000 5224	sptd            (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
12:55:02.0021 5224	sptd - ok
12:55:02.0058 5224	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:55:02.0124 5224	srv - ok
12:55:02.0172 5224	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:55:02.0202 5224	srv2 - ok
12:55:02.0253 5224	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:55:02.0288 5224	srvnet - ok
12:55:02.0333 5224	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:55:02.0380 5224	SSDPSRV - ok
12:55:02.0408 5224	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:55:02.0469 5224	SstpSvc - ok
12:55:02.0557 5224	Steam Client Service - ok
12:55:02.0585 5224	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:55:02.0597 5224	stexstor - ok
12:55:02.0635 5224	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:55:02.0682 5224	stisvc - ok
12:55:02.0739 5224	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:55:02.0749 5224	swenum - ok
12:55:02.0801 5224	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:55:02.0833 5224	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:55:02.0833 5224	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:55:02.0872 5224	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:55:02.0924 5224	swprv - ok
12:55:02.0973 5224	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:55:03.0048 5224	SysMain - ok
12:55:03.0076 5224	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:55:03.0107 5224	TabletInputService - ok
12:55:03.0119 5224	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:55:03.0162 5224	TapiSrv - ok
12:55:03.0180 5224	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:55:03.0209 5224	TBS - ok
12:55:03.0282 5224	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:55:03.0348 5224	Tcpip - ok
12:55:03.0386 5224	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:55:03.0410 5224	TCPIP6 - ok
12:55:03.0432 5224	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:55:03.0476 5224	tcpipreg - ok
12:55:03.0496 5224	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:55:03.0510 5224	TDPIPE - ok
12:55:03.0551 5224	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:55:03.0564 5224	TDTCP - ok
12:55:03.0582 5224	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:55:03.0639 5224	tdx - ok
12:55:03.0685 5224	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:55:03.0696 5224	TermDD - ok
12:55:03.0728 5224	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:55:03.0797 5224	TermService - ok
12:55:03.0832 5224	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:55:03.0842 5224	Themes - ok
12:55:03.0868 5224	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:55:03.0889 5224	THREADORDER - ok
12:55:03.0910 5224	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:55:03.0951 5224	TrkWks - ok
12:55:03.0993 5224	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:55:04.0054 5224	TrustedInstaller - ok
12:55:04.0101 5224	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:55:04.0150 5224	tssecsrv - ok
12:55:04.0207 5224	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:55:04.0230 5224	TsUsbFlt - ok
12:55:04.0280 5224	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:55:04.0295 5224	TsUsbGD - ok
12:55:04.0325 5224	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:55:04.0364 5224	tunnel - ok
12:55:04.0406 5224	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:55:04.0413 5224	uagp35 - ok
12:55:04.0437 5224	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:55:04.0484 5224	udfs - ok
12:55:04.0517 5224	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:55:04.0545 5224	UI0Detect - ok
12:55:04.0594 5224	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:55:04.0601 5224	uliagpkx - ok
12:55:04.0633 5224	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:55:04.0659 5224	umbus - ok
12:55:04.0708 5224	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:55:04.0727 5224	UmPass - ok
12:55:04.0831 5224	UNS             (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:55:04.0859 5224	UNS - ok
12:55:04.0878 5224	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:55:04.0922 5224	upnphost - ok
12:55:04.0957 5224	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:55:05.0009 5224	usbccgp - ok
12:55:05.0039 5224	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:55:05.0072 5224	usbcir - ok
12:55:05.0106 5224	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:55:05.0147 5224	usbehci - ok
12:55:05.0191 5224	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
12:55:05.0206 5224	usbhub - ok
12:55:05.0224 5224	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:55:05.0234 5224	usbohci - ok
12:55:05.0254 5224	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:55:05.0266 5224	usbprint - ok
12:55:05.0292 5224	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:55:05.0343 5224	USBSTOR - ok
12:55:05.0367 5224	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:55:05.0397 5224	usbuhci - ok
12:55:05.0427 5224	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:55:05.0464 5224	UxSms - ok
12:55:05.0501 5224	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:55:05.0514 5224	VaultSvc - ok
12:55:05.0552 5224	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:55:05.0562 5224	vdrvroot - ok
12:55:05.0586 5224	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:55:05.0628 5224	vds - ok
12:55:05.0664 5224	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:55:05.0679 5224	vga - ok
12:55:05.0702 5224	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:55:05.0756 5224	VgaSave - ok
12:55:05.0776 5224	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:55:05.0788 5224	vhdmp - ok
12:55:05.0817 5224	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:55:05.0826 5224	viaide - ok
12:55:05.0855 5224	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:55:05.0866 5224	volmgr - ok
12:55:05.0882 5224	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:55:05.0897 5224	volmgrx - ok
12:55:05.0917 5224	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:55:05.0931 5224	volsnap - ok
12:55:05.0969 5224	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:55:05.0980 5224	vsmraid - ok
12:55:06.0028 5224	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:55:06.0100 5224	VSS - ok
12:55:06.0130 5224	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:55:06.0155 5224	vwifibus - ok
12:55:06.0197 5224	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:55:06.0235 5224	vwififlt - ok
12:55:06.0271 5224	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:55:06.0318 5224	W32Time - ok
12:55:06.0348 5224	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:55:06.0377 5224	WacomPen - ok
12:55:06.0419 5224	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:06.0463 5224	WANARP - ok
12:55:06.0467 5224	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:06.0491 5224	Wanarpv6 - ok
12:55:06.0521 5224	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:55:06.0595 5224	wbengine - ok
12:55:06.0609 5224	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:55:06.0635 5224	WbioSrvc - ok
12:55:06.0663 5224	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:55:06.0698 5224	wcncsvc - ok
12:55:06.0722 5224	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:55:06.0775 5224	WcsPlugInService - ok
12:55:06.0835 5224	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:55:06.0846 5224	Wd - ok
12:55:06.0883 5224	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:55:06.0908 5224	Wdf01000 - ok
12:55:06.0931 5224	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:55:07.0029 5224	WdiServiceHost - ok
12:55:07.0034 5224	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:55:07.0056 5224	WdiSystemHost - ok
12:55:07.0070 5224	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:55:07.0099 5224	WebClient - ok
12:55:07.0157 5224	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:55:07.0210 5224	Wecsvc - ok
12:55:07.0238 5224	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:55:07.0303 5224	wercplsupport - ok
12:55:07.0328 5224	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:55:07.0373 5224	WerSvc - ok
12:55:07.0445 5224	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:55:07.0485 5224	WfpLwf - ok
12:55:07.0508 5224	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:55:07.0514 5224	WIMMount - ok
12:55:07.0547 5224	WinDefend - ok
12:55:07.0552 5224	WinHttpAutoProxySvc - ok
12:55:07.0608 5224	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:55:07.0665 5224	Winmgmt - ok
12:55:07.0714 5224	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:55:07.0770 5224	WinRM - ok
12:55:07.0796 5224	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:55:07.0833 5224	Wlansvc - ok
12:55:07.0959 5224	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:55:08.0021 5224	wlidsvc - ok
12:55:08.0061 5224	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:55:08.0092 5224	WmiAcpi - ok
12:55:08.0146 5224	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:55:08.0178 5224	wmiApSrv - ok
12:55:08.0220 5224	WMPNetworkSvc - ok
12:55:08.0243 5224	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:55:08.0260 5224	WPCSvc - ok
12:55:08.0284 5224	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:55:08.0301 5224	WPDBusEnum - ok
12:55:08.0329 5224	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:55:08.0382 5224	ws2ifsl - ok
12:55:08.0402 5224	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:55:08.0412 5224	wscsvc - ok
12:55:08.0419 5224	WSearch - ok
12:55:08.0471 5224	wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
12:55:08.0483 5224	wsvd - ok
12:55:08.0548 5224	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:55:08.0640 5224	wuauserv - ok
12:55:08.0655 5224	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:55:08.0717 5224	WudfPf - ok
12:55:08.0775 5224	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:08.0834 5224	WUDFRd - ok
12:55:08.0847 5224	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:55:08.0881 5224	wudfsvc - ok
12:55:08.0896 5224	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:55:08.0928 5224	WwanSvc - ok
12:55:08.0991 5224	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
12:55:09.0040 5224	xusb21 - ok
12:55:09.0061 5224	MBR (0x1B8)     (753ca1d394f3c0855134963d7361060f) \Device\Harddisk0\DR0
12:55:10.0650 5224	\Device\Harddisk0\DR0 - ok
12:55:10.0662 5224	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:55:10.0729 5224	\Device\Harddisk1\DR1 - ok
12:55:10.0774 5224	Boot (0x1200)   (49df074e379c006b0de23721b7b16ffc) \Device\Harddisk0\DR0\Partition0
12:55:10.0777 5224	\Device\Harddisk0\DR0\Partition0 - ok
12:55:10.0785 5224	Boot (0x1200)   (84a99c6efe08312ba4741a1e93351767) \Device\Harddisk0\DR0\Partition1
12:55:10.0787 5224	\Device\Harddisk0\DR0\Partition1 - ok
12:55:10.0819 5224	Boot (0x1200)   (58406c8e820a09c1c6874e5051dea4a1) \Device\Harddisk0\DR0\Partition2
12:55:10.0821 5224	\Device\Harddisk0\DR0\Partition2 - ok
12:55:10.0823 5224	Boot (0x1200)   (4984e8a6737fb69f8d5b985cd4c1e553) \Device\Harddisk1\DR1\Partition0
12:55:10.0825 5224	\Device\Harddisk1\DR1\Partition0 - ok
12:55:10.0825 5224	============================================================
12:55:10.0825 5224	Scan finished
12:55:10.0825 5224	============================================================
12:55:10.0835 5624	Detected object count: 1
12:55:10.0835 5624	Actual detected object count: 1
12:58:45.0652 5624	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:45.0652 5624	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:49.0397 5628	Deinitialize success
         

Alt 10.04.2012, 15:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Standard

"Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
abgesicherte, abgesicherten, achtung, anti-malware, antivir, befinden, dateien, erstell, erstellt, extras, funde, gestartet, hilfesuche, home, malwarebytes, meldung, modus, nicht mehr, ratlos, seitdem, service, stunde, stunden, warnmeldung, wirklich



Ähnliche Themen: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."


  1. Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (11)
  2. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  4. Windows (Task-Manager, etc.) blockiert; "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem..."
    Log-Analyse und Auswertung - 08.03.2012 (12)
  5. "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" OTL Log
    Log-Analyse und Auswertung - 06.03.2012 (12)
  6. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  7. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  8. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (54)
  9. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT
    Log-Analyse und Auswertung - 06.02.2012 (23)
  10. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  11. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  12. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Log-Analyse und Auswertung - 16.01.2012 (9)
  13. "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert.", schwarz-rot-gold, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (5)
  14. Trojaner: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.01.2012 (24)
  15. TROJANER - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 06.01.2012 (11)
  16. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  17. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (9)

Zum Thema "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." - Hallo, vor einigen Stunden habe ich die Meldung "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." bekommen und seitdem komme ich nicht mehr ins Windows. Ich habe den PC schon im - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."...
Archiv
Du betrachtest: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.