Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Entfernung des Ukash Trojaners und Dateiwiederherstellung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.06.2012, 17:23   #1
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Hallo ich habe seit kurzem einen Ukash Trojaner der Versoin 2.06. Ich habe bereits einige Schritte eingeleitet bevor ich auf dieses Forum gestoßen bin und bräuchte jetzt weitere Hilfe da ich befürchte das der Trojaner nicht ganz erledigt ist. Mein Virenprogramm Microsoft Security Essential hab im abgesicherten Modus mit Eingabe bereits die Ausführung des Trojaners nach einem vollständigen Scan unterbunden. So konnte ich meinen Rechner normal starten und theoretisch wieder mit ihm arbeiten. Nach einer Aktualisierung des Scanners und einem weiteren vollständigen Scan habe ich alle gefundenen Elemente gelöscht.
Jetzt habe ich aus Angst das der Trojaner noch da ist die beschriebenen Schritte durchgeführt..
Im Anhang sind die entsprechenden Datein. Was soll ich jetzt tun???? LG Lisa
Angehängte Dateien
Dateityp: txt OTL.Txt (91,4 KB, 459x aufgerufen)

Alt 18.06.2012, 11:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 18.06.2012, 19:16   #3
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Ok erstmal vielen Dank für die Antwort, habe alles so gamacht wie beschrieben hier die Logs. Hoffe es geht so manchmal bin ich leider etwas unbrauchbar daher kein Code-Tag. Ich habs als Anhang..
__________________
Angehängte Dateien
Dateityp: txt log.txt (3,5 KB, 169x aufgerufen)
Dateityp: txt mbam-log-2012-06-18 (14-49-58).txt (3,4 KB, 161x aufgerufen)

Alt 18.06.2012, 21:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Code:
ATTFilter
C:\Users\Liz\AppData\Local\Temp\miaE282.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe
         
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Code:
ATTFilter
C:\Bildbearbeitung\SoftonicDownloader_fuer_gimp.exe
         
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 17:33   #5
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Also auf dem Desktop vermisse ich weder Ordner noch Anwendungen oder Ordnerinhalte. Ich kann den normalen Modus von Windows wieder benutzen. Soweit ich weiß funktionieren alle Anwendungen wobei ich bei meinem Bildbearbeitungsprogramm also Gimp (das ich mit Softonic runtergeladen habe) eine kleine Aufbauveränderung bemerkt habe (kein Fuktionsverlust sieht eher nach ner neueren Version aus). Aber alle Datein also Bilder, Dokumente und Musik in verschiedensten Ordner sind locked und somit nicht zu öffnen. Auch neu angelegte Dokumente beispielsweise werden sofort nach dem abspeichern locked.

Noch kurz zum registry cleaner ich hab ehrlich gesagt keine Ahnung wo der herkommt. Wissentlich also mutwillig oder ähnliches hab ich den mir sicher nicht geholt. Hängt der bei irgendwas mir dran sodass er einfach mit gedownloaded wird bei einer Anwendung oder etc.??


Alt 19.06.2012, 22:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Entfernung des Ukash Trojaners und Dateiwiederherstellung

Alt 20.06.2012, 16:06   #7
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Ok hier ist es:

Code:
ATTFilter
OTL logfile created on: 20.06.2012 16:22:39 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Liz\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 33,64% Memory free
7,73 Gb Paging File | 4,16 Gb Available in Paging File | 53,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,90 Gb Total Space | 84,87 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 95,41 Mb Free Space | 96,05% Space Free | Partition Type: FAT32
Unable to calculate disk information.
 
Computer Name: LIZ-PC | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 20:36:25 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012.06.14 20:35:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 20:35:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.06.14 20:35:15 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012.05.18 12:52:59 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012.05.09 16:50:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 16:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 16:50:04 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012.05.09 16:49:29 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll
MOD - [2012.05.09 16:49:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.09 16:49:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.09 16:49:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.09 16:49:07 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.09 16:49:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011.09.18 13:19:32 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.24 12:30:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.01.24 12:30:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010.01.24 12:30:15 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.09.29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009.09.29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009.09.29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009.09.29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009.09.29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009.09.29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009.09.29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009.09.29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gerhart-hauptmann-gymnasium.de/
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Liz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.25 19:39:58 | 000,000,000 | ---D | M]
 
[2012.05.29 16:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7AC60A-6F36-452C-83E6-B7276A634670}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{34A028E3-EB05-4902-83B8-5AAE0C5EDB32} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 18:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.18 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes
[2012.06.18 14:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 14:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.18 14:47:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.14 18:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.14 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.14 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com
[2012.06.14 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.14 17:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.06.14 17:37:27 | 000,937,024 | ---- | C] (ShadowExplorer.com                                          ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe
[2012.06.14 17:20:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2012.05.29 18:50:48 | 000,000,000 | ---D | C] -- C:\Users\Liz\Desktop\Hausarbeit GEO
[2012.05.29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\Sony
[2012.05.29 16:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic
[2012.05.29 16:34:18 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.29 16:33:00 | 001,671,128 | ---- | C] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe
[2012.05.29 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.05.29 16:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\APN
[2012.05.29 16:27:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Sony
[2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 16:18:38 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.20 16:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 16:18:18 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 19:35:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 18:09:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job
[2012.06.18 14:48:01 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 14:13:23 | 000,000,147 | ---- | M] () -- C:\Windows\system32err.xml
[2012.06.14 20:34:15 | 000,394,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 18:21:48 | 000,015,363 | ---- | M] () -- C:\Users\Liz\Desktop\Extras.rar
[2012.06.14 18:06:22 | 001,110,476 | ---- | M] () -- C:\Users\Liz\Desktop\7z920.exe
[2012.06.14 17:39:58 | 000,001,845 | ---- | M] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk
[2012.06.14 17:37:27 | 000,937,024 | ---- | M] (ShadowExplorer.com                                          ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe
[2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2012.06.14 17:19:37 | 000,000,000 | ---- | M] () -- C:\Users\Liz\defogger_reenable
[2012.06.14 09:55:49 | 001,478,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 09:55:49 | 000,645,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 09:55:49 | 000,609,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 09:55:49 | 000,127,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 09:55:49 | 000,104,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.07 15:18:22 | 000,000,680 | ---- | M] () -- C:\Users\Liz\locked-ntuser.pol.bzis
[2012.06.07 15:17:37 | 000,010,240 | ---- | M] () -- C:\Users\Liz\Documents\locked-Öffnungszeiten Bahnhof WR.wps.pnsc
[2012.06.07 15:17:33 | 000,025,770 | ---- | M] () -- C:\Users\Liz\Documents\locked-Weil ich das Herz dazu habe!.odt.lbhr
[2012.06.07 15:17:33 | 000,002,676 | ---- | M] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz
[2012.06.07 15:17:32 | 000,027,136 | ---- | M] () -- C:\Users\Liz\Documents\locked-Turba Insula-Primo Aduento Menses.wps.xxon
[2012.06.07 15:17:30 | 000,673,280 | ---- | M] () -- C:\Users\Liz\Documents\locked-sbk-we in werni.wps.irbi
[2012.06.07 15:17:30 | 000,194,540 | ---- | M] () -- C:\Users\Liz\Documents\locked-Schueler-Test-Ergebnis_Hofmann.pdf.xjox
[2012.06.07 15:17:28 | 000,016,896 | ---- | M] () -- C:\Users\Liz\Documents\locked-Praktikumsbericht.wps.zzhz
[2012.06.07 15:17:20 | 000,175,599 | ---- | M] () -- C:\Users\Liz\Documents\locked-Muttizettel.pdf.tqxq
[2012.06.07 15:17:20 | 000,002,301 | ---- | M] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr
[2012.06.07 15:16:17 | 000,040,448 | ---- | M] () -- C:\Users\Liz\Documents\locked-Mein Leben mit dem Herr.wps.qonj
[2012.06.07 15:16:16 | 000,020,489 | ---- | M] () -- C:\Users\Liz\Documents\locked-hörspiel.odt.qnnf
[2012.06.07 15:16:16 | 000,009,728 | ---- | M] () -- C:\Users\Liz\Documents\locked-Gedicht.wps.aeaa
[2012.06.07 15:15:44 | 000,013,312 | ---- | M] () -- C:\Users\Liz\Documents\locked-Bewerbung.wps.nrss
[2012.06.07 15:15:44 | 000,012,288 | ---- | M] () -- C:\Users\Liz\Documents\locked-Christologie.wps.libi
[2012.06.07 15:15:42 | 001,671,128 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu
[2012.06.07 15:15:42 | 000,033,551 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Rinces Gewichtstabelle Damen.ods.apal
[2012.06.07 15:15:42 | 000,013,596 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht_deutsch.pdf.puar
[2012.06.07 15:15:42 | 000,010,752 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Reisevollmacht.wps.kkyp
[2012.06.07 15:15:42 | 000,000,195 | ---- | M] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb
[2012.06.07 15:15:41 | 665,127,020 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P1280038.AVI.dofq
[2012.06.07 15:15:41 | 1179,021,868 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru
[2012.06.07 15:15:41 | 000,011,497 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht TAB.odt.ulvr
[2012.06.07 15:15:34 | 003,894,873 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Deutsch Romantik.odp.shli
[2012.06.07 15:15:34 | 002,682,410 | ---- | M] () -- C:\Users\Liz\locked-Derenburg neu Dari.jpg.tojf
[2012.06.07 15:15:34 | 000,010,267 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Abnehmen.ods.wfwe
[2012.06.07 15:15:02 | 000,001,854 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr
[2012.06.07 15:12:50 | 000,072,185 | ---- | M] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe
[2012.05.29 16:35:37 | 000,000,111 | ---- | M] () -- C:\user.js
[2012.05.29 16:34:18 | 000,001,199 | ---- | M] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.29 16:34:18 | 000,001,188 | ---- | M] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk
[2012.05.29 16:33:31 | 001,671,128 | ---- | M] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe
[2012.05.29 11:45:17 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLIZ-PC$.job
[2012.05.27 15:45:07 | 000,011,788 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\wklnhst.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.18 14:48:01 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 18:21:45 | 000,015,363 | ---- | C] () -- C:\Users\Liz\Desktop\Extras.rar
[2012.06.14 18:06:21 | 001,110,476 | ---- | C] () -- C:\Users\Liz\Desktop\7z920.exe
[2012.06.14 17:39:58 | 000,001,845 | ---- | C] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk
[2012.06.14 17:19:37 | 000,000,000 | ---- | C] () -- C:\Users\Liz\defogger_reenable
[2012.06.04 18:13:30 | 000,072,185 | ---- | C] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe
[2012.06.03 17:35:38 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job
[2012.06.02 15:04:01 | 000,002,301 | ---- | C] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr
[2012.05.29 16:59:50 | 000,002,676 | ---- | C] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz
[2012.05.29 16:35:37 | 000,000,111 | ---- | C] () -- C:\user.js
[2012.05.29 16:34:18 | 000,001,199 | ---- | C] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.29 16:34:18 | 000,001,188 | ---- | C] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk
[2012.05.29 16:33:00 | 001,671,128 | ---- | C] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu
[2012.05.28 18:44:01 | 000,000,195 | ---- | C] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb
[2012.05.28 12:40:16 | 1179,021,868 | ---- | C] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru
[2011.07.19 18:08:50 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.27 16:47:29 | 000,001,854 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr
[2011.01.26 16:12:54 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.10 11:52:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010.09.06 21:53:46 | 000,005,120 | ---- | C] () -- C:\Users\Liz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 11:48:12 | 000,216,695 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\mdbu.bin
[2010.06.28 17:37:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
 
========== LOP Check ==========
 
[2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft
[2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon
[2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft
[2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0
[2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ
[2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3
[2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org
[2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony
[2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template
[2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net
[2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com
[2012.04.15 20:00:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft
[2011.06.25 12:42:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Adobe
[2012.01.13 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Apple Computer
[2010.05.14 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ATI
[2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon
[2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.02.20 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CyberLink
[2010.08.22 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DivX
[2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft
[2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.14 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Google
[2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0
[2011.05.08 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Hewlett-Packard
[2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HP Support Assistant
[2012.06.11 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\hpqLog
[2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HpUpdate
[2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ
[2010.05.14 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Identities
[2010.05.18 17:17:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Macromedia
[2012.06.18 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Malwarebytes
[2010.02.11 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Media Center Programs
[2012.01.09 21:57:17 | 000,000,000 | --SD | M] -- C:\Users\Liz\AppData\Roaming\Microsoft
[2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla
[2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\NCH Software
[2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3
[2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org
[2012.06.11 20:20:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Skype
[2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony
[2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template
[2012.06.05 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\vlc
[2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net
[2011.03.10 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\WinRAR
[2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com
 
< %APPDATA%\*.exe /s >
[2011.06.25 12:42:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Liz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         

Alt 20.06.2012, 22:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gerhart-hauptmann-gymnasium.de/
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = http://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = http://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = http://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = http://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100
:Files
C:\Program Files (x86)\Softonic
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Ask.com
C:\ProgramData\SweetIM
C:\Windows\system32err.xml
C:\user.js
C:\Users\Liz\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 18:56   #9
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Hier ist die Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09038620-190C-402B-A92F-18864E6AB22F}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40064957-18EB-412d-9146-3F57E8D92EEC}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh folder moved successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0 folder moved successfully.
C:\Program Files (x86)\Softonic\Softonic folder moved successfully.
C:\Program Files (x86)\Softonic folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\ProgramData\SweetIM\Messenger\update folder moved successfully.
C:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
C:\ProgramData\SweetIM\Messenger folder moved successfully.
C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
C:\ProgramData\SweetIM\Communicator folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Windows\system32err.xml moved successfully.
C:\user.js moved successfully.
C:\Users\Liz\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Franz
 
User: Liz
->Temp folder emptied: 614877201 bytes
->Temporary Internet Files folder emptied: 4463834988 bytes
->Java cache emptied: 18727 bytes
->Google Chrome cache emptied: 6679271 bytes
->Flash cache emptied: 81493 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106859823 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 98506496 bytes
 
Total Files Cleaned = 5.046,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Franz
 
User: Liz
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06222012_194655

Files\Folders moved on Reboot...
C:\Users\Liz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...
         

Hat soweit alles gut funktioniert. Wie gehts weiter? Kann ich auch in den anderen Sachen Malware und Eset die infizierten Datein jetzt löschen?
LG LisaMarie

Alt 24.06.2012, 15:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 17:40   #11
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Hier das Log:

Code:
ATTFilter
18:33:13.0650 6064	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
18:33:13.0884 6064	============================================================
18:33:13.0884 6064	Current date / time: 2012/06/24 18:33:13.0884
18:33:13.0884 6064	SystemInfo:
18:33:13.0884 6064	
18:33:13.0884 6064	OS Version: 6.1.7600 ServicePack: 0.0
18:33:13.0884 6064	Product type: Workstation
18:33:13.0884 6064	ComputerName: LIZ-PC
18:33:13.0884 6064	UserName: Liz
18:33:13.0884 6064	Windows directory: C:\Windows
18:33:13.0884 6064	System windows directory: C:\Windows
18:33:13.0884 6064	Running under WOW64
18:33:13.0884 6064	Processor architecture: Intel x64
18:33:13.0884 6064	Number of processors: 4
18:33:13.0884 6064	Page size: 0x1000
18:33:13.0884 6064	Boot type: Normal boot
18:33:13.0884 6064	============================================================
18:33:14.0305 6064	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:14.0305 6064	============================================================
18:33:14.0305 6064	\Device\Harddisk0\DR0:
18:33:14.0305 6064	MBR partitions:
18:33:14.0305 6064	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:33:14.0305 6064	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239CC000
18:33:14.0305 6064	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A30000, BlocksNum 0x19CA800
18:33:14.0305 6064	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:33:14.0305 6064	============================================================
18:33:14.0321 6064	C: <-> \Device\Harddisk0\DR0\Partition1
18:33:14.0367 6064	D: <-> \Device\Harddisk0\DR0\Partition2
18:33:14.0383 6064	E: <-> \Device\Harddisk0\DR0\Partition3
18:33:14.0383 6064	============================================================
18:33:14.0383 6064	Initialize success
18:33:14.0383 6064	============================================================
18:33:27.0643 5396	============================================================
18:33:27.0643 5396	Scan started
18:33:27.0643 5396	Mode: Manual; SigCheck; TDLFS; 
18:33:27.0643 5396	============================================================
18:33:28.0220 5396	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:33:28.0361 5396	1394ohci - ok
18:33:28.0439 5396	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:33:28.0470 5396	ACPI - ok
18:33:28.0517 5396	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:33:28.0610 5396	AcpiPmi - ok
18:33:28.0719 5396	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:33:28.0735 5396	AdobeARMservice - ok
18:33:28.0844 5396	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:28.0891 5396	adp94xx - ok
18:33:28.0969 5396	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:29.0016 5396	adpahci - ok
18:33:29.0047 5396	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:29.0094 5396	adpu320 - ok
18:33:29.0125 5396	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:33:29.0297 5396	AeLookupSvc - ok
18:33:29.0375 5396	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:33:29.0406 5396	AERTFilters - ok
18:33:29.0499 5396	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:33:29.0577 5396	AFD - ok
18:33:29.0718 5396	AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:33:29.0827 5396	AgereSoftModem - ok
18:33:29.0889 5396	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:33:29.0905 5396	agp440 - ok
18:33:29.0952 5396	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:33:30.0045 5396	ALG - ok
18:33:30.0108 5396	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:33:30.0123 5396	aliide - ok
18:33:30.0201 5396	AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe
18:33:30.0295 5396	AMD External Events Utility - ok
18:33:30.0311 5396	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:33:30.0326 5396	amdide - ok
18:33:30.0404 5396	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:30.0467 5396	AmdK8 - ok
18:33:30.0498 5396	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:30.0545 5396	AmdPPM - ok
18:33:30.0591 5396	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:33:30.0623 5396	amdsata - ok
18:33:30.0685 5396	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:30.0716 5396	amdsbs - ok
18:33:30.0732 5396	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:33:30.0747 5396	amdxata - ok
18:33:30.0810 5396	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:33:30.0919 5396	AppID - ok
18:33:30.0935 5396	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:33:30.0997 5396	AppIDSvc - ok
18:33:31.0044 5396	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:33:31.0091 5396	Appinfo - ok
18:33:31.0137 5396	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:33:31.0169 5396	arc - ok
18:33:31.0184 5396	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:31.0215 5396	arcsas - ok
18:33:31.0262 5396	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:31.0325 5396	AsyncMac - ok
18:33:31.0371 5396	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:33:31.0387 5396	atapi - ok
18:33:31.0543 5396	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:33:31.0652 5396	athr - ok
18:33:31.0824 5396	AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
18:33:31.0871 5396	AtiHdmiService - ok
18:33:32.0339 5396	atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
18:33:32.0479 5396	atikmdag - ok
18:33:32.0651 5396	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:32.0791 5396	AudioEndpointBuilder - ok
18:33:32.0807 5396	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:32.0853 5396	AudioSrv - ok
18:33:32.0885 5396	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:33:32.0994 5396	AxInstSV - ok
18:33:33.0087 5396	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:33:33.0150 5396	b06bdrv - ok
18:33:33.0228 5396	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:33.0275 5396	b57nd60a - ok
18:33:33.0306 5396	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:33:33.0368 5396	BDESVC - ok
18:33:33.0368 5396	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:33:33.0446 5396	Beep - ok
18:33:33.0540 5396	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:33:33.0618 5396	BFE - ok
18:33:33.0696 5396	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:33:33.0774 5396	BITS - ok
18:33:33.0852 5396	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:33.0883 5396	blbdrive - ok
18:33:33.0930 5396	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:33:34.0008 5396	bowser - ok
18:33:34.0055 5396	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:34.0086 5396	BrFiltLo - ok
18:33:34.0101 5396	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:34.0117 5396	BrFiltUp - ok
18:33:34.0164 5396	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:33:34.0257 5396	Browser - ok
18:33:34.0304 5396	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:33:34.0335 5396	Brserid - ok
18:33:34.0367 5396	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:34.0413 5396	BrSerWdm - ok
18:33:34.0429 5396	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:34.0476 5396	BrUsbMdm - ok
18:33:34.0491 5396	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:34.0538 5396	BrUsbSer - ok
18:33:34.0569 5396	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:34.0616 5396	BTHMODEM - ok
18:33:34.0647 5396	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:33:34.0725 5396	bthserv - ok
18:33:34.0772 5396	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:34.0866 5396	cdfs - ok
18:33:34.0913 5396	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:33:34.0959 5396	cdrom - ok
18:33:35.0006 5396	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:33:35.0069 5396	CertPropSvc - ok
18:33:35.0115 5396	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:33:35.0162 5396	circlass - ok
18:33:35.0225 5396	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:33:35.0256 5396	CLFS - ok
18:33:35.0318 5396	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:35.0334 5396	clr_optimization_v2.0.50727_32 - ok
18:33:35.0381 5396	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:35.0396 5396	clr_optimization_v2.0.50727_64 - ok
18:33:35.0459 5396	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:35.0474 5396	CmBatt - ok
18:33:35.0490 5396	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:33:35.0505 5396	cmdide - ok
18:33:35.0568 5396	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:33:35.0646 5396	CNG - ok
18:33:35.0771 5396	Com4QLBEx       (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:33:35.0786 5396	Com4QLBEx - ok
18:33:35.0833 5396	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:35.0849 5396	Compbatt - ok
18:33:35.0911 5396	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:33:35.0958 5396	CompositeBus - ok
18:33:35.0973 5396	COMSysApp - ok
18:33:35.0989 5396	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:36.0005 5396	crcdisk - ok
18:33:36.0067 5396	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:33:36.0161 5396	CryptSvc - ok
18:33:36.0223 5396	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:33:36.0317 5396	DcomLaunch - ok
18:33:36.0379 5396	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:33:36.0457 5396	defragsvc - ok
18:33:36.0519 5396	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:33:36.0551 5396	DfsC - ok
18:33:36.0613 5396	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:33:36.0707 5396	Dhcp - ok
18:33:36.0738 5396	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:33:36.0800 5396	discache - ok
18:33:36.0847 5396	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:33:36.0878 5396	Disk - ok
18:33:36.0925 5396	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:33:36.0972 5396	Dnscache - ok
18:33:37.0003 5396	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:33:37.0097 5396	dot3svc - ok
18:33:37.0128 5396	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:33:37.0190 5396	DPS - ok
18:33:37.0221 5396	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:33:37.0253 5396	drmkaud - ok
18:33:37.0346 5396	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:37.0393 5396	DXGKrnl - ok
18:33:37.0455 5396	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:33:37.0549 5396	EapHost - ok
18:33:37.0799 5396	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:33:37.0892 5396	ebdrv - ok
18:33:38.0017 5396	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:33:38.0064 5396	EFS - ok
18:33:38.0189 5396	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:33:38.0267 5396	ehRecvr - ok
18:33:38.0313 5396	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:33:38.0376 5396	ehSched - ok
18:33:38.0485 5396	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:38.0516 5396	elxstor - ok
18:33:38.0532 5396	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:33:38.0563 5396	ErrDev - ok
18:33:38.0641 5396	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:33:38.0735 5396	EventSystem - ok
18:33:38.0797 5396	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:33:38.0891 5396	exfat - ok
18:33:38.0922 5396	ezSharedSvc - ok
18:33:38.0953 5396	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:33:39.0047 5396	fastfat - ok
18:33:39.0125 5396	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:33:39.0187 5396	Fax - ok
18:33:39.0234 5396	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:33:39.0281 5396	fdc - ok
18:33:39.0296 5396	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:33:39.0359 5396	fdPHost - ok
18:33:39.0390 5396	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:33:39.0437 5396	FDResPub - ok
18:33:39.0468 5396	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:33:39.0483 5396	FileInfo - ok
18:33:39.0499 5396	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:33:39.0546 5396	Filetrace - ok
18:33:39.0577 5396	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:39.0608 5396	flpydisk - ok
18:33:39.0624 5396	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:33:39.0639 5396	FltMgr - ok
18:33:39.0764 5396	FontCache       (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
18:33:39.0858 5396	FontCache - ok
18:33:39.0889 5396	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:39.0920 5396	FontCache3.0.0.0 - ok
18:33:39.0936 5396	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:33:39.0951 5396	FsDepends - ok
18:33:39.0983 5396	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:39.0998 5396	Fs_Rec - ok
18:33:40.0061 5396	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:40.0092 5396	fvevol - ok
18:33:40.0139 5396	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:40.0154 5396	gagp30kx - ok
18:33:40.0248 5396	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:33:40.0326 5396	gpsvc - ok
18:33:40.0419 5396	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:40.0451 5396	gupdate - ok
18:33:40.0482 5396	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:40.0482 5396	gupdatem - ok
18:33:40.0513 5396	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:40.0529 5396	gusvc - ok
18:33:40.0591 5396	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:33:40.0653 5396	hcw85cir - ok
18:33:40.0716 5396	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:33:40.0778 5396	HdAudAddService - ok
18:33:40.0825 5396	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:33:40.0872 5396	HDAudBus - ok
18:33:40.0887 5396	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:33:40.0903 5396	HECIx64 - ok
18:33:40.0919 5396	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:40.0950 5396	HidBatt - ok
18:33:40.0981 5396	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:33:41.0028 5396	HidBth - ok
18:33:41.0059 5396	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:33:41.0106 5396	HidIr - ok
18:33:41.0137 5396	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:33:41.0231 5396	hidserv - ok
18:33:41.0246 5396	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:33:41.0262 5396	HidUsb - ok
18:33:41.0277 5396	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:33:41.0371 5396	hkmsvc - ok
18:33:41.0402 5396	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:33:41.0465 5396	HomeGroupListener - ok
18:33:41.0511 5396	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:33:41.0543 5396	HomeGroupProvider - ok
18:33:41.0667 5396	HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:33:41.0683 5396	HP Support Assistant Service - ok
18:33:41.0745 5396	HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:33:41.0777 5396	HPDrvMntSvc.exe - ok
18:33:41.0823 5396	HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:33:41.0870 5396	HpqKbFiltr - ok
18:33:41.0979 5396	hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:33:42.0026 5396	hpqwmiex - ok
18:33:42.0073 5396	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:33:42.0104 5396	HpSAMD - ok
18:33:42.0213 5396	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:33:42.0291 5396	HTTP - ok
18:33:42.0323 5396	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:33:42.0323 5396	hwpolicy - ok
18:33:42.0369 5396	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:33:42.0385 5396	i8042prt - ok
18:33:42.0432 5396	iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:33:42.0447 5396	iaStor - ok
18:33:42.0510 5396	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:33:42.0541 5396	iaStorV - ok
18:33:42.0650 5396	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:42.0697 5396	idsvc - ok
18:33:43.0134 5396	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:43.0274 5396	igfx - ok
18:33:43.0383 5396	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:33:43.0399 5396	iirsp - ok
18:33:43.0493 5396	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:33:43.0586 5396	IKEEXT - ok
18:33:43.0805 5396	IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
18:33:43.0883 5396	IntcAzAudAddService - ok
18:33:43.0992 5396	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:33:44.0007 5396	intelide - ok
18:33:44.0070 5396	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:33:44.0101 5396	intelppm - ok
18:33:44.0132 5396	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:33:44.0210 5396	IPBusEnum - ok
18:33:44.0257 5396	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:44.0319 5396	IpFilterDriver - ok
18:33:44.0397 5396	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:33:44.0491 5396	iphlpsvc - ok
18:33:44.0507 5396	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:33:44.0538 5396	IPMIDRV - ok
18:33:44.0553 5396	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:33:44.0616 5396	IPNAT - ok
18:33:44.0647 5396	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:33:44.0663 5396	IRENUM - ok
18:33:44.0694 5396	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:33:44.0709 5396	isapnp - ok
18:33:44.0741 5396	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:33:44.0787 5396	iScsiPrt - ok
18:33:44.0803 5396	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:33:44.0819 5396	kbdclass - ok
18:33:44.0865 5396	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:33:44.0912 5396	kbdhid - ok
18:33:44.0943 5396	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:44.0959 5396	KeyIso - ok
18:33:44.0975 5396	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:33:45.0006 5396	KSecDD - ok
18:33:45.0037 5396	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:45.0053 5396	KSecPkg - ok
18:33:45.0068 5396	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:33:45.0146 5396	ksthunk - ok
18:33:45.0193 5396	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:33:45.0271 5396	KtmRm - ok
18:33:45.0318 5396	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:33:45.0396 5396	LanmanServer - ok
18:33:45.0427 5396	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:33:45.0489 5396	LanmanWorkstation - ok
18:33:45.0583 5396	LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:33:45.0599 5396	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:33:45.0599 5396	LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:33:45.0630 5396	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:45.0692 5396	lltdio - ok
18:33:45.0739 5396	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:33:45.0801 5396	lltdsvc - ok
18:33:45.0848 5396	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:33:45.0879 5396	lmhosts - ok
18:33:45.0973 5396	LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:33:46.0004 5396	LMS - ok
18:33:46.0067 5396	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:46.0098 5396	LSI_FC - ok
18:33:46.0129 5396	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:46.0160 5396	LSI_SAS - ok
18:33:46.0191 5396	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:46.0223 5396	LSI_SAS2 - ok
18:33:46.0285 5396	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:46.0316 5396	LSI_SCSI - ok
18:33:46.0363 5396	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:33:46.0441 5396	luafv - ok
18:33:46.0472 5396	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:33:46.0519 5396	Mcx2Svc - ok
18:33:46.0550 5396	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:33:46.0566 5396	megasas - ok
18:33:46.0597 5396	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:46.0628 5396	MegaSR - ok
18:33:46.0675 5396	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:33:46.0753 5396	MMCSS - ok
18:33:46.0784 5396	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:33:46.0847 5396	Modem - ok
18:33:46.0878 5396	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:33:46.0925 5396	monitor - ok
18:33:46.0971 5396	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:33:47.0003 5396	mouclass - ok
18:33:47.0049 5396	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:47.0081 5396	mouhid - ok
18:33:47.0112 5396	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:33:47.0127 5396	mountmgr - ok
18:33:47.0190 5396	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:33:47.0237 5396	MpFilter - ok
18:33:47.0268 5396	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:33:47.0283 5396	mpio - ok
18:33:47.0299 5396	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:33:47.0346 5396	mpsdrv - ok
18:33:47.0424 5396	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:33:47.0517 5396	MpsSvc - ok
18:33:47.0533 5396	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:33:47.0580 5396	MRxDAV - ok
18:33:47.0611 5396	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:47.0642 5396	mrxsmb - ok
18:33:47.0689 5396	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:47.0705 5396	mrxsmb10 - ok
18:33:47.0736 5396	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:47.0767 5396	mrxsmb20 - ok
18:33:47.0798 5396	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:33:47.0814 5396	msahci - ok
18:33:47.0845 5396	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:33:47.0861 5396	msdsm - ok
18:33:47.0892 5396	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:33:47.0939 5396	MSDTC - ok
18:33:47.0970 5396	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:33:48.0017 5396	Msfs - ok
18:33:48.0048 5396	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:48.0095 5396	mshidkmdf - ok
18:33:48.0126 5396	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:33:48.0126 5396	msisadrv - ok
18:33:48.0173 5396	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:33:48.0266 5396	MSiSCSI - ok
18:33:48.0266 5396	msiserver - ok
18:33:48.0297 5396	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:48.0344 5396	MSKSSRV - ok
18:33:48.0469 5396	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:33:48.0500 5396	MsMpSvc - ok
18:33:48.0516 5396	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:48.0578 5396	MSPCLOCK - ok
18:33:48.0594 5396	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:33:48.0656 5396	MSPQM - ok
18:33:48.0672 5396	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:33:48.0687 5396	MsRPC - ok
18:33:48.0719 5396	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:33:48.0734 5396	mssmbios - ok
18:33:48.0734 5396	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:33:48.0797 5396	MSTEE - ok
18:33:48.0828 5396	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:48.0859 5396	MTConfig - ok
18:33:48.0875 5396	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:33:48.0875 5396	Mup - ok
18:33:48.0937 5396	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:33:49.0031 5396	napagent - ok
18:33:49.0093 5396	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:49.0155 5396	NativeWifiP - ok
18:33:49.0249 5396	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:33:49.0296 5396	NDIS - ok
18:33:49.0343 5396	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:49.0405 5396	NdisCap - ok
18:33:49.0421 5396	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:49.0467 5396	NdisTapi - ok
18:33:49.0467 5396	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:49.0530 5396	Ndisuio - ok
18:33:49.0545 5396	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:49.0577 5396	NdisWan - ok
18:33:49.0592 5396	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:33:49.0655 5396	NDProxy - ok
18:33:49.0670 5396	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:33:49.0717 5396	NetBIOS - ok
18:33:49.0748 5396	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:33:49.0795 5396	NetBT - ok
18:33:49.0826 5396	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:49.0842 5396	Netlogon - ok
18:33:49.0904 5396	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:33:49.0998 5396	Netman - ok
18:33:50.0029 5396	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:33:50.0138 5396	netprofm - ok
18:33:50.0201 5396	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:50.0232 5396	NetTcpPortSharing - ok
18:33:50.0637 5396	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:33:50.0778 5396	netw5v64 - ok
18:33:50.0903 5396	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:50.0918 5396	nfrd960 - ok
18:33:50.0981 5396	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:33:51.0012 5396	NisDrv - ok
18:33:51.0137 5396	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:33:51.0183 5396	NisSrv - ok
18:33:51.0246 5396	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:33:51.0308 5396	NlaSvc - ok
18:33:51.0339 5396	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:33:51.0386 5396	Npfs - ok
18:33:51.0417 5396	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:33:51.0480 5396	nsi - ok
18:33:51.0480 5396	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:33:51.0527 5396	nsiproxy - ok
18:33:51.0667 5396	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:33:51.0745 5396	Ntfs - ok
18:33:51.0839 5396	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:33:51.0932 5396	Null - ok
18:33:51.0979 5396	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:33:51.0979 5396	nvraid - ok
18:33:52.0026 5396	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:33:52.0057 5396	nvstor - ok
18:33:52.0088 5396	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:33:52.0119 5396	nv_agp - ok
18:33:52.0275 5396	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:33:52.0307 5396	odserv - ok
18:33:52.0338 5396	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:33:52.0369 5396	ohci1394 - ok
18:33:52.0416 5396	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:52.0431 5396	ose - ok
18:33:52.0478 5396	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:52.0556 5396	p2pimsvc - ok
18:33:52.0603 5396	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:33:52.0634 5396	p2psvc - ok
18:33:52.0665 5396	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:33:52.0697 5396	Parport - ok
18:33:52.0743 5396	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:33:52.0759 5396	partmgr - ok
18:33:52.0775 5396	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:33:52.0821 5396	PcaSvc - ok
18:33:52.0853 5396	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:33:52.0868 5396	pci - ok
18:33:52.0868 5396	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:33:52.0884 5396	pciide - ok
18:33:52.0915 5396	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:52.0946 5396	pcmcia - ok
18:33:52.0977 5396	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:33:52.0993 5396	pcw - ok
18:33:53.0040 5396	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:33:53.0133 5396	PEAUTH - ok
18:33:53.0227 5396	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:33:53.0274 5396	PerfHost - ok
18:33:53.0461 5396	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:33:53.0570 5396	pla - ok
18:33:53.0633 5396	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:33:53.0711 5396	PlugPlay - ok
18:33:53.0726 5396	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:33:53.0757 5396	PNRPAutoReg - ok
18:33:53.0804 5396	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:53.0835 5396	PNRPsvc - ok
18:33:53.0898 5396	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:33:53.0991 5396	PolicyAgent - ok
18:33:54.0038 5396	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:33:54.0101 5396	Power - ok
18:33:54.0179 5396	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:54.0272 5396	PptpMiniport - ok
18:33:54.0303 5396	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:33:54.0319 5396	Processor - ok
18:33:54.0366 5396	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:33:54.0444 5396	ProfSvc - ok
18:33:54.0491 5396	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:54.0491 5396	ProtectedStorage - ok
18:33:54.0537 5396	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:33:54.0615 5396	Psched - ok
18:33:54.0756 5396	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:33:54.0818 5396	ql2300 - ok
18:33:54.0927 5396	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:54.0959 5396	ql40xx - ok
18:33:54.0990 5396	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:33:55.0037 5396	QWAVE - ok
18:33:55.0052 5396	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:33:55.0083 5396	QWAVEdrv - ok
18:33:55.0099 5396	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:55.0130 5396	RasAcd - ok
18:33:55.0177 5396	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:55.0271 5396	RasAgileVpn - ok
18:33:55.0317 5396	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:33:55.0395 5396	RasAuto - ok
18:33:55.0442 5396	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:55.0551 5396	Rasl2tp - ok
18:33:55.0598 5396	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:33:55.0692 5396	RasMan - ok
18:33:55.0692 5396	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:55.0739 5396	RasPppoe - ok
18:33:55.0754 5396	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:55.0801 5396	RasSstp - ok
18:33:55.0832 5396	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:55.0941 5396	rdbss - ok
18:33:55.0973 5396	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:55.0988 5396	rdpbus - ok
18:33:56.0019 5396	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:56.0066 5396	RDPCDD - ok
18:33:56.0082 5396	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:33:56.0129 5396	RDPENCDD - ok
18:33:56.0160 5396	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:33:56.0207 5396	RDPREFMP - ok
18:33:56.0238 5396	RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:33:56.0300 5396	RDPWD - ok
18:33:56.0316 5396	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:33:56.0347 5396	rdyboost - ok
18:33:56.0378 5396	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:33:56.0456 5396	RemoteAccess - ok
18:33:56.0487 5396	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:33:56.0550 5396	RemoteRegistry - ok
18:33:56.0659 5396	RichVideo       (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:33:56.0675 5396	RichVideo - ok
18:33:56.0706 5396	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:33:56.0753 5396	RpcEptMapper - ok
18:33:56.0768 5396	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:33:56.0799 5396	RpcLocator - ok
18:33:56.0862 5396	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:33:56.0909 5396	RpcSs - ok
18:33:56.0955 5396	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:57.0002 5396	rspndr - ok
18:33:57.0080 5396	RSUSBSTOR       (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
18:33:57.0127 5396	RSUSBSTOR - ok
18:33:57.0205 5396	RTL8167         (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:33:57.0252 5396	RTL8167 - ok
18:33:57.0267 5396	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:57.0283 5396	SamSs - ok
18:33:57.0314 5396	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:33:57.0345 5396	sbp2port - ok
18:33:57.0361 5396	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:33:57.0455 5396	SCardSvr - ok
18:33:57.0470 5396	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:57.0548 5396	scfilter - ok
18:33:57.0673 5396	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:33:57.0767 5396	Schedule - ok
18:33:57.0798 5396	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:33:57.0845 5396	SCPolicySvc - ok
18:33:57.0891 5396	sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:33:57.0938 5396	sdbus - ok
18:33:57.0969 5396	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:33:58.0047 5396	SDRSVC - ok
18:33:58.0079 5396	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:33:58.0172 5396	secdrv - ok
18:33:58.0188 5396	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:33:58.0235 5396	seclogon - ok
18:33:58.0281 5396	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:33:58.0375 5396	SENS - ok
18:33:58.0422 5396	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:33:58.0469 5396	SensrSvc - ok
18:33:58.0515 5396	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:33:58.0547 5396	Serenum - ok
18:33:58.0578 5396	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:33:58.0593 5396	Serial - ok
18:33:58.0609 5396	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:33:58.0640 5396	sermouse - ok
18:33:58.0671 5396	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:33:58.0749 5396	SessionEnv - ok
18:33:58.0843 5396	sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
18:33:58.0859 5396	sesvc ( UnsignedFile.Multi.Generic ) - warning
18:33:58.0859 5396	sesvc - detected UnsignedFile.Multi.Generic (1)
18:33:58.0890 5396	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:33:58.0937 5396	sffdisk - ok
18:33:58.0952 5396	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:33:58.0999 5396	sffp_mmc - ok
18:33:59.0015 5396	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:33:59.0030 5396	sffp_sd - ok
18:33:59.0093 5396	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:59.0124 5396	sfloppy - ok
18:33:59.0186 5396	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:33:59.0264 5396	SharedAccess - ok
18:33:59.0311 5396	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:33:59.0373 5396	ShellHWDetection - ok
18:33:59.0420 5396	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:59.0436 5396	SiSRaid2 - ok
18:33:59.0451 5396	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:59.0467 5396	SiSRaid4 - ok
18:33:59.0561 5396	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:33:59.0592 5396	SkypeUpdate - ok
18:33:59.0623 5396	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:33:59.0701 5396	Smb - ok
18:33:59.0732 5396	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:33:59.0763 5396	SNMPTRAP - ok
18:33:59.0779 5396	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:33:59.0795 5396	spldr - ok
18:33:59.0857 5396	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:33:59.0919 5396	Spooler - ok
18:34:00.0200 5396	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:34:00.0309 5396	sppsvc - ok
18:34:00.0403 5396	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:34:00.0497 5396	sppuinotify - ok
18:34:00.0575 5396	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:34:00.0653 5396	srv - ok
18:34:00.0699 5396	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:34:00.0746 5396	srv2 - ok
18:34:00.0824 5396	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:34:00.0840 5396	SrvHsfHDA - ok
18:34:00.0965 5396	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:34:01.0027 5396	SrvHsfV92 - ok
18:34:01.0183 5396	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:34:01.0230 5396	SrvHsfWinac - ok
18:34:01.0261 5396	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:34:01.0308 5396	srvnet - ok
18:34:01.0355 5396	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:34:01.0448 5396	SSDPSRV - ok
18:34:01.0464 5396	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:34:01.0511 5396	SstpSvc - ok
18:34:01.0542 5396	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:01.0542 5396	stexstor - ok
18:34:01.0604 5396	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:34:01.0635 5396	stisvc - ok
18:34:01.0651 5396	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:34:01.0667 5396	swenum - ok
18:34:01.0745 5396	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:34:01.0838 5396	swprv - ok
18:34:01.0916 5396	SynTP           (f95f19757f19962b90576af0919375c4) C:\Windows\system32\DRIVERS\SynTP.sys
18:34:01.0947 5396	SynTP - ok
18:34:02.0103 5396	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:34:02.0181 5396	SysMain - ok
18:34:02.0275 5396	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:34:02.0337 5396	TabletInputService - ok
18:34:02.0369 5396	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:34:02.0431 5396	TapiSrv - ok
18:34:02.0462 5396	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:34:02.0493 5396	TBS - ok
18:34:02.0665 5396	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:34:02.0774 5396	Tcpip - ok
18:34:03.0008 5396	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:03.0055 5396	TCPIP6 - ok
18:34:03.0117 5396	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:34:03.0180 5396	tcpipreg - ok
18:34:03.0195 5396	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:34:03.0242 5396	TDPIPE - ok
18:34:03.0273 5396	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:34:03.0320 5396	TDTCP - ok
18:34:03.0351 5396	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:34:03.0429 5396	tdx - ok
18:34:03.0445 5396	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:34:03.0461 5396	TermDD - ok
18:34:03.0539 5396	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:34:03.0617 5396	TermService - ok
18:34:03.0632 5396	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:34:03.0679 5396	Themes - ok
18:34:03.0710 5396	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:34:03.0757 5396	THREADORDER - ok
18:34:03.0788 5396	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:34:03.0851 5396	TrkWks - ok
18:34:03.0913 5396	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:34:03.0960 5396	TrustedInstaller - ok
18:34:03.0991 5396	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:04.0069 5396	tssecsrv - ok
18:34:04.0100 5396	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:04.0178 5396	tunnel - ok
18:34:04.0209 5396	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:04.0209 5396	uagp35 - ok
18:34:04.0256 5396	udfs            (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
18:34:04.0303 5396	udfs - ok
18:34:04.0319 5396	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:34:04.0350 5396	UI0Detect - ok
18:34:04.0381 5396	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:34:04.0397 5396	uliagpkx - ok
18:34:04.0443 5396	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:34:04.0475 5396	umbus - ok
18:34:04.0521 5396	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:34:04.0553 5396	UmPass - ok
18:34:04.0818 5396	UNS             (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:34:04.0880 5396	UNS - ok
18:34:04.0974 5396	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:34:05.0036 5396	upnphost - ok
18:34:05.0067 5396	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:05.0114 5396	usbccgp - ok
18:34:05.0145 5396	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:34:05.0208 5396	usbcir - ok
18:34:05.0239 5396	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:05.0270 5396	usbehci - ok
18:34:05.0317 5396	usbhub          (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:05.0364 5396	usbhub - ok
18:34:05.0395 5396	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:34:05.0411 5396	usbohci - ok
18:34:05.0442 5396	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:05.0457 5396	usbprint - ok
18:34:05.0473 5396	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:05.0504 5396	USBSTOR - ok
18:34:05.0520 5396	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:05.0535 5396	usbuhci - ok
18:34:05.0582 5396	usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
18:34:05.0598 5396	usbvideo - ok
18:34:05.0629 5396	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:34:05.0676 5396	UxSms - ok
18:34:05.0738 5396	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:34:05.0754 5396	VaultSvc - ok
18:34:05.0801 5396	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:34:05.0816 5396	vdrvroot - ok
18:34:05.0894 5396	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:34:05.0957 5396	vds - ok
18:34:06.0003 5396	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:06.0035 5396	vga - ok
18:34:06.0050 5396	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:34:06.0128 5396	VgaSave - ok
18:34:06.0175 5396	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:34:06.0237 5396	vhdmp - ok
18:34:06.0284 5396	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:34:06.0300 5396	viaide - ok
18:34:06.0331 5396	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:34:06.0347 5396	volmgr - ok
18:34:06.0393 5396	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:34:06.0425 5396	volmgrx - ok
18:34:06.0456 5396	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:34:06.0487 5396	volsnap - ok
18:34:06.0534 5396	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:06.0565 5396	vsmraid - ok
18:34:06.0690 5396	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:34:06.0768 5396	VSS - ok
18:34:06.0861 5396	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:34:06.0893 5396	vwifibus - ok
18:34:06.0924 5396	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:34:06.0971 5396	vwififlt - ok
18:34:07.0033 5396	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:34:07.0095 5396	W32Time - ok
18:34:07.0127 5396	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:07.0158 5396	WacomPen - ok
18:34:07.0173 5396	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:07.0236 5396	WANARP - ok
18:34:07.0251 5396	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:07.0298 5396	Wanarpv6 - ok
18:34:07.0423 5396	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:34:07.0548 5396	wbengine - ok
18:34:07.0641 5396	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:34:07.0688 5396	WbioSrvc - ok
18:34:07.0735 5396	wcncsvc         (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:34:07.0766 5396	wcncsvc - ok
18:34:07.0782 5396	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:34:07.0813 5396	WcsPlugInService - ok
18:34:07.0844 5396	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:34:07.0860 5396	Wd - ok
18:34:07.0922 5396	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:34:07.0969 5396	Wdf01000 - ok
18:34:07.0985 5396	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:08.0031 5396	WdiServiceHost - ok
18:34:08.0031 5396	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:08.0063 5396	WdiSystemHost - ok
18:34:08.0094 5396	WebClient       (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:34:08.0141 5396	WebClient - ok
18:34:08.0187 5396	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:34:08.0265 5396	Wecsvc - ok
18:34:08.0297 5396	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:34:08.0343 5396	wercplsupport - ok
18:34:08.0375 5396	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:34:08.0421 5396	WerSvc - ok
18:34:08.0453 5396	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:08.0499 5396	WfpLwf - ok
18:34:08.0499 5396	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:34:08.0515 5396	WIMMount - ok
18:34:08.0546 5396	WinDefend - ok
18:34:08.0562 5396	WinHttpAutoProxySvc - ok
18:34:08.0624 5396	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:34:08.0687 5396	Winmgmt - ok
18:34:08.0858 5396	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:34:08.0967 5396	WinRM - ok
18:34:09.0092 5396	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:09.0123 5396	WinUsb - ok
18:34:09.0217 5396	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:34:09.0311 5396	Wlansvc - ok
18:34:09.0326 5396	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:34:09.0357 5396	WmiAcpi - ok
18:34:09.0435 5396	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:09.0482 5396	wmiApSrv - ok
18:34:09.0529 5396	WMPNetworkSvc - ok
18:34:09.0560 5396	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:34:09.0591 5396	WPCSvc - ok
18:34:09.0607 5396	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:34:09.0638 5396	WPDBusEnum - ok
18:34:09.0654 5396	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:09.0701 5396	ws2ifsl - ok
18:34:09.0716 5396	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:34:09.0763 5396	wscsvc - ok
18:34:09.0779 5396	WSearch - ok
18:34:09.0997 5396	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:34:10.0075 5396	wuauserv - ok
18:34:10.0153 5396	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:34:10.0215 5396	WudfPf - ok
18:34:10.0231 5396	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:10.0262 5396	WUDFRd - ok
18:34:10.0278 5396	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:34:10.0340 5396	wudfsvc - ok
18:34:10.0371 5396	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:34:10.0434 5396	WwanSvc - ok
18:34:10.0481 5396	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:34:10.0527 5396	yukonw7 - ok
18:34:10.0559 5396	MBR (0x1B8)     (13e5baefcf4f9bb3e1dda96e3e048676) \Device\Harddisk0\DR0
18:34:10.0886 5396	\Device\Harddisk0\DR0 - ok
18:34:10.0886 5396	Boot (0x1200)   (d0fed7d21a3099521c4ff5c6682a4cef) \Device\Harddisk0\DR0\Partition0
18:34:10.0886 5396	\Device\Harddisk0\DR0\Partition0 - ok
18:34:10.0933 5396	Boot (0x1200)   (cf9a32b7230680b94ee7d876cc159c7d) \Device\Harddisk0\DR0\Partition1
18:34:10.0933 5396	\Device\Harddisk0\DR0\Partition1 - ok
18:34:10.0949 5396	Boot (0x1200)   (90b84ba4f085c92d1c88eca608e40930) \Device\Harddisk0\DR0\Partition2
18:34:10.0964 5396	\Device\Harddisk0\DR0\Partition2 - ok
18:34:10.0964 5396	Boot (0x1200)   (905110eb241e63e0e57f91520142ba7f) \Device\Harddisk0\DR0\Partition3
18:34:10.0964 5396	\Device\Harddisk0\DR0\Partition3 - ok
18:34:10.0980 5396	============================================================
18:34:10.0980 5396	Scan finished
18:34:10.0980 5396	============================================================
18:34:10.0980 5244	Detected object count: 2
18:34:10.0980 5244	Actual detected object count: 2
18:34:28.0046 5244	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0046 5244	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:34:28.0046 5244	sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0046 5244	sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 24.06.2012, 17:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 19:25   #13
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Hat alles ohne Probleme funktioniert.
Hier das Log:


Code:
ATTFilter
ComboFix 12-06-24.03 - Liz 24.06.2012  19:54:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3958.2591 [GMT 2:00]
ausgeführt von:: c:\users\Liz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Liz\4.0
c:\users\Liz\Favorites\locked-Berufsinformationszentrum BIZ Halberstadt.url.rbzn
c:\users\Liz\Favorites\locked-Berufsprofiling.url.iinz
c:\users\Liz\Favorites\locked-Bildungsserver Sachsen-Anhalt.url.rnsn
c:\users\Liz\Favorites\locked-Das örtliche.url.vagv
c:\users\Liz\Favorites\locked-Evangelisch-Freikirchliche Gemeinde Wernigerode -.url.ckcc
c:\users\Liz\Favorites\locked-Facebook  Lisa-Marie Hofmann.url.fkwm
c:\users\Liz\Favorites\locked-Ferienhaus Lychen, OT Kastaven Uckermark Haus Herta Ferienwohnung Unterkunft Urlaub.url.qqqq
c:\users\Liz\Favorites\locked-Ghg -WR.url.yyfc
c:\users\Liz\Favorites\locked-Google.url.ypmy
c:\users\Liz\Favorites\locked-H&M – Mode und Qualität zum besten Preis  H&M DE.url.fypy
c:\users\Liz\Favorites\locked-http--www.d-bahn.de-.url.wycf
c:\users\Liz\Favorites\locked-ithemba.url.fddo
c:\users\Liz\Favorites\locked-Jugend für Christus Deutschland.url.fxxx
c:\users\Liz\Favorites\locked-kino-wr.url.vpve
c:\users\Liz\Favorites\locked-Mathe-Paradies.url.uulg
c:\users\Liz\Favorites\locked-Outbreakband.url.bhsz
c:\users\Liz\Favorites\locked-Overhill-Circle.url.tqfj
c:\users\Liz\Favorites\locked-Portal**Die IKK-Community.url.lrag
c:\users\Liz\Favorites\locked-spieletipps.de.url.zzsr
c:\users\Liz\Favorites\locked-Tierheim Derenburg.url.inlz
c:\users\Liz\Favorites\locked-wikipedia.de - Wikipedia, die freie Enzyklopädie.url.mywy
c:\users\Liz\Favorites\locked-YouTube - game one best of.url.ggpr
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-24 bis 2012-06-24  ))))))))))))))))))))))))))))))
.
.
2012-06-24 16:35 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAD43476-38F8-46A9-A5A9-D7A53F035C66}\mpengine.dll
2012-06-22 17:56 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 17:46 . 2012-06-22 17:46	--------	d-----w-	C:\_OTL
2012-06-21 15:08 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 15:08 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 15:08 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 15:08 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 15:07 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 15:07 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 15:07 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 15:07 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 15:07 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 15:39 . 2012-06-20 15:39	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-06-18 16:18 . 2012-06-18 16:18	--------	d-----w-	c:\program files (x86)\ESET
2012-06-18 12:48 . 2012-06-18 12:48	--------	d-----w-	c:\users\Liz\AppData\Roaming\Malwarebytes
2012-06-18 12:47 . 2012-06-18 12:47	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-18 12:47 . 2012-06-18 12:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 12:47 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 16:06 . 2012-06-14 16:06	--------	d-----w-	c:\program files (x86)\7-Zip
2012-06-14 15:40 . 2012-06-14 15:40	--------	d-----w-	c:\users\Liz\AppData\Roaming\www.shadowexplorer.com
2012-06-14 15:39 . 2012-06-14 15:39	--------	d-----w-	c:\program files (x86)\ShadowExplorer
2012-06-14 07:59 . 2012-04-26 05:34	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 07:59 . 2012-04-26 05:34	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:59 . 2012-04-26 05:28	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:59 . 2012-05-04 10:52	5505392	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-14 07:59 . 2012-05-04 10:08	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:59 . 2012-05-04 10:08	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 07:59 . 2012-05-15 01:32	3144192	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 07:59 . 2012-04-28 03:50	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:23 . 2012-02-10 11:22	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFAB2F8-9ACE-4AFF-BDCC-D8EC0752722D}\gapaengine.dll
2012-05-29 14:58 . 2012-05-29 14:58	--------	d-----w-	c:\users\Liz\AppData\Local\Sony
2012-05-29 14:34 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\SysWow64\QtCore4.dll
2012-05-29 14:34 . 2012-03-06 13:43	80024	----a-w-	c:\windows\SysWow64\mfcm100u.dll
2012-05-29 14:34 . 2012-03-06 13:43	772248	----a-w-	c:\windows\SysWow64\msvcr100.dll
2012-05-29 14:34 . 2012-03-06 13:43	4421272	----a-w-	c:\windows\SysWow64\mfc100u.dll
2012-05-29 14:34 . 2012-03-06 13:43	419480	----a-w-	c:\windows\SysWow64\msvcp100.dll
2012-05-29 14:34 . 2012-03-06 13:43	136344	----a-w-	c:\windows\SysWow64\atl100.dll
2012-05-29 14:31 . 2012-05-29 14:31	--------	d-----w-	c:\users\Liz\AppData\Local\APN
2012-05-29 14:31 . 2012-05-29 14:31	--------	d-----w-	c:\programdata\Sony
2012-05-29 14:31 . 2012-05-29 14:31	--------	d-----w-	c:\program files (x86)\Sony
2012-05-29 14:27 . 2012-06-07 13:15	--------	d-----w-	c:\users\Liz\AppData\Roaming\Sony
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 11:09 . 2012-05-09 12:13	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register c:\program files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]
.
2012-05-29 c:\windows\Tasks\HPCeeScheduleForLIZ-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2012-03-26 c:\windows\Tasks\Norton Security Scan for Liz.job
- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-03-26 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 172032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ghgwr.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - ~c:\program files (x86)\ICQ7.2\ICQ.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1&1 Mail & Media GmbH 1und1Softwareaktualisierung - c:\program files (x86)\1und1Softwareaktualisierung\uninst.exe
AddRemove-Audio Recorder for Free_is1 - c:\program files (x86)\Audio Recorder for Free\unins000.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Free Screen To Video_is1 - c:\program files (x86)\Free Screen To Video\unins000.exe
AddRemove-Keepsake - c:\program files (x86)\Wicked Studios\Keepsake\uninstall.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-Softonic - c:\program files (x86)\Softonic\Softonic\1.5.21.0\uninstall.exe
AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT065226 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exe
AddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT065297 - c:\program files (x86)\HP Games\Super Collapse 3\Uninstall.exe
AddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT065307 - c:\program files (x86)\HP Games\World of Goo\Uninstall.exe
AddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe
AddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT065446 - c:\program files (x86)\HP Games\Peggle\Uninstall.exe
AddRemove-WT065454 - c:\program files (x86)\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe
AddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exe
AddRemove-WT075041 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe
AddRemove-WT075046 - c:\program files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-24  20:17:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-24 18:17
.
Vor Suchlauf: 12 Verzeichnis(se), 95.548.841.984 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 95.728.467.968 Bytes frei
.
- - End Of File - - C91963C4F4C9BFAAAE55C3F91768FD51
         
--- --- ---

Alt 25.06.2012, 09:58   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.06.2012, 13:21   #15
LisaMarie
 
Entfernung des Ukash Trojaners und Dateiwiederherstellung - Standard

Entfernung des Ukash Trojaners und Dateiwiederherstellung



Hat alles problemlos geklappt. Gmer meinte aber erst gar nichts gefährdetes/infizoertes ect. gefunden zu haben.
Also habe ich hier bei "Show all" einfach mal rauskopiert was er angezeigt hat.

Gmer:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-25 13:33:26
Windows 6.1.7600  
Running: 4hee7lwb.exe


---- Services - GMER 1.0.15 ----

Service                                                                                                                                                      .NET CLR Data
Service                                                                                                                                                      .NET CLR Networking
Service                                                                                                                                                      .NET Data Provider for Oracle
Service                                                                                                                                                      .NET Data Provider for SqlServer
Service                                                                                                                                                      .NETFramework
Service  system32\DRIVERS\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation)                                                                           [MANUAL] 1394ohci
Service  system32\DRIVERS\ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)                                                                               [BOOT] ACPI
Service  system32\DRIVERS\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation)                                                                     [MANUAL] AcpiPmi
Service  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated)                              [AUTO] AdobeARMservice
Service  system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.)                                                               [BOOT] adp94xx
Service  system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.)                                                                   [BOOT] adpahci
Service  system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.)                                                            [BOOT] adpu320
Service                                                                                                                                                      adsi
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AeLookupSvc
Service  C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation)                         [AUTO] AERTFilters
Service  system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)                                                              [SYSTEM] AFD
Service  system32\DRIVERS\agrsm64.sys (SoftModem Device Driver/LSI Corp)                                                                                     [MANUAL] AgereSoftModem
Service  system32\DRIVERS\agp440.sys (440 NT AGP-Filter/Microsoft Corporation)                                                                               [MANUAL] agp440
Service  C:\Windows\System32\alg.exe (Gatewaydienst auf Anwendungsebene/Microsoft Corporation)                                                               [MANUAL] ALG
Service  system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.)                                                                            [BOOT] aliide
Service  C:\Windows\system32\atiesrxx.exe (AMD External Events Service Module/AMD)                                                                           [AUTO] AMD External Events Utility
Service  system32\DRIVERS\amdide.sys (AMD-IDE-Treiber/Microsoft Corporation)                                                                                 [BOOT] amdide
Service  system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation)                                                                          [MANUAL] AmdK8
Service  system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation)                                                                         [MANUAL] AmdPPM
Service  system32\DRIVERS\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices)                                                                        [BOOT] amdsata
Service  system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.)                   [BOOT] amdsbs
Service  system32\DRIVERS\amdxata.sys (Storage Filter Driver/Advanced Micro Devices)                                                                         [BOOT] amdxata
Service  system32\drivers\appid.sys (AppID Driver/Microsoft Corporation)                                                                                     [MANUAL] AppID
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AppIDSvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Appinfo
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             AppMgmt
Service  system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.)                                                                               [BOOT] arc
Service  system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.)                                                                            [BOOT] arcsas
Service  system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation)                                                        [MANUAL] AsyncMac
Service  system32\DRIVERS\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation)                                                                        [BOOT] atapi
Service  system32\DRIVERS\athrx.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.)                                             [MANUAL] athr
Service                                                                                                                                                      Atierecord
Service  system32\drivers\AtiHdmi.sys (ATI High Definition Audio Function Driver/ATI Technologies, Inc.)                                                     [MANUAL] AtiHdmiService
Service  system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)                                                                 [MANUAL] atikmdag
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] AudioEndpointBuilder
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] AudioSrv
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AxInstSV
Service  system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation)                                                                   [MANUAL] b06bdrv
Service  system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation)                                    [MANUAL] b57nd60a
Service   (Battery Class Driver/Microsoft Corporation)                                                                                                       BattC
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] BDESVC
Service   (BEEP Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Beep
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] BFE
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] BITS
Service  system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation)                                                                              [SYSTEM] blbdrive
Service  system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation)                                                         [MANUAL] bowser
Service  system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.)                                  [MANUAL] BrFiltLo
Service  system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.)                                  [MANUAL] BrFiltUp
Service  system32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation)                                                                               [MANUAL] BridgeMP
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Browser
Service  System32\Drivers\Brserid.sys (Brother Schnittstellentreiber (WDM) (seriell)/Brother Industries Ltd.)                                                [MANUAL] Brserid
Service  System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.)                                                         [MANUAL] BrSerWdm
Service  System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.)                                                                     [MANUAL] BrUsbMdm
Service  System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.)                                                                   [MANUAL] BrUsbSer
Service  system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation)                                                               [MANUAL] BTHMODEM
Service                                                                                                                                                      BTHPORT
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] bthserv
Service  C:\ComboFix\catchme.sys                                                                                                                             [MANUAL] catchme
Service  system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)                                                                         [DISABLED] cdfs
Service  system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)                                                                               [SYSTEM] cdrom
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] CertPropSvc
Service  system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation)                                                            [MANUAL] circlass
Service  System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation)                                                                             [BOOT] CLFS
Service  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation)                                [MANUAL] clr_optimization_v2.0.50727_32
Service  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation)                              [MANUAL] clr_optimization_v2.0.50727_64
Service  system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)                                                                   [MANUAL] CmBatt
Service  system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.)                                                                           [BOOT] cmdide
Service  System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation)                                                               [BOOT] CNG
Service  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.)    [MANUAL] Com4QLBEx
Service  system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation)                                                                      [BOOT] Compbatt
Service  system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation)                                                  [MANUAL] CompositeBus
Service  C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation)                                                                               [MANUAL] COMSysApp
Service  system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation)                                                          [DISABLED] crcdisk
Service                                                                                                                                                      crypt32
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] CryptSvc
Service                                                                                                                                                      DCLocator
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] DcomLaunch
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] defragsvc
Service  System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation)                                                                       [SYSTEM] DfsC
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Dhcp
Service  System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation)                                                                   [SYSTEM] discache
Service  system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation)                                                                                   [BOOT] Disk
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Dnscache
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] dot3svc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] DPS
Service  system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation)                                                                [MANUAL] drmkaud
Service  System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)                                                                        [MANUAL] DXGKrnl
Service                                                                                                                                                      [DISABLED] eabfiltr
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] EapHost
Service  system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation)                                                                 [MANUAL] ebdrv
Service  C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] EFS
Service  C:\Windows\ehome\ehRecvr.exe (Windows Media Center-Empfängerdienst/Microsoft Corporation)                                                           [MANUAL] ehRecvr
Service  C:\Windows\ehome\ehsched.exe (Windows Media Center-Planerdienst/Microsoft Corporation)                                                              [MANUAL] ehSched
Service  system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex)                                                                  [BOOT] elxstor
Service  system32\DRIVERS\errdev.sys (Error Device Driver/Microsoft Corporation)                                                                             [MANUAL] ErrDev
Service                                                                                                                                                      ESENT
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] eventlog
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] EventSystem
Service   (Microsoft Extended FAT File System/Microsoft Corporation)                                                                                         [MANUAL] exfat
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ezSharedSvc
Service   (Fast FAT File System Driver/Microsoft Corporation)                                                                                                [MANUAL] fastfat
Service  C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation)                                                                                  [MANUAL] Fax
Service  system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation)                                                                      [MANUAL] fdc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] fdPHost
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] FDResPub
Service  system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation)                                                                        [BOOT] FileInfo
Service  system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation)                                                                     [MANUAL] Filetrace
Service  system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation)                                                                                 [MANUAL] flpydisk
Service  system32\drivers\fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)                                                            [BOOT] FltMgr
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] FontCache
Service  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation)                           [MANUAL] FontCache3.0.0.0
Service  System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation)                                            [MANUAL] FsDepends
Service   (File System Recognizer Driver/Microsoft Corporation)                                                                                              [BOOT] Fs_Rec
Service  System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)                                                               [BOOT] fvevol
Service  system32\DRIVERS\gagp30kx.sys (MS Generischer AGPv3.0 Filter für K8/9-Prozessorplattformen/Microsoft Corporation)                                   [MANUAL] gagp30kx
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] gpsvc
Service  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.)                                                                [AUTO] gupdate
Service  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.)                                                                [MANUAL] gupdatem
Service  C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google)                                                         [MANUAL] gusvc
Service  system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.)                                     [MANUAL] hcw85cir
Service  system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation)                                                          [MANUAL] HdAudAddService
Service  system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation)                                                              [MANUAL] HDAudBus
Service  system32\DRIVERS\HECIx64.sys (Intel(R) Management Engine Interface/Intel Corporation)                                                               [MANUAL] HECIx64
Service  system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation)                                                                             [MANUAL] HidBatt
Service  system32\DRIVERS\hidbth.sys (Bluetooth-Miniporttreiber für HID-Geräte/Microsoft Corporation)                                                        [MANUAL] HidBth
Service  system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation)                                                       [MANUAL] HidIr
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] hidserv
Service  system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation)                                                           [MANUAL] HidUsb
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] hkmsvc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] HomeGroupListener
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] HomeGroupProvider
Service  C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (HP Support Assistant Service/Hewlett-Packard Company)                 [AUTO] HP Support Assistant Service
Service  C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (HP Quick Synchronization Service/Hewlett-Packard Company)                            [AUTO] HPDrvMntSvc.exe
Service  system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.)                                       [MANUAL] HpqKbFiltr
Service  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Company)                                                [MANUAL] hpqwmiex
Service  system32\DRIVERS\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company)                                                  [BOOT] HpSAMD
Service  system32\drivers\HTTP.sys (HTTP-Protokollstapel/Microsoft Corporation)                                                                              [MANUAL] HTTP
Service  System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation)                                                                        [BOOT] hwpolicy
Service  system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation)                                                                        [MANUAL] i8042prt
Service  system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation)                                                           [BOOT] iaStor
Service  system32\DRIVERS\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation)                                                          [BOOT] iaStorV
Service  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation)                   [MANUAL] idsvc
Service  system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)                                                                 [MANUAL] igfx
Service  system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH)                                                             [BOOT] iirsp
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] IKEEXT
Service                                                                                                                                                      inetaccs
Service  system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                        [MANUAL] IntcAzAudAddService
Service  system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation)                                                                          [BOOT] intelide
Service  system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation)                                                                       [MANUAL] intelppm
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] IPBusEnum
Service  system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation)                                                                              [MANUAL] IpFilterDriver
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] iphlpsvc
Service  system32\DRIVERS\IPMIDrv.sys (WMI IPMI-TREIBER/Microsoft Corporation)                                                                               [MANUAL] IPMIDRV
Service  System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation)                                                                    [MANUAL] IPNAT
Service  system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation)                                                                        [MANUAL] IRENUM
Service  system32\DRIVERS\isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation)                                                                              [BOOT] isapnp
Service  system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation)                                                               [MANUAL] iScsiPrt
Service  system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)                                                                        [MANUAL] kbdclass
Service  system32\DRIVERS\kbdhid.sys (HID-Tastaturfiltertreiber/Microsoft Corporation)                                                                       [MANUAL] kbdhid
Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] KeyIso
Service  System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)                                                      [BOOT] KSecDD
Service  System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation)                                            [BOOT] KSecPkg
Service  system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation)                                                             [MANUAL] ksthunk
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] KtmRm
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] LanmanServer
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] LanmanWorkstation
Service                                                                                                                                                      ldap
Service  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company)                                            [AUTO] LightScribeService
Service  system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation)                                                           [AUTO] lltdio
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] lltdsvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] lmhosts
Service  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Local Manageability Service/Intel Corporation)                      [AUTO] LMS
Service                                                                                                                                                      Lsa
Service  system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation)                                                                   [BOOT] LSI_FC
Service  system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation)                                                                 [BOOT] LSI_SAS
Service  system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation)                                                                      [BOOT] LSI_SAS2
Service  system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation)                                                               [BOOT] LSI_SCSI
Service  system32\drivers\luafv.sys (LUA-Filtertreiber zur Dateivirtualisierung/Microsoft Corporation)                                                       [AUTO] luafv
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [DISABLED] Mcx2Svc
Service  system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation)                                  [BOOT] megasas
Service  system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.)                                                               [BOOT] MegaSR
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] MMCSS
Service  system32\drivers\modem.sys (Modemgerätetreiber/Microsoft Corporation)                                                                               [MANUAL] Modem
Service  system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation)                                                                                 [MANUAL] monitor
Service  system32\DRIVERS\mouclass.sys (Mausklassentreiber/Microsoft Corporation)                                                                            [MANUAL] mouclass
Service  system32\DRIVERS\mouhid.sys (HID-Mausfiltertreiber/Microsoft Corporation)                                                                           [MANUAL] mouhid
Service  System32\drivers\mountmgr.sys (Bereitstellungspunkt-Manager/Microsoft Corporation)                                                                  [BOOT] mountmgr
Service  system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation)                                               [BOOT] MpFilter
Service  system32\DRIVERS\mpio.sys (Multipfad-Supportbustreiber/Microsoft Corporation)                                                                       [BOOT] mpio
Service  System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation)                                                             [MANUAL] mpsdrv
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] MpsSvc
Service  system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)                                                                       [MANUAL] MRxDAV
Service  system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)                                                                          [MANUAL] mrxsmb
Service  system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation)                                                                 [MANUAL] mrxsmb10
Service  system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation)                                                                   [MANUAL] mrxsmb20
Service  system32\DRIVERS\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation)                                                                     [BOOT] msahci
Service  system32\DRIVERS\msdsm.sys (Gerätespezifisches Modul von Microsoft/Microsoft Corporation)                                                           [BOOT] msdsm
Service  C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator-Dienst/Microsoft Corporation)                                          [MANUAL] MSDTC
Service                                                                                                                                                      MSDTC Bridge 3.0.0.0
Service   (Mailslot driver/Microsoft Corporation)                                                                                                            [SYSTEM] Msfs
Service  System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation)                                                       [MANUAL] mshidkmdf
Service  system32\DRIVERS\msisadrv.sys (ISA Driver/Microsoft Corporation)                                                                                    [BOOT] msisadrv
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] MSiSCSI
Service  C:\Windows\system32\msiexec.exe (Windows® Installer/Microsoft Corporation)                                                                          [MANUAL] msiserver
Service  system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation)                                                                                   [MANUAL] MSKSSRV
Service  c:\Program Files\Microsoft Security Client\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation)                                       [AUTO] MsMpSvc
Service  system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation)                                                                                [MANUAL] MSPCLOCK
Service  system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation)                                                                         [MANUAL] MSPQM
Service   (Kernel Remote Procedure Call Provider/Microsoft Corporation)                                                                                      [MANUAL] MsRPC
Service                                                                                                                                                      MSSCNTRS
Service  system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation)                                                                 [SYSTEM] mssmbios
Service  system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation)                                                          [MANUAL] MSTEE
Service  system32\DRIVERS\MTConfig.sys (HID-Treiber für Mehrfingereingabe von Microsoft/Microsoft Corporation)                                               [MANUAL] MTConfig
Service  System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation)                                                                       [BOOT] Mup
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] napagent
Service  system32\DRIVERS\nwifi.sys (Systemeigener WiFi-Miniporttreiber/Microsoft Corporation)                                                               [MANUAL] NativeWifiP
Service  system32\drivers\ndis.sys (NDIS 6.20-Treiber/Microsoft Corporation)                                                                                 [BOOT] NDIS
Service  system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation)                                                              [MANUAL] NdisCap
Service  system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)                                                            [MANUAL] NdisTapi
Service  system32\DRIVERS\ndisuio.sys (E/A-Treiber für NDIS-Benutzermodus/Microsoft Corporation)                                                             [MANUAL] Ndisuio
Service  system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation)                                                      [MANUAL] NdisWan
Service   (NDIS Proxy/Microsoft Corporation)                                                                                                                 [MANUAL] NDProxy
Service  system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation)                                                                       [SYSTEM] NetBIOS
Service  System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation)                                                                             [SYSTEM] NetBT
Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] Netlogon
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Netman
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] netprofm
Service  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation)                      [DISABLED] NetTcpPortSharing
Service  system32\DRIVERS\netw5v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)                                                                  [MANUAL] netw5v64
Service                                                                                                                                                      Network Inspection System
Service  system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation)                                                                      [BOOT] nfrd960
Service  system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System Driver/Microsoft Corporation)                                                   [MANUAL] NisDrv
Service  c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Network Inspection System/Microsoft Corporation)                                   [MANUAL] NisSrv
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] NlaSvc
Service   (NPFS Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Npfs
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] nsi
Service  system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation)                                                                                     [SYSTEM] nsiproxy
Service                                                                                                                                                      NTDS
Service   (NT-Dateisystemtreiber/Microsoft Corporation)                                                                                                      [MANUAL] Ntfs
Service   (NULL Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Null
Service  system32\DRIVERS\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation)                                                                     [BOOT] nvraid
Service  system32\DRIVERS\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation)                                                         [BOOT] nvstor
Service  system32\DRIVERS\nv_agp.sys (NForce NT AGP-Filter/Microsoft Corporation)                                                                            [MANUAL] nv_agp
Service  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation)                       [MANUAL] odserv
Service  system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)                                                                      [MANUAL] ohci1394
Service  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation)                             [MANUAL] ose
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] p2pimsvc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] p2psvc
Service  system32\DRIVERS\parport.sys (Treiber für parallelen Anschluss/Microsoft Corporation)                                                               [MANUAL] Parport
Service  System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation)                                                                    [BOOT] partmgr
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] PcaSvc
Service  system32\DRIVERS\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)                                                                      [BOOT] pci
Service  system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation)                                                                      [BOOT] pciide
Service  system32\DRIVERS\pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation)                                                                                  [MANUAL] pcmcia
Service  System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation)                                                            [BOOT] pcw
Service  system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation)                            [AUTO] PEAUTH
Service                                                                                                                                                      PerfDisk
Service  C:\Windows\SysWow64\perfhost.exe (x86-Leistungsindikatorhost/Microsoft Corporation)                                                                 [MANUAL] PerfHost
Service                                                                                                                                                      PerfNet
Service                                                                                                                                                      PerfOS
Service                                                                                                                                                      PerfProc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] pla
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] PlugPlay
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PNRPAutoReg
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PNRPsvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PolicyAgent
Service                                                                                                                                                      PortProxy
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Power
Service  system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation)                                                                [MANUAL] PptpMiniport
Service  system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation)                                                                       [MANUAL] Processor
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ProfSvc
Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] ProtectedStorage
Service  system32\DRIVERS\pacer.sys (QoS-Paketplaner/Microsoft Corporation)                                                                                  [SYSTEM] Psched
Service  system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation)                                                          [BOOT] ql2300
Service  system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation)                                                              [BOOT] ql40xx
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] QWAVE
Service  system32\drivers\qwavedrv.sys (Supporttreiber für verbessertes Microsoft-Audio/Video-Streaming (qWave)/Microsoft Corporation)                       [MANUAL] QWAVEdrv
Service  System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)                                                                 [MANUAL] RasAcd
Service  system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation)                                                           [MANUAL] RasAgileVpn
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RasAuto
Service  system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation)                                                         [MANUAL] Rasl2tp
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RasMan
Service  system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation)                                                       [MANUAL] RasPppoe
Service  system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation)                                                                 [MANUAL] RasSstp
Service  system32\DRIVERS\rdbss.sys (Subsystemtreiber für Pufferung des umgeleiteten Laufwerks/Microsoft Corporation)                                        [SYSTEM] rdbss
Service  system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation)                                                                 [MANUAL] rdpbus
Service  System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation)                                                                                    [SYSTEM] RDPCDD
Service                                                                                                                                                      RDPDD
Service  system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation)                                                                          [SYSTEM] RDPENCDD
Service                                                                                                                                                      RDPNP
Service  system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation)                                                                 [SYSTEM] RDPREFMP
Service   (RDP Terminal Stack Driver/Microsoft Corporation)                                                                                                  [MANUAL] RDPWD
Service  System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)                                                                             [BOOT] rdyboost
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [DISABLED] RemoteAccess
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RemoteRegistry
Service  C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe                                                                                         [AUTO] RichVideo
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] RpcEptMapper
Service  C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation)                                                                                 [MANUAL] RpcLocator
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] RpcSs
Service  system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation)                                                 [AUTO] rspndr
Service  C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.)                         [MANUAL] RSUSBSTOR
Service  system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                /Realtek                                            )  [MANUAL] RTL8167
Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [AUTO] SamSs
Service  system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation)                                                                         [BOOT] sbp2port
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SCardSvr
Service  System32\DRIVERS\scfilter.sys (Filtertreiber für Smartcard-Leser von Microsoft/Microsoft Corporation)                                               [MANUAL] scfilter
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Schedule
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SCPolicySvc
Service  system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation)                                                                         [MANUAL] sdbus
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SDRSVC
Service   (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                             [AUTO] secdrv
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] seclogon
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SENS
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SensrSvc
Service  system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation)                                                                         [MANUAL] Serenum
Service  system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation)                                                                         [SYSTEM] Serial
Service  system32\DRIVERS\sermouse.sys (Serieller Mausfiltertreiber/Microsoft Corporation)                                                                   [MANUAL] sermouse
Service                                                                                                                                                      ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                      ServiceModelOperation 3.0.0.0
Service                                                                                                                                                      ServiceModelService 3.0.0.0
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SessionEnv
Service  C:\Program Files (x86)\ShadowExplorer\sesvc.exe (ShadowExplorer/www.shadowexplorer.com)                                                             [AUTO] sesvc
Service  system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation)                                                                  [MANUAL] sffdisk
Service  system32\DRIVERS\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation)                                                         [MANUAL] sffp_mmc
Service  system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation)                                                           [MANUAL] sffp_sd
Service  system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation)                                                                             [MANUAL] sfloppy
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SharedAccess
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ShellHWDetection
Service  system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.)                                                      [BOOT] SiSRaid2
Service  system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems)                                                            [BOOT] SiSRaid4
Service  C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies)                                                         [AUTO] SkypeUpdate
Service  system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation)                                                                               [MANUAL] Smb
Service                                                                                                                                                      SMSvcHost 3.0.0.0
Service  C:\Windows\System32\snmptrap.exe (SNMP-Trap/Microsoft Corporation)                                                                                  [MANUAL] SNMPTRAP
Service   (loader for security processor/Microsoft Corporation)                                                                                              [BOOT] spldr
Service  C:\Windows\System32\spoolsv.exe (Spoolersubsystem-Anwendung/Microsoft Corporation)                                                                  [AUTO] Spooler
Service  C:\Windows\system32\sppsvc.exe (Softwareschutzplattform-Dienst von Microsoft/Microsoft Corporation)                                                 [AUTO] sppsvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] sppuinotify
Service  System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation)                                                                                      [MANUAL] srv
Service  System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation)                                                                             [MANUAL] srv2
Service  system32\DRIVERS\VSTAZL6.SYS (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                          [MANUAL] SrvHsfHDA
Service  system32\DRIVERS\VSTDPV6.SYS (HSF_DP driver/Conexant Systems, Inc.)                                                                                 [MANUAL] SrvHsfV92
Service  system32\DRIVERS\VSTCNXT6.SYS (HSF_CNXT driver/Conexant Systems, Inc.)                                                                              [MANUAL] SrvHsfWinac
Service  System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation)                                                                           [MANUAL] srvnet
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SSDPSRV
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SstpSvc
Service  system32\DRIVERS\stexstor.sys (Promise  SuperTrak EX Series Driver for Windows /Promise Technology)                                                 [BOOT] stexstor
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] stisvc
Service  system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)                                                        [MANUAL] swenum
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] swprv
Service  system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated)                                                                       [MANUAL] SynTP
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SysMain
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TabletInputService
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TapiSrv
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TBS
Service  System32\drivers\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation)                                                                                   [BOOT] Tcpip
Service  system32\DRIVERS\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation)                                                                                   [MANUAL] TCPIP6
Service                                                                                                                                                      TCPIP6TUNNEL
Service  System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation)                                                          [AUTO] tcpipreg
Service                                                                                                                                                      TCPIPTUNNEL
Service  system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation)                                                                     [MANUAL] TDPIPE
Service  system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation)                                                                             [MANUAL] TDTCP
Service  system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation)                                                                             [SYSTEM] tdx
Service  system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)                                                                    [SYSTEM] TermDD
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TermService
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Themes
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] THREADORDER
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] TrkWks
Service  C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation)                                                         [MANUAL] TrustedInstaller
Service                                                                                                                                                      TSDDD
Service  System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation)                                                                     [MANUAL] tssecsrv
Service  system32\DRIVERS\tunnel.sys (Microsoft-Tunnelschnittstellentreiber/Microsoft Corporation)                                                           [MANUAL] tunnel
Service  system32\DRIVERS\uagp35.sys (MS AGPv3.5-Filter/Microsoft Corporation)                                                                               [MANUAL] uagp35
Service  system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation)                                                                            [DISABLED] udfs
Service                                                                                                                                                      UGatherer
Service                                                                                                                                                      UGTHRSVC
Service  C:\Windows\system32\UI0Detect.exe (Erkennung interaktiver Dienste/Microsoft Corporation)                                                            [MANUAL] UI0Detect
Service  system32\DRIVERS\uliagpkx.sys (ULi AGPv3.0-Filter für K8/9-Prozessorplattformen/Microsoft Corporation)                                              [MANUAL] uliagpkx
Service  system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation)                                                                         [MANUAL] umbus
Service  system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation)                                                                     [MANUAL] UmPass
Service  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation)                        [AUTO] UNS
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] upnphost
Service  system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)                                                         [MANUAL] usbccgp
Service  system32\DRIVERS\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation)                                                                [MANUAL] usbcir
Service  system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation)                                                                      [MANUAL] usbehci
Service  system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)                                                                      [MANUAL] usbhub
Service  system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation)                                                                       [MANUAL] usbohci
Service  system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation)                                                                            [MANUAL] usbprint
Service  system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)                                                                  [MANUAL] USBSTOR
Service  system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation)                                                                       [MANUAL] usbuhci
Service  System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation)                                                                        [MANUAL] usbvideo
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] UxSms
Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] VaultSvc
Service  system32\DRIVERS\vdrvroot.sys (Stammenumerator für virtuelles Laufwerk/Microsoft Corporation)                                                       [BOOT] vdrvroot
Service  C:\Windows\System32\vds.exe (Virtueller Datenträgerdienst/Microsoft Corporation)                                                                    [MANUAL] vds
Service  system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation)                                                                      [MANUAL] vga
Service  System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation)                                                                         [SYSTEM] VgaSave
Service  system32\DRIVERS\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation)                                                                              [MANUAL] vhdmp
Service  system32\DRIVERS\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.)                                                                 [BOOT] viaide
Service  system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation)                                                                           [BOOT] volmgr
Service  System32\drivers\volmgrx.sys (Treiber für Erweiterung des Volume-Managers/Microsoft Corporation)                                                    [BOOT] volmgrx
Service  system32\DRIVERS\volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation)                                                                    [BOOT] volsnap
Service  system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd)                                                             [BOOT] vsmraid
Service  C:\Windows\system32\vssvc.exe (Microsoft® Volumeschattenkopie-Dienst/Microsoft Corporation)                                                         [MANUAL] VSS
Service  system32\DRIVERS\vwifibus.sys (Virtueller WiFi-Bustreiber/Microsoft Corporation)                                                                    [MANUAL] vwifibus
Service  system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation)                                                                    [SYSTEM] vwififlt
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] W32Time
Service                                                                                                                                                      W3SVC
Service  system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation)                                                            [MANUAL] WacomPen
Service  system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)                                                         [MANUAL] WANARP
Service  system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)                                                         [SYSTEM] Wanarpv6
Service  C:\Windows\system32\wbengine.exe (EXE-Datei für Microsoft®-Blockebenen-Sicherungsmodul/Microsoft Corporation)                                       [MANUAL] wbengine
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WbioSrvc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] wcncsvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WcsPlugInService
Service  system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation)                                                                     [BOOT] Wd
Service  system32\drivers\Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)                                                          [BOOT] Wdf01000
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WdiServiceHost
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WdiSystemHost
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WebClient
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Wecsvc
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] wercplsupport
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WerSvc
Service  system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation)                                                         [SYSTEM] WfpLwf
Service  C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation)                                                             [MANUAL] WIMMount
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinDefend
Service                                                                                                                                                      Windows Workflow Foundation 3.0.0.0
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinHttpAutoProxySvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Winmgmt
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinRM
Service                                                                                                                                                      [MANUAL] Winsock
Service                                                                                                                                                      WinSock2
Service  system32\DRIVERS\WinUsb.sys (Windows USB Class Driver BETA/Microsoft Corporation)                                                                   [MANUAL] WinUsb
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Wlansvc
Service  system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation)                                                          [MANUAL] WmiAcpi
Service                                                                                                                                                      WmiApRpl
Service  C:\Windows\system32\wbem\WmiApSrv.exe (Adapter für den WMI-Leistungsreverseadapter/Microsoft Corporation)                                           [MANUAL] wmiApSrv
Service  C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe                                                                                            [AUTO] WMPNetworkSvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WPCSvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WPDBusEnum
Service  system32\drivers\ws2ifsl.sys (Winsock2-IFS-Schicht/Microsoft Corporation)                                                                           [SYSTEM] ws2ifsl
Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wscsvc
Service  C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search-Indexerstellung/Microsoft Corporation)                                              [AUTO] WSearch
Service                                                                                                                                                      WSearchIdxPi
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wuauserv
Service  system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)                          [MANUAL] WudfPf
Service  system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation)                                [MANUAL] WUDFRd
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wudfsvc
Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WwanSvc
Service                                                                                                                                                      xmlprov
Service  system32\DRIVERS\yk62x64.sys (Miniport Driver for Marvell Yukon Ethernet Controller./Marvell)                                                       [MANUAL] yukonw7
Service                                                                                                                                                      {8DA24F72-EB71-4CC1-912A-E01DF83FDE24}
Service                                                                                                                                                      {BE7AC60A-6F36-452C-83E6-B7276A634670}

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Osam:
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:42:03 on 25.06.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForLIZ-PC$.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Norton Security Scan for Liz.job" - "Symantec Corporation" - C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{1944F5A1-2835-45B0-91E6-FA3EDDAF539E} "Graph Shell Extension" - "Ivan Johansen" - C:\PROGRA~2\Graph\THUMBN~1.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files (x86)\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
<binary data> "{C424171E-592A-415A-9EB1-DFD6D95D3530}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Common\HPGMNRev.dll / hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
"ICQ7.2" - ? - C:\Program Files (x86)\ICQ7.2\ICQ.exe  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HPADVISOR" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll" - "DivX, LLC" - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-25 13:43:25
-----------------------------
13:43:25.264    OS Version: Windows x64 6.1.7600 
13:43:25.264    Number of processors: 4 586 0x2502
13:43:25.264    ComputerName: LIZ-PC  UserName: Liz
13:43:26.761    Initialize success
13:45:52.890    AVAST engine defs: 12062500
13:47:14.478    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:47:14.494    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
13:47:14.509    Disk 0 MBR read successfully
13:47:14.509    Disk 0 MBR scan
13:47:14.509    Disk 0 unknown MBR code
13:47:14.525    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:47:14.541    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291736 MB offset 409600
13:47:14.572    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13205 MB offset 597884928
13:47:14.587    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
13:47:14.619    Disk 0 scanning C:\Windows\system32\drivers
13:47:21.623    Service scanning
13:47:37.145    Modules scanning
13:47:37.161    Disk 0 trace - called modules:
13:47:37.707    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
13:47:37.707    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c18060]
13:47:37.722    3 CLASSPNP.SYS[fffff880011b943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004975050]
13:47:39.906    AVAST engine scan C:\Windows
13:47:42.948    AVAST engine scan C:\Windows\system32
13:49:55.720    AVAST engine scan C:\Windows\system32\drivers
13:50:04.971    AVAST engine scan C:\Users\Liz
14:08:37.081    AVAST engine scan C:\ProgramData
14:12:15.934    Scan finished successfully
14:14:59.485    Disk 0 MBR has been saved successfully to "C:\Users\Liz\Desktop\MBR.dat"
14:14:59.485    The log file has been saved successfully to "C:\Users\Liz\Desktop\aswMBR.txt"
         

Antwort

Themen zu Entfernung des Ukash Trojaners und Dateiwiederherstellung
abgesicherten, aktualisierung, anhang, ausführung, bräuchte, datei, eingabe, entfernung, erledigt, essen, forum, gefundenen, konnte, microsoft, modus, programm, rechner, scan, security, starte, starten, troja, trojaner, trojaner - gesperrte dateien, trojaners, ukash bka gema, windows 7 64bit home



Ähnliche Themen: Entfernung des Ukash Trojaners und Dateiwiederherstellung


  1. Probleme im Internet nach der Entfernung eines Trojaners
    Diskussionsforum - 09.08.2015 (16)
  2. Benötige Hilfe zur Entfernung eines Trojaners
    Log-Analyse und Auswertung - 01.07.2014 (5)
  3. Brauche Unterstützung bei der Entfernung des GVU Trojaners
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (5)
  4. Neueste Version (2.0xx) des Ukash Trojaners auf Win XP
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  5. nach vermeintlicher entfernung des BKA Trojaners jetzt anderes Problem
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (8)
  6. Probleme nach Entfernung des BKA-Trojaners
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (21)
  7. System nach Bereinigung des Ukash-Trojaners sauber?
    Log-Analyse und Auswertung - 26.10.2011 (1)
  8. Entfernung des Bundespolizei/UKASH-Trojaners
    Log-Analyse und Auswertung - 25.08.2011 (13)
  9. Vista: Nach Entfernung des Trojaners Windows Recovery leerer Desktop
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (1)
  10. Probleme nach Entfernung des Trojaners „Anti-Malware-Doctor“ / „tscnbbpe.dll“ fehlt
    Plagegeister aller Art und deren Bekämpfung - 15.06.2010 (7)
  11. Nach Entfernung eines Keyloggers + Trojaners
    Plagegeister aller Art und deren Bekämpfung - 11.09.2009 (39)
  12. Fehlermeldung beim Start des PCs trotz Entfernung (?) des Trojaners
    Log-Analyse und Auswertung - 22.02.2008 (6)
  13. RUNDLL-Fehlermeldung nach Entfernung eines Trojaners
    Plagegeister aller Art und deren Bekämpfung - 24.05.2007 (15)
  14. mein computer nach der Automatische Entfernung des Trojaners Smitfraud.c aka Troj/Fak
    Log-Analyse und Auswertung - 21.11.2005 (4)
  15. Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Plagegeister aller Art und deren Bekämpfung - 27.07.2005 (3)
  16. Manuelle Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Archiv - 13.06.2005 (2)
  17. Entfernung des Trojaners
    Mülltonne - 16.03.2005 (0)

Zum Thema Entfernung des Ukash Trojaners und Dateiwiederherstellung - Hallo ich habe seit kurzem einen Ukash Trojaner der Versoin 2.06 . Ich habe bereits einige Schritte eingeleitet bevor ich auf dieses Forum gestoßen bin und bräuchte jetzt weitere Hilfe - Entfernung des Ukash Trojaners und Dateiwiederherstellung...
Archiv
Du betrachtest: Entfernung des Ukash Trojaners und Dateiwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.