Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.05.2014, 02:22   #1
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Hallo, ich habe jetzt schon seit bestimmt einer Woche das Problem, dass mein PC und Laptop befallen sind. Schon Kaspersky, Avira und AVG mit jeweiligem Rescue Disks zur Hilfe genommen, aber die Malware umgeht das alles.

FRST64:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ADMIN (administrator) on ADMIN-PC on 27-05-2014 01:46:26
Running from E:\scans
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
() E:\scans\Defogger.exe


==================== Registry (Whitelisted) ==================


==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

FireFox:
========

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 02:36 - 2014-05-27 01:43 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:43 - 2014-05-27 01:46 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:43 - 2014-05-27 01:44 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:43 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:39 - 2014-05-27 01:45 - 00007696 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2014-05-27 02:36 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-05-27 02:36 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:46 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:45 - 2014-05-27 01:39 - 00007696 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 01:45 - 2009-07-14 06:51 - 00022393 _____ () C:\Windows\setupact.log
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 02:36 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-05-27 01:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 01:42 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-27 01:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:40 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-27 01:37 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.


LastRegBack: 2014-05-27 01:36

==================== End Of Log ============================
         
--- --- ---


[/CODE]

Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ADMIN at 2014-05-27 01:46:45
Running from E:\scans
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================


==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2014-05-26 22:28 - 2014-05-26 22:28 - 00050477 _____ () E:\scans\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/27/2014 01:42:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 4076.67 MB
Available physical RAM: 3211.14 MB
Total Pagefile: 8151.54 MB
Available Pagefile: 7258.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:95 GB) (Free:80.71 GB) NTFS
Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:213.79 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:1.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         
GMER:

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-27 02:50:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB
Running: h735myn9s.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\aglorpod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [224:716]  000007fef7ba9688

---- EOF - GMER 2.1 ----
         
--- --- ---
Nachtrag: OTL



Code:
ATTFilter
OTL logfile created on: 27.05.2014 02:51:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\scans
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,43% Memory free
7,96 Gb Paging File | 7,23 Gb Available in Paging File | 90,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,00 Gb Total Space | 80,67 Gb Free Space | 84,91% Space Free | Partition Type: NTFS
Drive D: | 340,31 Gb Total Space | 213,79 Gb Free Space | 62,82% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 1,75 Gb Free Space | 47,51% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.26 00:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\scans\OTL.exe
PRC - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.27 02:36:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014.05.27 02:34:50 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.27 02:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.05.27 02:34:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.27 02:34:32 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.27 02:34:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.05.27 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Programs
[2014.05.27 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics
[2014.05.27 02:10:09 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Diagnostics
[2014.05.27 02:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.05.27 01:46:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Searches
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.05.27 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Identities
[2014.05.27 01:43:43 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Contacts
[2014.05.27 01:43:42 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\VirtualStore
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Vorlagen
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Verlauf
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Temporary Internet Files
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Startmenü
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\SendTo
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Recent
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Netzwerkumgebung
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Lokale Einstellungen
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Videos
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Musik
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Eigene Dateien
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Bilder
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Druckumgebung
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Cookies
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Anwendungsdaten
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Anwendungsdaten
[2014.05.27 01:43:29 | 000,000,000 | --SD | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Videos
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Saved Games
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Pictures
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Music
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Links
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Favorites
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Downloads
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Documents
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Desktop
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.05.27 01:43:29 | 000,000,000 | -H-D | C] -- C:\Users\ADMIN\AppData
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Temp
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Microsoft
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Programme
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2014.05.27 01:39:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.05.27 01:37:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014.05.27 01:36:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.27 02:36:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.27 02:34:59 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.27 02:34:59 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.27 02:34:59 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.27 02:34:59 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.27 02:34:59 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.27 02:34:34 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.05.27 02:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.27 02:12:37 | 3206,025,216 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.27 02:12:14 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.27 02:12:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.27 01:46:08 | 000,000,000 | ---- | M] () -- C:\Users\ADMIN\defogger_reenable
[2014.05.27 01:45:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.05.27 01:42:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014.05.27 02:34:34 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.05.27 01:46:08 | 000,000,000 | ---- | C] () -- C:\Users\ADMIN\defogger_reenable
[2014.05.27 01:45:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.05.27 01:44:03 | 000,001,405 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014.05.27 01:43:57 | 000,001,439 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.05.27 01:40:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014.05.27 01:40:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014.05.27 01:36:51 | 3206,025,216 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 27.05.2014, 06:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



hi,


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 27.05.2014, 14:53   #3
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Vielen Dank für deine Hilfe. Habe jetzt beides ausgeführt, es wird aber nichts gefunden. Hier die Logs:

Code:
ATTFilter
15:28:45.0796 0x0a24  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
15:28:50.0632 0x0a24  ============================================================
15:28:50.0632 0x0a24  Current date / time: 2014/05/27 15:28:50.0632
15:28:50.0632 0x0a24  SystemInfo:
15:28:50.0632 0x0a24  
15:28:50.0632 0x0a24  OS Version: 6.1.7601 ServicePack: 1.0
15:28:50.0632 0x0a24  Product type: Workstation
15:28:50.0632 0x0a24  ComputerName: ADMIN-PC
15:28:50.0632 0x0a24  UserName: ADMIN
15:28:50.0632 0x0a24  Windows directory: C:\Windows
15:28:50.0632 0x0a24  System windows directory: C:\Windows
15:28:50.0632 0x0a24  Running under WOW64
15:28:50.0632 0x0a24  Processor architecture: Intel x64
15:28:50.0632 0x0a24  Number of processors: 4
15:28:50.0632 0x0a24  Page size: 0x1000
15:28:50.0632 0x0a24  Boot type: Normal boot
15:28:50.0632 0x0a24  ============================================================
15:28:52.0067 0x0a24  KLMD registered as C:\Windows\system32\drivers\83123767.sys
15:28:52.0130 0x0a24  System UUID: {C0BB3A22-3905-349D-43B2-13731DA10A43}
15:28:52.0535 0x0a24  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:52.0551 0x0a24  Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:52.0551 0x0a24  ============================================================
15:28:52.0551 0x0a24  \Device\Harddisk0\DR0:
15:28:52.0551 0x0a24  MBR partitions:
15:28:52.0551 0x0a24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:28:52.0551 0x0a24  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBE02800
15:28:52.0566 0x0a24  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC33000, BlocksNum 0x2A8A0800
15:28:52.0566 0x0a24  \Device\Harddisk1\DR2:
15:28:52.0566 0x0a24  MBR partitions:
15:28:52.0566 0x0a24  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x762BC1
15:28:52.0566 0x0a24  ============================================================
15:28:52.0613 0x0a24  C: <-> \Device\Harddisk0\DR0\Partition2
15:28:52.0660 0x0a24  D: <-> \Device\Harddisk0\DR0\Partition3
15:28:52.0660 0x0a24  ============================================================
15:28:52.0660 0x0a24  Initialize success
15:28:52.0660 0x0a24  ============================================================
15:29:18.0946 0x0908  ============================================================
15:29:18.0946 0x0908  Scan started
15:29:18.0946 0x0908  Mode: Manual; SigCheck; TDLFS; 
15:29:18.0946 0x0908  ============================================================
15:29:18.0946 0x0908  KSN ping started
15:29:21.0629 0x0908  KSN ping finished: true
15:29:22.0082 0x0908  ================ Scan system memory ========================
15:29:22.0082 0x0908  System memory - ok
15:29:22.0082 0x0908  ================ Scan services =============================
15:29:22.0253 0x0908  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:29:22.0347 0x0908  1394ohci - ok
15:29:22.0362 0x0908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:29:22.0378 0x0908  ACPI - ok
15:29:22.0394 0x0908  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:29:22.0425 0x0908  AcpiPmi - ok
15:29:22.0472 0x0908  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:29:22.0487 0x0908  adp94xx - ok
15:29:22.0503 0x0908  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:29:22.0518 0x0908  adpahci - ok
15:29:22.0518 0x0908  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:29:22.0534 0x0908  adpu320 - ok
15:29:22.0565 0x0908  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:29:22.0612 0x0908  AeLookupSvc - ok
15:29:22.0628 0x0908  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys
15:29:22.0784 0x0908  AFD - ok
15:29:22.0815 0x0908  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:29:22.0830 0x0908  agp440 - ok
15:29:22.0862 0x0908  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:29:22.0908 0x0908  ALG - ok
15:29:22.0924 0x0908  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:29:22.0940 0x0908  aliide - ok
15:29:22.0940 0x0908  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:29:22.0940 0x0908  amdide - ok
15:29:22.0971 0x0908  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:29:22.0986 0x0908  AmdK8 - ok
15:29:22.0986 0x0908  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:29:23.0018 0x0908  AmdPPM - ok
15:29:23.0033 0x0908  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:29:23.0049 0x0908  amdsata - ok
15:29:23.0064 0x0908  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:29:23.0064 0x0908  amdsbs - ok
15:29:23.0080 0x0908  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:29:23.0080 0x0908  amdxata - ok
15:29:23.0096 0x0908  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:29:23.0142 0x0908  AppID - ok
15:29:23.0158 0x0908  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:29:23.0205 0x0908  AppIDSvc - ok
15:29:23.0220 0x0908  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
15:29:23.0283 0x0908  Appinfo - ok
15:29:23.0314 0x0908  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:29:23.0345 0x0908  AppMgmt - ok
15:29:23.0392 0x0908  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:29:23.0423 0x0908  arc - ok
15:29:23.0423 0x0908  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:29:23.0439 0x0908  arcsas - ok
15:29:23.0470 0x0908  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:23.0501 0x0908  AsyncMac - ok
15:29:23.0501 0x0908  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:29:23.0517 0x0908  atapi - ok
15:29:23.0595 0x0908  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:29:23.0720 0x0908  AudioEndpointBuilder - ok
15:29:23.0735 0x0908  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:29:23.0766 0x0908  AudioSrv - ok
15:29:23.0813 0x0908  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:29:23.0907 0x0908  AxInstSV - ok
15:29:23.0985 0x0908  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:29:24.0078 0x0908  b06bdrv - ok
15:29:24.0203 0x0908  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:29:24.0281 0x0908  b57nd60a - ok
15:29:24.0390 0x0908  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:29:24.0468 0x0908  BDESVC - ok
15:29:24.0484 0x0908  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:29:24.0546 0x0908  Beep - ok
15:29:24.0624 0x0908  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:29:24.0687 0x0908  BFE - ok
15:29:24.0765 0x0908  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:29:24.0827 0x0908  BITS - ok
15:29:24.0843 0x0908  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:24.0874 0x0908  blbdrive - ok
15:29:24.0905 0x0908  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:29:24.0936 0x0908  bowser - ok
15:29:24.0952 0x0908  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:29:24.0999 0x0908  BrFiltLo - ok
15:29:25.0014 0x0908  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:29:25.0030 0x0908  BrFiltUp - ok
15:29:25.0077 0x0908  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
15:29:25.0139 0x0908  Browser - ok
15:29:25.0155 0x0908  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:29:25.0280 0x0908  Brserid - ok
15:29:25.0295 0x0908  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:25.0358 0x0908  BrSerWdm - ok
15:29:25.0373 0x0908  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:25.0467 0x0908  BrUsbMdm - ok
15:29:25.0482 0x0908  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:25.0514 0x0908  BrUsbSer - ok
15:29:25.0514 0x0908  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:29:25.0592 0x0908  BTHMODEM - ok
15:29:25.0638 0x0908  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:29:25.0701 0x0908  bthserv - ok
15:29:25.0716 0x0908  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:29:25.0779 0x0908  cdfs - ok
15:29:25.0794 0x0908  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:29:25.0794 0x0908  cdrom - ok
15:29:25.0826 0x0908  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:29:25.0857 0x0908  CertPropSvc - ok
15:29:25.0904 0x0908  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:29:25.0950 0x0908  circlass - ok
15:29:26.0013 0x0908  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:29:26.0028 0x0908  CLFS - ok
15:29:26.0075 0x0908  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:26.0075 0x0908  clr_optimization_v2.0.50727_32 - ok
15:29:26.0122 0x0908  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:26.0138 0x0908  clr_optimization_v2.0.50727_64 - ok
15:29:26.0169 0x0908  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:26.0200 0x0908  CmBatt - ok
15:29:26.0231 0x0908  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:29:26.0247 0x0908  cmdide - ok
15:29:26.0294 0x0908  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys
15:29:26.0325 0x0908  CNG - ok
15:29:26.0356 0x0908  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:29:26.0356 0x0908  Compbatt - ok
15:29:26.0372 0x0908  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:26.0403 0x0908  CompositeBus - ok
15:29:26.0418 0x0908  COMSysApp - ok
15:29:26.0465 0x0908  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:29:26.0481 0x0908  crcdisk - ok
15:29:26.0512 0x0908  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:29:26.0637 0x0908  CryptSvc - ok
15:29:26.0652 0x0908  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:29:26.0730 0x0908  CSC - ok
15:29:26.0777 0x0908  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:29:26.0824 0x0908  CscService - ok
15:29:26.0902 0x0908  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:29:26.0980 0x0908  DcomLaunch - ok
15:29:27.0011 0x0908  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:29:27.0058 0x0908  defragsvc - ok
15:29:27.0074 0x0908  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:29:27.0120 0x0908  DfsC - ok
15:29:27.0152 0x0908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:29:27.0198 0x0908  Dhcp - ok
15:29:27.0214 0x0908  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:29:27.0261 0x0908  discache - ok
15:29:27.0292 0x0908  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:29:27.0323 0x0908  Disk - ok
15:29:27.0339 0x0908  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:29:27.0417 0x0908  dmvsc - ok
15:29:27.0479 0x0908  [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:29:27.0557 0x0908  Dnscache - ok
15:29:27.0573 0x0908  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:29:27.0682 0x0908  dot3svc - ok
15:29:27.0698 0x0908  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:29:27.0729 0x0908  DPS - ok
15:29:27.0776 0x0908  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:29:27.0807 0x0908  drmkaud - ok
15:29:27.0869 0x0908  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:29:27.0900 0x0908  DXGKrnl - ok
15:29:27.0932 0x0908  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:29:27.0978 0x0908  EapHost - ok
15:29:28.0088 0x0908  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:29:28.0197 0x0908  ebdrv - ok
15:29:28.0212 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
15:29:28.0228 0x0908  EFS - ok
15:29:28.0337 0x0908  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:29:28.0415 0x0908  ehRecvr - ok
15:29:28.0446 0x0908  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:29:28.0478 0x0908  ehSched - ok
15:29:28.0524 0x0908  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:29:28.0556 0x0908  elxstor - ok
15:29:28.0556 0x0908  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:29:28.0571 0x0908  ErrDev - ok
15:29:28.0712 0x0908  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:29:28.0774 0x0908  EventSystem - ok
15:29:28.0790 0x0908  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:29:28.0821 0x0908  exfat - ok
15:29:28.0852 0x0908  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:29:28.0899 0x0908  fastfat - ok
15:29:28.0946 0x0908  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:29:28.0992 0x0908  Fax - ok
15:29:29.0008 0x0908  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:29:29.0055 0x0908  fdc - ok
15:29:29.0086 0x0908  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:29:29.0133 0x0908  fdPHost - ok
15:29:29.0133 0x0908  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:29:29.0164 0x0908  FDResPub - ok
15:29:29.0180 0x0908  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:29:29.0195 0x0908  FileInfo - ok
15:29:29.0195 0x0908  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:29:29.0226 0x0908  Filetrace - ok
15:29:29.0226 0x0908  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:29:29.0242 0x0908  flpydisk - ok
15:29:29.0242 0x0908  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:29:29.0258 0x0908  FltMgr - ok
15:29:29.0304 0x0908  [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache       C:\Windows\system32\FntCache.dll
15:29:29.0367 0x0908  FontCache - ok
15:29:29.0460 0x0908  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:29.0492 0x0908  FontCache3.0.0.0 - ok
15:29:29.0507 0x0908  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:29:29.0523 0x0908  FsDepends - ok
15:29:29.0554 0x0908  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:29:29.0554 0x0908  Fs_Rec - ok
15:29:29.0570 0x0908  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:29:29.0585 0x0908  fvevol - ok
15:29:29.0616 0x0908  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:29:29.0616 0x0908  gagp30kx - ok
15:29:29.0663 0x0908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:29:29.0710 0x0908  gpsvc - ok
15:29:29.0710 0x0908  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:29:29.0741 0x0908  hcw85cir - ok
15:29:29.0788 0x0908  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:29.0819 0x0908  HdAudAddService - ok
15:29:29.0835 0x0908  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:29.0866 0x0908  HDAudBus - ok
15:29:29.0882 0x0908  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:29:29.0897 0x0908  HidBatt - ok
15:29:29.0913 0x0908  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:29:29.0928 0x0908  HidBth - ok
15:29:29.0928 0x0908  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:29:29.0944 0x0908  HidIr - ok
15:29:29.0975 0x0908  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:29:30.0006 0x0908  hidserv - ok
15:29:30.0038 0x0908  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:29:30.0053 0x0908  HidUsb - ok
15:29:30.0084 0x0908  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:29:30.0116 0x0908  hkmsvc - ok
15:29:30.0147 0x0908  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:30.0178 0x0908  HomeGroupListener - ok
15:29:30.0209 0x0908  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:30.0240 0x0908  HomeGroupProvider - ok
15:29:30.0272 0x0908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:29:30.0272 0x0908  HpSAMD - ok
15:29:30.0303 0x0908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:29:30.0365 0x0908  HTTP - ok
15:29:30.0381 0x0908  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:29:30.0381 0x0908  hwpolicy - ok
15:29:30.0381 0x0908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:30.0396 0x0908  i8042prt - ok
15:29:30.0412 0x0908  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:29:30.0428 0x0908  iaStorV - ok
15:29:30.0506 0x0908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:30.0537 0x0908  idsvc - ok
15:29:30.0568 0x0908  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:29:30.0568 0x0908  iirsp - ok
15:29:30.0646 0x0908  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:29:30.0693 0x0908  IKEEXT - ok
15:29:30.0708 0x0908  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:29:30.0724 0x0908  intelide - ok
15:29:30.0740 0x0908  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:29:30.0755 0x0908  intelppm - ok
15:29:30.0786 0x0908  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:29:30.0833 0x0908  IPBusEnum - ok
15:29:30.0864 0x0908  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:30.0896 0x0908  IpFilterDriver - ok
15:29:30.0927 0x0908  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:29:30.0974 0x0908  iphlpsvc - ok
15:29:30.0989 0x0908  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:29:31.0020 0x0908  IPMIDRV - ok
15:29:31.0020 0x0908  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:29:31.0067 0x0908  IPNAT - ok
15:29:31.0083 0x0908  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:29:31.0098 0x0908  IRENUM - ok
15:29:31.0098 0x0908  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:29:31.0114 0x0908  isapnp - ok
15:29:31.0130 0x0908  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:29:31.0145 0x0908  iScsiPrt - ok
15:29:31.0161 0x0908  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:31.0176 0x0908  kbdclass - ok
15:29:31.0192 0x0908  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:31.0208 0x0908  kbdhid - ok
15:29:31.0223 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
15:29:31.0239 0x0908  KeyIso - ok
15:29:31.0254 0x0908  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:29:31.0270 0x0908  KSecDD - ok
15:29:31.0270 0x0908  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:29:31.0286 0x0908  KSecPkg - ok
15:29:31.0286 0x0908  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:29:31.0317 0x0908  ksthunk - ok
15:29:31.0332 0x0908  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:29:31.0379 0x0908  KtmRm - ok
15:29:31.0395 0x0908  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:29:31.0442 0x0908  LanmanServer - ok
15:29:31.0473 0x0908  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:31.0520 0x0908  LanmanWorkstation - ok
15:29:31.0551 0x0908  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:29:31.0598 0x0908  lltdio - ok
15:29:31.0613 0x0908  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:29:31.0660 0x0908  lltdsvc - ok
15:29:31.0676 0x0908  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:29:31.0722 0x0908  lmhosts - ok
15:29:31.0816 0x0908  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:29:31.0988 0x0908  LMS - ok
15:29:32.0112 0x0908  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:29:32.0128 0x0908  LSI_FC - ok
15:29:32.0144 0x0908  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:29:32.0144 0x0908  LSI_SAS - ok
15:29:32.0144 0x0908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:29:32.0159 0x0908  LSI_SAS2 - ok
15:29:32.0159 0x0908  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:29:32.0175 0x0908  LSI_SCSI - ok
15:29:32.0190 0x0908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:29:32.0222 0x0908  luafv - ok
15:29:32.0253 0x0908  [ 9D9ED48F841EA37AA5310D54B9E5D3C7, 147DBEBE08A49486F91B30DE3606AC3B7D765DA751DF6880FA5A2D8FBAA2E2A2 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
15:29:32.0300 0x0908  mbamchameleon - ok
15:29:32.0331 0x0908  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:29:32.0362 0x0908  MBAMProtector - ok
15:29:32.0456 0x0908  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
15:29:32.0487 0x0908  MBAMScheduler - ok
15:29:32.0534 0x0908  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
15:29:32.0549 0x0908  MBAMService - ok
15:29:32.0565 0x0908  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:29:32.0596 0x0908  MBAMWebAccessControl - ok
15:29:32.0627 0x0908  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:29:32.0658 0x0908  Mcx2Svc - ok
15:29:32.0658 0x0908  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:29:32.0674 0x0908  megasas - ok
15:29:32.0690 0x0908  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:29:32.0690 0x0908  MegaSR - ok
15:29:32.0736 0x0908  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:29:32.0768 0x0908  MEIx64 - ok
15:29:32.0783 0x0908  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:29:32.0814 0x0908  MMCSS - ok
15:29:32.0814 0x0908  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:29:32.0861 0x0908  Modem - ok
15:29:32.0877 0x0908  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:29:32.0908 0x0908  monitor - ok
15:29:32.0908 0x0908  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:29:32.0924 0x0908  mouclass - ok
15:29:32.0939 0x0908  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:29:32.0955 0x0908  mouhid - ok
15:29:32.0970 0x0908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:29:32.0986 0x0908  mountmgr - ok
15:29:33.0017 0x0908  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:29:33.0017 0x0908  MozillaMaintenance - ok
15:29:33.0033 0x0908  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:29:33.0048 0x0908  mpio - ok
15:29:33.0064 0x0908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:29:33.0095 0x0908  mpsdrv - ok
15:29:33.0142 0x0908  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:29:33.0189 0x0908  MpsSvc - ok
15:29:33.0204 0x0908  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:29:33.0236 0x0908  MRxDAV - ok
15:29:33.0251 0x0908  [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:33.0282 0x0908  mrxsmb - ok
15:29:33.0298 0x0908  [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:33.0329 0x0908  mrxsmb10 - ok
15:29:33.0329 0x0908  [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:33.0360 0x0908  mrxsmb20 - ok
15:29:33.0376 0x0908  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:29:33.0376 0x0908  msahci - ok
15:29:33.0392 0x0908  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:29:33.0407 0x0908  msdsm - ok
15:29:33.0423 0x0908  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:29:33.0438 0x0908  MSDTC - ok
15:29:33.0454 0x0908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:29:33.0485 0x0908  Msfs - ok
15:29:33.0532 0x0908  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:29:33.0610 0x0908  mshidkmdf - ok
15:29:33.0610 0x0908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:29:33.0610 0x0908  msisadrv - ok
15:29:33.0641 0x0908  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:29:33.0688 0x0908  MSiSCSI - ok
15:29:33.0688 0x0908  msiserver - ok
15:29:33.0704 0x0908  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:29:33.0750 0x0908  MSKSSRV - ok
15:29:33.0782 0x0908  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:33.0844 0x0908  MSPCLOCK - ok
15:29:33.0844 0x0908  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:29:33.0875 0x0908  MSPQM - ok
15:29:33.0906 0x0908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:29:33.0922 0x0908  MsRPC - ok
15:29:33.0922 0x0908  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:33.0938 0x0908  mssmbios - ok
15:29:33.0953 0x0908  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:29:34.0016 0x0908  MSTEE - ok
15:29:34.0016 0x0908  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:29:34.0031 0x0908  MTConfig - ok
15:29:34.0047 0x0908  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:29:34.0062 0x0908  Mup - ok
15:29:34.0094 0x0908  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:29:34.0140 0x0908  napagent - ok
15:29:34.0203 0x0908  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:29:34.0265 0x0908  NativeWifiP - ok
15:29:34.0312 0x0908  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:29:34.0328 0x0908  NDIS - ok
15:29:34.0343 0x0908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:34.0374 0x0908  NdisCap - ok
15:29:34.0390 0x0908  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:34.0421 0x0908  NdisTapi - ok
15:29:34.0421 0x0908  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:34.0468 0x0908  Ndisuio - ok
15:29:34.0468 0x0908  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:34.0515 0x0908  NdisWan - ok
15:29:34.0530 0x0908  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:29:34.0562 0x0908  NDProxy - ok
15:29:34.0562 0x0908  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:29:34.0593 0x0908  NetBIOS - ok
15:29:34.0608 0x0908  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:29:34.0640 0x0908  NetBT - ok
15:29:34.0655 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
15:29:34.0671 0x0908  Netlogon - ok
15:29:34.0702 0x0908  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:29:34.0733 0x0908  Netman - ok
15:29:34.0764 0x0908  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:29:34.0811 0x0908  netprofm - ok
15:29:34.0842 0x0908  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:34.0858 0x0908  NetTcpPortSharing - ok
15:29:35.0076 0x0908  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
15:29:35.0217 0x0908  netw5v64 - ok
15:29:35.0264 0x0908  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:29:35.0295 0x0908  nfrd960 - ok
15:29:35.0342 0x0908  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:29:35.0388 0x0908  NlaSvc - ok
15:29:35.0388 0x0908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:29:35.0420 0x0908  Npfs - ok
15:29:35.0435 0x0908  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:29:35.0482 0x0908  nsi - ok
15:29:35.0482 0x0908  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:29:35.0513 0x0908  nsiproxy - ok
15:29:35.0576 0x0908  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:29:35.0607 0x0908  Ntfs - ok
15:29:35.0622 0x0908  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:29:35.0700 0x0908  Null - ok
15:29:35.0747 0x0908  [ F2662FDC20518EE8A8EED4F61BA42349, 4E8810345AA7D878DC21AE0A2E6ED201FC90EE112D6D13961A8D697A98716B3F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:29:35.0810 0x0908  NVHDA - ok
15:29:35.0841 0x0908  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:29:35.0856 0x0908  nvraid - ok
15:29:35.0872 0x0908  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:29:35.0888 0x0908  nvstor - ok
15:29:35.0903 0x0908  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:29:35.0903 0x0908  nv_agp - ok
15:29:35.0919 0x0908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:29:35.0950 0x0908  ohci1394 - ok
15:29:35.0981 0x0908  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:29:36.0028 0x0908  p2pimsvc - ok
15:29:36.0044 0x0908  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:29:36.0075 0x0908  p2psvc - ok
15:29:36.0090 0x0908  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:29:36.0106 0x0908  Parport - ok
15:29:36.0106 0x0908  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:29:36.0122 0x0908  partmgr - ok
15:29:36.0137 0x0908  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:29:36.0168 0x0908  PcaSvc - ok
15:29:36.0168 0x0908  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:29:36.0184 0x0908  pci - ok
15:29:36.0184 0x0908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:29:36.0200 0x0908  pciide - ok
15:29:36.0215 0x0908  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:29:36.0231 0x0908  pcmcia - ok
15:29:36.0231 0x0908  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:29:36.0246 0x0908  pcw - ok
15:29:36.0262 0x0908  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:29:36.0324 0x0908  PEAUTH - ok
15:29:36.0402 0x0908  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:29:36.0480 0x0908  PeerDistSvc - ok
15:29:36.0543 0x0908  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:29:36.0590 0x0908  PerfHost - ok
15:29:36.0683 0x0908  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:29:36.0746 0x0908  pla - ok
15:29:36.0792 0x0908  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:29:36.0855 0x0908  PlugPlay - ok
15:29:36.0870 0x0908  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:29:36.0886 0x0908  PNRPAutoReg - ok
15:29:36.0902 0x0908  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:29:36.0917 0x0908  PNRPsvc - ok
15:29:36.0964 0x0908  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:29:37.0026 0x0908  PolicyAgent - ok
15:29:37.0042 0x0908  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:29:37.0089 0x0908  Power - ok
15:29:37.0120 0x0908  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:29:37.0214 0x0908  PptpMiniport - ok
15:29:37.0214 0x0908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:29:37.0245 0x0908  Processor - ok
15:29:37.0260 0x0908  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
15:29:37.0307 0x0908  ProfSvc - ok
15:29:37.0323 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:37.0338 0x0908  ProtectedStorage - ok
15:29:37.0354 0x0908  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:29:37.0401 0x0908  Psched - ok
15:29:37.0510 0x0908  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:29:37.0541 0x0908  ql2300 - ok
15:29:37.0557 0x0908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:29:37.0572 0x0908  ql40xx - ok
15:29:37.0604 0x0908  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:29:37.0650 0x0908  QWAVE - ok
15:29:37.0666 0x0908  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:29:37.0682 0x0908  QWAVEdrv - ok
15:29:37.0697 0x0908  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:29:37.0744 0x0908  RasAcd - ok
15:29:37.0760 0x0908  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:37.0791 0x0908  RasAgileVpn - ok
15:29:37.0806 0x0908  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:29:37.0853 0x0908  RasAuto - ok
15:29:37.0869 0x0908  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:37.0900 0x0908  Rasl2tp - ok
15:29:37.0947 0x0908  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:29:38.0025 0x0908  RasMan - ok
15:29:38.0040 0x0908  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:38.0103 0x0908  RasPppoe - ok
15:29:38.0196 0x0908  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:29:38.0274 0x0908  RasSstp - ok
15:29:38.0306 0x0908  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:29:38.0368 0x0908  rdbss - ok
15:29:38.0368 0x0908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:38.0384 0x0908  rdpbus - ok
15:29:38.0399 0x0908  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:38.0430 0x0908  RDPCDD - ok
15:29:38.0446 0x0908  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:29:38.0462 0x0908  RDPDR - ok
15:29:38.0493 0x0908  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:29:38.0524 0x0908  RDPENCDD - ok
15:29:38.0540 0x0908  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:29:38.0571 0x0908  RDPREFMP - ok
15:29:38.0586 0x0908  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:29:38.0618 0x0908  RDPWD - ok
15:29:38.0633 0x0908  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:29:38.0633 0x0908  rdyboost - ok
15:29:38.0664 0x0908  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:29:38.0696 0x0908  RemoteAccess - ok
15:29:38.0727 0x0908  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:29:38.0758 0x0908  RemoteRegistry - ok
15:29:38.0774 0x0908  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:29:38.0820 0x0908  RpcEptMapper - ok
15:29:38.0820 0x0908  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:29:38.0852 0x0908  RpcLocator - ok
15:29:38.0867 0x0908  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:29:38.0914 0x0908  RpcSs - ok
15:29:38.0945 0x0908  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:29:38.0976 0x0908  rspndr - ok
15:29:39.0039 0x0908  [ EA5532868BA76923D75BCB2A1448D810, C1489714C9BC95BB76134E6B8F28C5A3D044E9B2857F01BFEEEE7C8A25C74E7D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:39.0101 0x0908  RTL8167 - ok
15:29:39.0117 0x0908  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:29:39.0164 0x0908  s3cap - ok
15:29:39.0179 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
15:29:39.0195 0x0908  SamSs - ok
15:29:39.0210 0x0908  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:29:39.0226 0x0908  sbp2port - ok
15:29:39.0257 0x0908  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:29:39.0288 0x0908  SCardSvr - ok
15:29:39.0304 0x0908  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:29:39.0351 0x0908  scfilter - ok
15:29:39.0398 0x0908  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:29:39.0460 0x0908  Schedule - ok
15:29:39.0476 0x0908  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:29:39.0507 0x0908  SCPolicySvc - ok
15:29:39.0522 0x0908  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:29:39.0569 0x0908  SDRSVC - ok
15:29:39.0600 0x0908  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:29:39.0663 0x0908  secdrv - ok
15:29:39.0663 0x0908  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:29:39.0694 0x0908  seclogon - ok
15:29:39.0710 0x0908  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:29:39.0756 0x0908  SENS - ok
15:29:39.0772 0x0908  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:29:39.0803 0x0908  SensrSvc - ok
15:29:39.0803 0x0908  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:29:39.0819 0x0908  Serenum - ok
15:29:39.0850 0x0908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:29:39.0866 0x0908  Serial - ok
15:29:39.0881 0x0908  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:29:39.0912 0x0908  sermouse - ok
15:29:39.0944 0x0908  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:29:40.0006 0x0908  SessionEnv - ok
15:29:40.0006 0x0908  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:29:40.0022 0x0908  sffdisk - ok
15:29:40.0022 0x0908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:29:40.0053 0x0908  sffp_mmc - ok
15:29:40.0068 0x0908  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:29:40.0084 0x0908  sffp_sd - ok
15:29:40.0084 0x0908  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:29:40.0115 0x0908  sfloppy - ok
15:29:40.0131 0x0908  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:29:40.0178 0x0908  SharedAccess - ok
15:29:40.0209 0x0908  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:40.0256 0x0908  ShellHWDetection - ok
15:29:40.0271 0x0908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:29:40.0287 0x0908  SiSRaid2 - ok
15:29:40.0287 0x0908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:29:40.0302 0x0908  SiSRaid4 - ok
15:29:40.0302 0x0908  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:29:40.0349 0x0908  Smb - ok
15:29:40.0380 0x0908  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:29:40.0412 0x0908  SNMPTRAP - ok
15:29:40.0412 0x0908  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:29:40.0412 0x0908  spldr - ok
15:29:40.0458 0x0908  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
15:29:40.0490 0x0908  Spooler - ok
15:29:40.0646 0x0908  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:29:40.0786 0x0908  sppsvc - ok
15:29:40.0802 0x0908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:29:40.0833 0x0908  sppuinotify - ok
15:29:40.0864 0x0908  [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:29:40.0911 0x0908  srv - ok
15:29:40.0911 0x0908  [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:29:40.0958 0x0908  srv2 - ok
15:29:40.0958 0x0908  [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:29:41.0004 0x0908  srvnet - ok
15:29:41.0036 0x0908  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:29:41.0067 0x0908  SSDPSRV - ok
15:29:41.0067 0x0908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:29:41.0098 0x0908  SstpSvc - ok
15:29:41.0114 0x0908  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:29:41.0114 0x0908  stexstor - ok
15:29:41.0160 0x0908  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:29:41.0207 0x0908  stisvc - ok
15:29:41.0223 0x0908  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:29:41.0238 0x0908  storflt - ok
15:29:41.0254 0x0908  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:29:41.0301 0x0908  StorSvc - ok
15:29:41.0332 0x0908  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:29:41.0348 0x0908  storvsc - ok
15:29:41.0348 0x0908  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:29:41.0348 0x0908  swenum - ok
15:29:41.0379 0x0908  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:29:41.0426 0x0908  swprv - ok
15:29:41.0488 0x0908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:29:41.0566 0x0908  SysMain - ok
15:29:41.0566 0x0908  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:41.0597 0x0908  TabletInputService - ok
15:29:41.0628 0x0908  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:29:41.0675 0x0908  TapiSrv - ok
15:29:41.0675 0x0908  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:29:41.0706 0x0908  TBS - ok
15:29:41.0800 0x0908  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:29:41.0862 0x0908  Tcpip - ok
15:29:41.0909 0x0908  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:29:41.0940 0x0908  TCPIP6 - ok
15:29:41.0956 0x0908  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:29:41.0987 0x0908  tcpipreg - ok
15:29:42.0018 0x0908  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:29:42.0050 0x0908  TDPIPE - ok
15:29:42.0050 0x0908  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:29:42.0081 0x0908  TDTCP - ok
15:29:42.0081 0x0908  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:29:42.0112 0x0908  tdx - ok
15:29:42.0112 0x0908  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:29:42.0128 0x0908  TermDD - ok
15:29:42.0159 0x0908  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
15:29:42.0221 0x0908  TermService - ok
15:29:42.0237 0x0908  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:29:42.0252 0x0908  Themes - ok
15:29:42.0268 0x0908  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:29:42.0299 0x0908  THREADORDER - ok
15:29:42.0330 0x0908  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:29:42.0377 0x0908  TrkWks - ok
15:29:42.0408 0x0908  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:42.0471 0x0908  TrustedInstaller - ok
15:29:42.0486 0x0908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:42.0533 0x0908  tssecsrv - ok
15:29:42.0549 0x0908  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:29:42.0580 0x0908  TsUsbFlt - ok
15:29:42.0580 0x0908  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:29:42.0596 0x0908  TsUsbGD - ok
15:29:42.0627 0x0908  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:29:42.0674 0x0908  tunnel - ok
15:29:42.0674 0x0908  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:29:42.0674 0x0908  uagp35 - ok
15:29:42.0689 0x0908  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:29:42.0736 0x0908  udfs - ok
15:29:42.0767 0x0908  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:29:42.0783 0x0908  UI0Detect - ok
15:29:42.0798 0x0908  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:29:42.0814 0x0908  uliagpkx - ok
15:29:42.0845 0x0908  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:29:42.0876 0x0908  umbus - ok
15:29:42.0892 0x0908  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:29:42.0908 0x0908  UmPass - ok
15:29:42.0923 0x0908  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:29:42.0954 0x0908  UmRdpService - ok
15:29:43.0095 0x0908  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:29:43.0188 0x0908  UNS - ok
15:29:43.0298 0x0908  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:29:43.0376 0x0908  upnphost - ok
15:29:43.0391 0x0908  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:43.0407 0x0908  usbccgp - ok
15:29:43.0422 0x0908  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:29:43.0438 0x0908  usbcir - ok
15:29:43.0438 0x0908  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:29:43.0469 0x0908  usbehci - ok
15:29:43.0485 0x0908  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:29:43.0500 0x0908  usbhub - ok
15:29:43.0516 0x0908  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:29:43.0532 0x0908  usbohci - ok
15:29:43.0532 0x0908  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:29:43.0563 0x0908  usbprint - ok
15:29:43.0578 0x0908  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:43.0610 0x0908  USBSTOR - ok
15:29:43.0610 0x0908  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:29:43.0625 0x0908  usbuhci - ok
15:29:43.0656 0x0908  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:29:43.0688 0x0908  usbvideo - ok
15:29:43.0703 0x0908  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:29:43.0750 0x0908  UxSms - ok
15:29:43.0750 0x0908  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
15:29:43.0766 0x0908  VaultSvc - ok
15:29:43.0797 0x0908  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:29:43.0812 0x0908  vdrvroot - ok
15:29:43.0828 0x0908  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:29:43.0875 0x0908  vds - ok
15:29:43.0890 0x0908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:43.0906 0x0908  vga - ok
15:29:43.0906 0x0908  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:29:43.0937 0x0908  VgaSave - ok
15:29:43.0953 0x0908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:29:43.0953 0x0908  vhdmp - ok
15:29:43.0984 0x0908  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:29:43.0984 0x0908  viaide - ok
15:29:44.0000 0x0908  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:29:44.0015 0x0908  vmbus - ok
15:29:44.0015 0x0908  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:29:44.0031 0x0908  VMBusHID - ok
15:29:44.0031 0x0908  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:29:44.0046 0x0908  volmgr - ok
15:29:44.0062 0x0908  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:29:44.0078 0x0908  volmgrx - ok
15:29:44.0093 0x0908  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:29:44.0109 0x0908  volsnap - ok
15:29:44.0109 0x0908  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:29:44.0124 0x0908  vsmraid - ok
15:29:44.0187 0x0908  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:29:44.0265 0x0908  VSS - ok
15:29:44.0280 0x0908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:29:44.0296 0x0908  vwifibus - ok
15:29:44.0343 0x0908  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:29:44.0374 0x0908  W32Time - ok
15:29:44.0390 0x0908  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:29:44.0405 0x0908  WacomPen - ok
15:29:44.0421 0x0908  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:29:44.0452 0x0908  WANARP - ok
15:29:44.0468 0x0908  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:29:44.0483 0x0908  Wanarpv6 - ok
15:29:44.0546 0x0908  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:29:44.0608 0x0908  wbengine - ok
15:29:44.0639 0x0908  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:29:44.0655 0x0908  WbioSrvc - ok
15:29:44.0670 0x0908  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:29:44.0702 0x0908  wcncsvc - ok
15:29:44.0717 0x0908  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:44.0748 0x0908  WcsPlugInService - ok
15:29:44.0780 0x0908  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:29:44.0780 0x0908  Wd - ok
15:29:44.0811 0x0908  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:29:44.0826 0x0908  Wdf01000 - ok
15:29:44.0858 0x0908  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:29:44.0951 0x0908  WdiServiceHost - ok
15:29:44.0967 0x0908  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:29:44.0982 0x0908  WdiSystemHost - ok
15:29:45.0029 0x0908  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
15:29:45.0092 0x0908  WebClient - ok
15:29:45.0107 0x0908  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:29:45.0154 0x0908  Wecsvc - ok
15:29:45.0170 0x0908  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:29:45.0201 0x0908  wercplsupport - ok
15:29:45.0216 0x0908  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:29:45.0248 0x0908  WerSvc - ok
15:29:45.0279 0x0908  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:45.0341 0x0908  WfpLwf - ok
15:29:45.0357 0x0908  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:29:45.0357 0x0908  WIMMount - ok
15:29:45.0372 0x0908  WinDefend - ok
15:29:45.0372 0x0908  WinHttpAutoProxySvc - ok
15:29:45.0435 0x0908  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:29:45.0497 0x0908  Winmgmt - ok
15:29:45.0575 0x0908  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:29:45.0653 0x0908  WinRM - ok
15:29:45.0747 0x0908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:29:45.0794 0x0908  Wlansvc - ok
15:29:45.0794 0x0908  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:29:45.0825 0x0908  WmiAcpi - ok
15:29:45.0856 0x0908  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:29:45.0887 0x0908  wmiApSrv - ok
15:29:45.0903 0x0908  WMPNetworkSvc - ok
15:29:45.0918 0x0908  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:29:45.0950 0x0908  WPCSvc - ok
15:29:45.0950 0x0908  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:29:45.0981 0x0908  WPDBusEnum - ok
15:29:45.0996 0x0908  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:29:46.0028 0x0908  ws2ifsl - ok
15:29:46.0043 0x0908  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:29:46.0059 0x0908  wscsvc - ok
15:29:46.0059 0x0908  WSearch - ok
15:29:46.0199 0x0908  [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:29:46.0277 0x0908  wuauserv - ok
15:29:46.0308 0x0908  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:29:46.0340 0x0908  WudfPf - ok
15:29:46.0371 0x0908  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:46.0418 0x0908  WUDFRd - ok
15:29:46.0433 0x0908  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:29:46.0464 0x0908  wudfsvc - ok
15:29:46.0496 0x0908  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:29:46.0527 0x0908  WwanSvc - ok
15:29:46.0527 0x0908  ================ Scan global ===============================
15:29:46.0558 0x0908  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:29:46.0574 0x0908  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
15:29:46.0589 0x0908  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
15:29:46.0620 0x0908  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:29:46.0667 0x0908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:29:46.0667 0x0908  [ Global ] - ok
15:29:46.0667 0x0908  ================ Scan MBR ==================================
15:29:46.0683 0x0908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:29:46.0995 0x0908  \Device\Harddisk0\DR0 - ok
15:29:47.0010 0x0908  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
15:29:47.0198 0x0908  \Device\Harddisk1\DR2 - ok
15:29:47.0198 0x0908  ================ Scan VBR ==================================
15:29:47.0198 0x0908  [ 89D1AB1233242CFD4E0FE3FBBA9BD118 ] \Device\Harddisk0\DR0\Partition1
15:29:47.0213 0x0908  \Device\Harddisk0\DR0\Partition1 - ok
15:29:47.0213 0x0908  [ 869E5E48A1836D1DC3F649BD4C4485C6 ] \Device\Harddisk0\DR0\Partition2
15:29:47.0213 0x0908  \Device\Harddisk0\DR0\Partition2 - ok
15:29:47.0260 0x0908  [ 1B361C7270178149C181330B95D10C53 ] \Device\Harddisk0\DR0\Partition3
15:29:47.0260 0x0908  \Device\Harddisk0\DR0\Partition3 - ok
15:29:47.0276 0x0908  [ 45D471AD77DF25E105CDBD57E718F50A ] \Device\Harddisk1\DR2\Partition1
15:29:47.0276 0x0908  \Device\Harddisk1\DR2\Partition1 - ok
15:29:47.0354 0x0908  Win FW state via NFP2: enabled
15:29:49.0694 0x0908  ============================================================
15:29:49.0694 0x0908  Scan finished
15:29:49.0694 0x0908  ============================================================
15:29:49.0709 0x0a80  Detected object count: 0
15:29:49.0709 0x0a80  Actual detected object count: 0
15:30:11.0191 0x04e8  Deinitialize success
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ADMIN :: ADMIN-PC [administrator]

27.05.2014 15:34:01
mbar-log-2014-05-27 (15-34-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 240990
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
+systemlog

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4274700288, free: 3449090048

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4274700288, free: 3460562944

Downloaded database version: v2014.05.27.05
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
------------ Kernel report ------------
     05/27/2014 15:33:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\vgapnp.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa80039dd640
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa80050e4720
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004722060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80044b8060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004722b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80044b8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AECDB9E2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 199239680

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 199448574  Numsec = 728358914

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004214b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80050e4720, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7BCF32

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 7744449

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3965190144 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
         
__________________

Alt 28.05.2014, 11:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Was genau hast Du eigentlich für probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.05.2014, 15:00   #5
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Sämtliche Änderungen die ich vornehme werden beim Neustart rückgängig gemacht. Berechtigungen, die ich setze sind weg, Dienste die ich ausschalte schalten sich wieder ein. Administrative Freigaben sind aktiviert, lassen sich nicht abstellen, meine Registry-Datei ist 250mb groß, obwohl ich das System neu aufgespielt habe, darin sind die seltsamsten Einträge - Kann ich die vielleicht irgendwo hochladen, damit du dir daon ein Bild machen kannst? Achja, Remotedienste sind natürlich auch an und laut AVZ ist auch der anonyme login freigegeben - Ich wei0 nicht was ich noch machen soll!

Hier die AVZ4-Log

Code:
ATTFilter
AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 28.05.2014 14:10:22
Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.05.2014 04:00
Heuristic microprograms loaded: 405
PVS microprograms loaded: 9
Digital signatures of system files loaded: 663640
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 16
 Number of modules loaded: 334
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 In the database 317 port descriptions
 Opened at this PC: 36 TCP ports and 8 UDP ports
 Checking - complete; no suspicious ports detected
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 1574, extracted from archives: 923, malicious software found 0, suspicions - 0
Scanning finished at 28.05.2014 14:12:16
Time of scanning: 00:01:56
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address hxxp://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service hxxp://virusdetector.ru/
Network diagnostics
 DNS & Ping
  Host "yandex.ru", IP="213.180.204.11,93.158.134.11,213.180.193.11", Ping=OK (0,64,213.180.204.11)
  Host "google.ru", IP="173.194.112.23,173.194.112.24,173.194.112.31", Ping=OK (0,13,173.194.112.23)
  Host "google.com", IP="173.194.112.9,173.194.112.14,173.194.112.0,173.194.112.1,173.194.112.2,173.194.112.3,173.194.112.4,173.194.112.5,173.194.112.6,173.194.112.7,173.194.112.8", Ping=OK (0,14,173.194.112.9)
  Host "www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,18,195.27.252.18)
  Host "www.kaspersky.ru", IP="195.27.252.110", Ping=OK (0,21,195.27.252.110)
  Host "dnl-03.geo.kaspersky.com", IP="212.73.221.202", Ping=OK (0,20,212.73.221.202)
  Host "dnl-11.geo.kaspersky.com", IP="80.239.174.38", Ping=OK (0,24,80.239.174.38)
  Host "activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host "odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,68,217.20.147.94)
  Host "vk.com", IP="87.240.143.241,87.240.131.117,87.240.131.118", Ping=OK (0,49,87.240.143.241)
  Host "vkontakte.ru", IP="87.240.156.167,87.240.156.168,87.240.156.166", Ping=OK (0,53,87.240.156.167)
  Host "twitter.com", IP="199.16.156.230,199.16.156.6,199.16.156.102,199.16.156.198", Ping=OK (0,126,199.16.156.230)
  Host "facebook.com", IP="173.252.110.27", Ping=OK (0,114,173.252.110.27)
  Host "ru-ru.facebook.com", IP="173.252.73.52,69.171.237.20", Ping=OK (0,164,173.252.73.52)
 IE Setup
  AutoConfigURL=""
  AutoConfigProxy="wininet.dll"
  ProxyOverride=""
  ProxyServer=""
Network TCP/IP settings

 System Analysis - complete
         
und OSAM:


Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:12:00 on 28.05.2014

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 29.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[x] Trusted entries
[x] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[x] Non-startable services
[x] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\Windows\system32\autochk.exe  (File signed by Microsoft)

[Common]
-----( %SystemRoot%\Tasks )-----
-----( HKCU\SOFTWARE\Classes\exefile\shell\open\command )-----
-----( HKCU\SOFTWARE\Microsoft\Command Processor )-----
-----( HKCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps )-----
-----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )-----
"{Default}" - ? - "%1" %*  (System default value)
-----( HKLM\SOFTWARE\Microsoft\Command Processor )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options )-----
-----( HKLM\SOFTWARE\Microsoft\Windows Script Host\Locations )-----
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )-----

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"appwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\appwiz.cpl  (File signed by Microsoft)
"bthprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\bthprops.cpl  (File signed by Microsoft)
"collab.cpl" - "Microsoft Corporation" - C:\Windows\system32\collab.cpl  (File signed by Microsoft)
"desk.cpl" - "Microsoft Corporation" - C:\Windows\system32\desk.cpl  (File signed by Microsoft)
"Firewall.cpl" - "Microsoft Corporation" - C:\Windows\system32\Firewall.cpl  (File signed by Microsoft)
"hdwwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\hdwwiz.cpl  (File signed by Microsoft)
"inetcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\inetcpl.cpl  (File signed by Microsoft)
"infocardcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\infocardcpl.cpl  (File signed by Microsoft)
"intl.cpl" - "Microsoft Corporation" - C:\Windows\system32\intl.cpl  (File signed by Microsoft)
"irprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\irprops.cpl  (File signed by Microsoft)
"joy.cpl" - "Microsoft Corporation" - C:\Windows\system32\joy.cpl  (File signed by Microsoft)
"main.cpl" - "Microsoft Corporation" - C:\Windows\system32\main.cpl  (File signed by Microsoft)
"mmsys.cpl" - "Microsoft Corporation" - C:\Windows\system32\mmsys.cpl  (File signed by Microsoft)
"ncpa.cpl" - "Microsoft Corporation" - C:\Windows\system32\ncpa.cpl  (File signed by Microsoft)
"powercfg.cpl" - "Microsoft Corporation" - C:\Windows\system32\powercfg.cpl  (File signed by Microsoft)
"sysdm.cpl" - "Microsoft Corporation" - C:\Windows\system32\sysdm.cpl  (File signed by Microsoft)
"TabletPC.cpl" - "Microsoft Corporation" - C:\Windows\system32\TabletPC.cpl  (File signed by Microsoft)
"telephon.cpl" - "Microsoft Corporation" - C:\Windows\system32\telephon.cpl  (File signed by Microsoft)
"timedate.cpl" - "Microsoft Corporation" - C:\Windows\system32\timedate.cpl  (File signed by Microsoft)
"wscui.cpl" - "Microsoft Corporation" - C:\Windows\system32\wscui.cpl  (File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"1394 OHCI Compliant Host Controller" (1394ohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\1394ohci.sys  (File signed by Microsoft)
"1394 OHCI Compliant Host Controller (Legacy)" (ohci1394) - "Microsoft Corporation" - C:\Windows\system32\drivers\ohci1394.sys  (File signed by Microsoft)
"@%systemroot%\system32\appidsvc.dll,-102" (AppID) - "Microsoft Corporation" - C:\Windows\system32\drivers\appid.sys  (File signed by Microsoft)
"@%systemroot%\system32\browser.dll,-102" (bowser) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bowser.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\clfs.sys,-100" (CLFS) - "Microsoft Corporation" - C:\Windows\System32\CLFS.sys  (File signed by Microsoft)
"@%systemroot%\system32\cscsvc.dll,-202" (CSC) - "Microsoft Corporation" - C:\Windows\System32\drivers\csc.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\afd.sys,-1000" (AFD) - "Microsoft Corporation" - C:\Windows\system32\drivers\afd.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\dfsc.sys,-101" (DfsC) - "Microsoft Corporation" - C:\Windows\System32\Drivers\dfsc.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\discache.sys,-102" (discache) - "Microsoft Corporation" - C:\Windows\System32\drivers\discache.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\fileinfo.sys,-100" (FileInfo) - "Microsoft Corporation" - C:\Windows\System32\drivers\fileinfo.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\filetrace.sys,-10001" (Filetrace) - "Microsoft Corporation" - C:\Windows\System32\drivers\filetrace.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\fltmgr.sys,-10001" (FltMgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\fltmgr.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\fsdepends.sys,-10001" (FsDepends) - "Microsoft Corporation" - C:\Windows\System32\drivers\FsDepends.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\fvevol.sys,-100" (fvevol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fvevol.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\http.sys,-1" (HTTP) - "Microsoft Corporation" - C:\Windows\System32\drivers\HTTP.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\hwpolicy.sys,-101" (hwpolicy) - "Microsoft Corporation" - C:\Windows\System32\drivers\hwpolicy.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\irenum.sys,-100" (IRENUM) - "Microsoft Corporation" - C:\Windows\System32\drivers\irenum.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\luafv.sys,-100" (luafv) - "Microsoft Corporation" - C:\Windows\system32\drivers\luafv.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\mountmgr.sys,-100" (mountmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\mountmgr.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100" (mshidkmdf) - "Microsoft Corporation" - C:\Windows\System32\drivers\mshidkmdf.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\mup.sys,-101" (Mup) - "Microsoft Corporation" - C:\Windows\System32\Drivers\mup.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\ndis.sys,-200" (NDIS) - "Microsoft Corporation" - C:\Windows\System32\drivers\ndis.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\netbt.sys,-2" (NetBT) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbt.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\nsiproxy.sys,-2" (nsiproxy) - "Microsoft Corporation" - C:\Windows\System32\drivers\nsiproxy.sys  (File signed by Microsoft)
"@%SystemRoot%\System32\drivers\pacer.sys,-101" (Psched) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\pacer.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\partmgr.sys,-100" (partmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\partmgr.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\qwavedrv.sys,-1" (QWAVEdrv) - "Microsoft Corporation" - C:\Windows\system32\drivers\qwavedrv.sys  (File signed by Microsoft)
"@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100" (RDPCDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\RDPCDD.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\RDPENCDD.sys,-101" (RDPENCDD) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpencdd.sys  (File signed by Microsoft)
"@%systemroot%\system32\drivers\RdpRefMp.sys,-101" (RDPREFMP) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdprefmp.sys  (File signed by Microsoft)
"@%SystemRoot%\System32\drivers\scfilter.sys,-11" (scfilter) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\scfilter.sys  (File signed by Microsoft)
"@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101" (tssecsrv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tssecsrv.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000" (TsUsbFlt) - "Microsoft Corporation" - C:\Windows\System32\drivers\tsusbflt.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\drivers\volmgrx.sys,-100" (volmgrx) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgrx.sys  (File signed by Microsoft)
"@%systemroot%\System32\drivers\ws2ifsl.sys,-1000" (ws2ifsl) - "Microsoft Corporation" - C:\Windows\system32\drivers\ws2ifsl.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\FirewallAPI.dll,-23092" (mpsdrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\mpsdrv.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32000" (AsyncMac) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\asyncmac.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32001" (NdisTapi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndistapi.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32002" (NdisWan) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiswan.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32005" (Rasl2tp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasl2tp.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32006" (PptpMiniport) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspptp.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32007" (RasPppoe) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspppoe.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32011" (WANARP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32012" (Wanarpv6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys  (File signed by Microsoft)
"@%systemroot%\system32\rascfg.dll,-32013" (IpFilterDriver) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ipfltdrv.sys  (File signed by Microsoft)
"@%systemroot%\system32\srvsvc.dll,-102" (srv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv.sys  (File signed by Microsoft)
"@%systemroot%\system32\srvsvc.dll,-104" (srv2) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv2.sys  (File signed by Microsoft)
"@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rassstp.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\tcpipcfg.dll,-50003" (Tcpip) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpip.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tdx.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\tcpipcfg.dll,-50005" (Smb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\smb.sys  (File signed by Microsoft)
"@%SystemRoot%\system32\vmstorfltres.dll,-1000" (storflt) - "Microsoft Corporation" - C:\Windows\System32\drivers\vmstorfl.sys  (File signed by Microsoft)
"@%systemroot%\system32\webclnt.dll,-104" (MRxDAV) - "Microsoft Corporation" - C:\Windows\system32\drivers\mrxdav.sys  (File signed by Microsoft)
"@%systemroot%\system32\wkssvc.dll,-1000" (rdbss) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdbss.sys  (File signed by Microsoft)
"@%systemroot%\system32\wkssvc.dll,-1002" (mrxsmb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb.sys  (File signed by Microsoft)
"@%systemroot%\system32\wkssvc.dll,-1004" (mrxsmb10) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb10.sys  (File signed by Microsoft)
"@%systemroot%\system32\wkssvc.dll,-1006" (mrxsmb20) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb20.sys  (File signed by Microsoft)
"ACPI Power Meter Driver" (AcpiPmi) - "Microsoft Corporation" - C:\Windows\system32\drivers\acpipmi.sys  (File signed by Microsoft)
"adp94xx" (adp94xx) - "Adaptec, Inc." - C:\Windows\system32\drivers\adp94xx.sys  (File signed by Microsoft)
"adpahci" (adpahci) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpahci.sys  (File signed by Microsoft)
"adpu320" (adpu320) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpu320.sys  (File signed by Microsoft)
"aliide" (aliide) - "Acer Laboratories Inc." - C:\Windows\system32\drivers\aliide.sys  (File signed by Microsoft)
"AMD K8 Processor Driver" (AmdK8) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdk8.sys  (File signed by Microsoft)
"AMD Processor Driver" (AmdPPM) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdppm.sys  (File signed by Microsoft)
"amdide" (amdide) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdide.sys  (File signed by Microsoft)
"amdsata" (amdsata) - "Advanced Micro Devices" - C:\Windows\system32\drivers\amdsata.sys  (File signed by Microsoft)
"amdsbs" (amdsbs) - "AMD Technologies Inc." - C:\Windows\system32\drivers\amdsbs.sys  (File signed by Microsoft)
"amdxata" (amdxata) - "Advanced Micro Devices" - C:\Windows\System32\drivers\amdxata.sys  (File signed by Microsoft)
"arc" (arc) - "Adaptec, Inc." - C:\Windows\system32\drivers\arc.sys  (File signed by Microsoft)
"arcsas" (arcsas) - "Adaptec, Inc." - C:\Windows\system32\drivers\arcsas.sys  (File signed by Microsoft)
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"aswStm" (aswStm) - "AVAST Software" - C:\Windows\system32\drivers\aswStm.sys
"avast! HardwareID" (aswHwid) - ? - C:\Windows\system32\drivers\aswHwid.sys
"avast! Revert" (aswRvrt) - ? - C:\Windows\system32\drivers\aswRvrt.sys
"avast! VM Monitor" (aswVmm) - ? - C:\Windows\system32\drivers\aswVmm.sys
"AVZ-RK Kernel Driver" (uzmynzgy) - ? - C:\Windows\system32\Drivers\uzmynzgy.sys  (File not found)
"Beep" (Beep) - "Microsoft Corporation" - C:\Windows\system32\drivers\Beep.sys  (File signed by Microsoft)
"blbdrive" (blbdrive) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\blbdrive.sys  (File signed by Microsoft)
"Bluetooth Serial Communications Driver" (BTHMODEM) - "Microsoft Corporation" - C:\Windows\system32\drivers\bthmodem.sys  (File signed by Microsoft)
"Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" (b57nd60a) - "Broadcom Corporation" - C:\Windows\System32\DRIVERS\b57nd60a.sys  (File signed by Microsoft)
"Broadcom NetXtreme II 10 GigE VBD" (ebdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\evbda.sys  (File signed by Microsoft)
"Broadcom NetXtreme II VBD" (b06bdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\bxvbda.sys  (File signed by Microsoft)
"Brother MFC Serial Port Interface Driver (WDM)" (Brserid) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\Brserid.sys  (File signed by Microsoft)
"Brother MFC USB Fax Only Modem" (BrUsbMdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbMdm.sys  (File signed by Microsoft)
"Brother MFC USB Serial WDM Driver" (BrUsbSer) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbSer.sys  (File signed by Microsoft)
"Brother USB Mass-Storage Lower Filter Driver" (BrFiltLo) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltLo.sys  (File signed by Microsoft)
"Brother USB Mass-Storage Upper Filter Driver" (BrFiltUp) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltUp.sys  (File signed by Microsoft)
"Brother WDM Serial driver" (BrSerWdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrSerWdm.sys  (File signed by Microsoft)
"BTHORM" (BTHORM) - "Toolwiz.com" - C:\Windows\System32\Drivers\BTHORM.sys
"Busenumeratortreiber für Verbundgeräte" (CompositeBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CompositeBus.sys  (File signed by Microsoft)
"CD-ROM-Laufwerktreiber" (cdrom) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdrom.sys  (File signed by Microsoft)
"CD/DVD File System Reader" (cdfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdfs.sys  (File signed by Microsoft)
"cmdide" (cmdide) - "CMD Technology, Inc." - C:\Windows\system32\drivers\cmdide.sys  (File signed by Microsoft)
"CNG" (CNG) - "Microsoft Corporation" - C:\Windows\System32\Drivers\cng.sys  (File signed by Microsoft)
"Consumer IR Devices" (circlass) - "Microsoft Corporation" - C:\Windows\system32\drivers\circlass.sys  (File signed by Microsoft)
"Crcdisk Filter Driver" (crcdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\crcdisk.sys  (File signed by Microsoft)
"dmvsc" (dmvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\dmvsc.sys  (File signed by Microsoft)
"eHome Infrared Receiver (USBCIR)" (usbcir) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbcir.sys  (File signed by Microsoft)
"elxstor" (elxstor) - "Emulex" - C:\Windows\system32\drivers\elxstor.sys  (File signed by Microsoft)
"Enumerator-Treiber für Microsoft Virtual Drive" (vdrvroot) - "Microsoft Corporation" - C:\Windows\System32\drivers\vdrvroot.sys  (File signed by Microsoft)
"exFAT File System Driver" (exfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\exfat.sys  (File signed by Microsoft)
"FAT12/16/32 File System Driver" (fastfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\fastfat.sys  (File signed by Microsoft)
"Floppy Disk Controller Driver" (fdc) - "Microsoft Corporation" - C:\Windows\system32\drivers\fdc.sys  (File signed by Microsoft)
"Floppy Disk Driver" (flpydisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\flpydisk.sys  (File signed by Microsoft)
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\Windows\system32\drivers\Fs_Rec.sys  (File signed by Microsoft)
"Hauppauge Consumer Infrared Receiver" (hcw85cir) - "Hauppauge Computer Works, Inc." - C:\Windows\system32\drivers\hcw85cir.sys  (File signed by Microsoft)
"HID UPS Battery Driver" (HidBatt) - "Microsoft Corporation" - C:\Windows\system32\drivers\HidBatt.sys  (File signed by Microsoft)
"High-Capacity Floppy Disk Drive" (sfloppy) - "Microsoft Corporation" - C:\Windows\system32\drivers\sfloppy.sys  (File signed by Microsoft)
"HpSAMD" (HpSAMD) - "Hewlett-Packard Company" - C:\Windows\system32\drivers\HpSAMD.sys  (File signed by Microsoft)
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\i8042prt.sys  (File signed by Microsoft)
"iaStorV" (iaStorV) - "Intel Corporation" - C:\Windows\system32\drivers\iaStorV.sys  (File signed by Microsoft)
"IDE-Kanal" (atapi) - "Microsoft Corporation" - C:\Windows\System32\drivers\atapi.sys  (File signed by Microsoft)
"iirsp" (iirsp) - "Intel Corp./ICP vortex GmbH" - C:\Windows\system32\drivers\iirsp.sys  (File signed by Microsoft)
"Intel AGP Bus Filter" (agp440) - "Microsoft Corporation" - C:\Windows\system32\drivers\agp440.sys  (File signed by Microsoft)
"Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\Windows\System32\DRIVERS\iaStor.sys  (File signed by Microsoft)
"Intel(R) Management Engine Interface" (MEIx64) - "Intel Corporation" - C:\Windows\System32\DRIVERS\HECIx64.sys  (File signed by Microsoft)
"Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\intelppm.sys  (File signed by Microsoft)
"intelide" (intelide) - "Microsoft Corporation" - C:\Windows\system32\drivers\intelide.sys  (File signed by Microsoft)
"Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter" (AMPPAL) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AMPPAL.sys  (File signed by Microsoft)
"IP Network Address Translator" (IPNAT) - "Microsoft Corporation" - C:\Windows\System32\drivers\ipnat.sys  (File signed by Microsoft)
"IPMIDRV" (IPMIDRV) - "Microsoft Corporation" - C:\Windows\system32\drivers\IPMIDrv.sys  (File signed by Microsoft)
"isapnp" (isapnp) - "Microsoft Corporation" - C:\Windows\system32\drivers\isapnp.sys  (File signed by Microsoft)
"iScsiPort Driver" (iScsiPrt) - "Microsoft Corporation" - C:\Windows\system32\drivers\msiscsi.sys  (File signed by Microsoft)
"Kernel Mode Driver Frameworks service" (Wdf01000) - "Microsoft Corporation" - C:\Windows\System32\drivers\Wdf01000.sys  (File signed by Microsoft)
"Kernel Streaming Thunks" (ksthunk) - "Microsoft Corporation" - C:\Windows\system32\drivers\ksthunk.sys  (File signed by Microsoft)
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecdd.sys  (File signed by Microsoft)
"KSecPkg" (KSecPkg) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecpkg.sys  (File signed by Microsoft)
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\Windows\System32\drivers\disk.sys  (File signed by Microsoft)
"LDDM Graphics Subsystem" (DXGKrnl) - "Microsoft Corporation" - C:\Windows\System32\drivers\dxgkrnl.sys  (File signed by Microsoft)
"Link-Layer Topology Discovery Mapper I/O Driver" (lltdio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\lltdio.sys  (File signed by Microsoft)
"Link-Layer Topology Discovery Responder" (rspndr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rspndr.sys  (File signed by Microsoft)
"LSI_FC" (LSI_FC) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_fc.sys  (File signed by Microsoft)
"LSI_SAS" (LSI_SAS) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas.sys  (File signed by Microsoft)
"LSI_SAS2" (LSI_SAS2) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas2.sys  (File signed by Microsoft)
"LSI_SCSI" (LSI_SCSI) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_scsi.sys  (File signed by Microsoft)
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouhid.sys  (File signed by Microsoft)
"Mausklassentreiber" (mouclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouclass.sys  (File signed by Microsoft)
"megasas" (megasas) - "LSI Corporation" - C:\Windows\system32\drivers\megasas.sys  (File signed by Microsoft)
"MegaSR" (MegaSR) - "LSI Corporation, Inc." - C:\Windows\system32\drivers\MegaSR.sys  (File signed by Microsoft)
"Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst" (HdAudAddService) - "Microsoft Corporation" - C:\Windows\System32\drivers\HdAudio.sys  (File signed by Microsoft)
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\Windows\System32\drivers\ACPI.sys  (File signed by Microsoft)
"Microsoft AGPv3.5 Filter" (uagp35) - "Microsoft Corporation" - C:\Windows\system32\drivers\uagp35.sys  (File signed by Microsoft)
"Microsoft Bluetooth HID Miniport" (HidBth) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidbth.sys  (File signed by Microsoft)
"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\compbatt.sys  (File signed by Microsoft)
"Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms" (gagp30kx) - "Microsoft Corporation" - C:\Windows\system32\drivers\gagp30kx.sys  (File signed by Microsoft)
"Microsoft Hardware Error Device Driver" (ErrDev) - "Microsoft Corporation" - C:\Windows\system32\drivers\errdev.sys  (File signed by Microsoft)
"Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\hidusb.sys  (File signed by Microsoft)
"Microsoft Infrared HID Driver" (HidIr) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidir.sys  (File signed by Microsoft)
"Microsoft Input Configuration Driver" (MTConfig) - "Microsoft Corporation" - C:\Windows\system32\drivers\MTConfig.sys  (File signed by Microsoft)
"Microsoft IPv6 Protocol Driver" (TCPIP6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tcpip.sys  (File signed by Microsoft)
"Microsoft Monitor-Klassenfunktionstreiber-Dienst" (monitor) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\monitor.sys  (File signed by Microsoft)
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPCLOCK.sys  (File signed by Microsoft)
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPQM.sys  (File signed by Microsoft)
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbccgp.sys  (File signed by Microsoft)
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSKSSRV.sys  (File signed by Microsoft)
"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSTEE.sys  (File signed by Microsoft)
"Microsoft Trusted Audio Drivers" (drmkaud) - "Microsoft Corporation" - C:\Windows\System32\drivers\drmkaud.sys  (File signed by Microsoft)
"Microsoft UMPass Driver" (UmPass) - "Microsoft Corporation" - C:\Windows\system32\drivers\umpass.sys  (File signed by Microsoft)
"Microsoft USB Open Host Controller Miniport Driver" (usbohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbohci.sys  (File signed by Microsoft)
"Microsoft USB PRINTER Class" (usbprint) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbprint.sys  (File signed by Microsoft)
"Microsoft USB Universal Host Controller Miniport Driver" (usbuhci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbuhci.sys  (File signed by Microsoft)
"Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbhub.sys  (File signed by Microsoft)
"Microsoft Virtual WiFi Miniport Service" (vwifimp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifimp.sys  (File signed by Microsoft)
"Microsoft Windows Management Interface for ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wmiacpi.sys  (File signed by Microsoft)
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mssmbios.sys  (File signed by Microsoft)
"Microsoft-Tunnelminiport-Adaptertreiber" (tunnel) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tunnel.sys  (File signed by Microsoft)
"Microsoft-UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\HDAudBus.sys  (File signed by Microsoft)
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbehci.sys  (File signed by Microsoft)
"Modem" (Modem) - "Microsoft Corporation" - C:\Windows\System32\drivers\modem.sys  (File signed by Microsoft)
"mpio" (mpio) - "Microsoft Corporation" - C:\Windows\system32\drivers\mpio.sys  (File signed by Microsoft)
"msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys  (File signed by Microsoft)
"msdsm" (msdsm) - "Microsoft Corporation" - C:\Windows\system32\drivers\msdsm.sys  (File signed by Microsoft)
"Msfs" (Msfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Msfs.sys  (File signed by Microsoft)
"msisadrv" (msisadrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\msisadrv.sys  (File signed by Microsoft)
"MsRPC" (MsRPC) - "Microsoft Corporation" - C:\Windows\system32\drivers\MsRPC.sys  (File signed by Microsoft)
"NativeWiFi Filter" (NativeWifiP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\nwifi.sys  (File signed by Microsoft)
"NDIS Capture LightWeight Filter" (NdisCap) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiscap.sys  (File signed by Microsoft)
"NDIS Usermode I/O Protocol" (Ndisuio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndisuio.sys  (File signed by Microsoft)
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\Windows\system32\drivers\NDProxy.sys  (File signed by Microsoft)
"NetBIOS Interface" (NetBIOS) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbios.sys  (File signed by Microsoft)
"nfrd960" (nfrd960) - "IBM Corporation" - C:\Windows\system32\drivers\nfrd960.sys  (File signed by Microsoft)
"Npfs" (Npfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Npfs.sys  (File signed by Microsoft)
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Ntfs.sys  (File signed by Microsoft)
"Null" (Null) - "Microsoft Corporation" - C:\Windows\system32\drivers\Null.sys  (File signed by Microsoft)
"NVIDIA nForce AGP Bus Filter" (nv_agp) - "Microsoft Corporation" - C:\Windows\system32\drivers\nv_agp.sys  (File signed by Microsoft)
"nvraid" (nvraid) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvraid.sys  (File signed by Microsoft)
"nvstor" (nvstor) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvstor.sys  (File signed by Microsoft)
"Parallel port driver" (Parport) - "Microsoft Corporation" - C:\Windows\system32\drivers\parport.sys  (File signed by Microsoft)
"PCI-Bus-Treiber" (pci) - "Microsoft Corporation" - C:\Windows\System32\drivers\pci.sys  (File signed by Microsoft)
"pciide" (pciide) - "Microsoft Corporation" - C:\Windows\system32\drivers\pciide.sys  (File signed by Microsoft)
"pcmcia" (pcmcia) - "Microsoft Corporation" - C:\Windows\system32\drivers\pcmcia.sys  (File signed by Microsoft)
"PEAUTH" (PEAUTH) - "Microsoft Corporation" - C:\Windows\System32\drivers\peauth.sys  (File signed by Microsoft)
"Performance Counters for Windows Driver" (pcw) - "Microsoft Corporation" - C:\Windows\System32\drivers\pcw.sys  (File signed by Microsoft)
"Processor Driver" (Processor) - "Microsoft Corporation" - C:\Windows\system32\drivers\processr.sys  (File signed by Microsoft)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf_amd64.sys
"ql2300" (ql2300) - "QLogic Corporation" - C:\Windows\system32\drivers\ql2300.sys  (File signed by Microsoft)
"ql40xx" (ql40xx) - "QLogic Corporation" - C:\Windows\system32\drivers\ql40xx.sys  (File signed by Microsoft)
"Qualcomm Atheros Extensible Wireless LAN device driver" (athr) - "Qualcomm Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\athrx.sys  (File signed by Microsoft)
"RDP Winstation Driver" (RDPWD) - "Microsoft Corporation" - C:\Windows\system32\drivers\RDPWD.sys  (File signed by Microsoft)
"ReadyBoost" (rdyboost) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdyboost.sys  (File signed by Microsoft)
"Realtek 8167 NT Driver" (RTL8167) - "Realtek                                            " - C:\Windows\System32\DRIVERS\Rt64win7.sys  (File signed by Microsoft)
"Remote Access Auto Connection Driver" (RasAcd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasacd.sys  (File signed by Microsoft)
"Remote Desktop Device Redirector Bus Driver" (rdpbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdpbus.sys  (File signed by Microsoft)
"Remote Desktop Generic USB Device" (TsUsbGD) - "Microsoft Corporation" - C:\Windows\system32\drivers\TsUsbGD.sys  (File signed by Microsoft)
"s3cap" (s3cap) - "Microsoft Corporation" - C:\Windows\system32\drivers\vms3cap.sys  (File signed by Microsoft)
"sbp2port" (sbp2port) - "Microsoft Corporation" - C:\Windows\system32\drivers\sbp2port.sys  (File signed by Microsoft)
"Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys  (File signed by Microsoft)
"Security Processor Loader Driver" (spldr) - "Microsoft Corporation" - C:\Windows\system32\drivers\spldr.sys  (File signed by Microsoft)
"Serenum Filter Driver" (Serenum) - "Microsoft Corporation" - C:\Windows\system32\drivers\serenum.sys  (File signed by Microsoft)
"Serial" (Serial) - "Microsoft Corporation" - C:\Windows\system32\drivers\serial.sys  (File signed by Microsoft)
"Serial Mouse Driver" (sermouse) - "Microsoft Corporation" - C:\Windows\system32\drivers\sermouse.sys  (File signed by Microsoft)
"Service for NVIDIA High Definition Audio Driver" (NVHDA) - "NVIDIA Corporation" - C:\Windows\System32\drivers\nvhda64v.sys  (File signed by Microsoft)
"SFF Storage Class Driver" (sffdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffdisk.sys  (File signed by Microsoft)
"SFF Storage Protocol Driver for MMC" (sffp_mmc) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_mmc.sys  (File signed by Microsoft)
"SFF Storage Protocol Driver for SDBus" (sffp_sd) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_sd.sys  (File signed by Microsoft)
"SiSRaid2" (SiSRaid2) - "Silicon Integrated Systems Corp." - C:\Windows\system32\drivers\SiSRaid2.sys  (File signed by Microsoft)
"SiSRaid4" (SiSRaid4) - "Silicon Integrated Systems" - C:\Windows\system32\drivers\sisraid4.sys  (File signed by Microsoft)
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\swenum.sys  (File signed by Microsoft)
"Speichervolumes" (volsnap) - "Microsoft Corporation" - C:\Windows\System32\drivers\volsnap.sys  (File signed by Microsoft)
"srvnet" (srvnet) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srvnet.sys  (File signed by Microsoft)
"stexstor" (stexstor) - "Promise Technology" - C:\Windows\system32\drivers\stexstor.sys  (File signed by Microsoft)
"storvsc" (storvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\storvsc.sys  (File signed by Microsoft)
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdhid.sys  (File signed by Microsoft)
"Tastaturklassentreiber" (kbdclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdclass.sys  (File signed by Microsoft)
"TCP/IP Registry Compatibility" (tcpipreg) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpipreg.sys  (File signed by Microsoft)
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdpipe.sys  (File signed by Microsoft)
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdtcp.sys  (File signed by Microsoft)
"Terminal Server Device Redirector Driver" (RDPDR) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpdr.sys  (File signed by Microsoft)
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\termdd.sys  (File signed by Microsoft)
"Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku" (CmBatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CmBatt.sys  (File signed by Microsoft)
"Treiber für Volume-Manager" (volmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgr.sys  (File signed by Microsoft)
"udfs" (udfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\udfs.sys  (File signed by Microsoft)
"Uli AGP Bus Filter" (uliagpkx) - "Microsoft Corporation" - C:\Windows\system32\drivers\uliagpkx.sys  (File signed by Microsoft)
"UMBusenumerator-Treiber" (umbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\umbus.sys  (File signed by Microsoft)
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\USBSTOR.SYS  (File signed by Microsoft)
"USB-Videogerät (WDM)" (usbvideo) - "Microsoft Corporation" - C:\Windows\System32\Drivers\usbvideo.sys  (File signed by Microsoft)
"User Mode Driver Frameworks Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\Windows\System32\drivers\WudfPf.sys  (File signed by Microsoft)
"vga" (vga) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vgapnp.sys  (File signed by Microsoft)
"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\Windows\System32\drivers\vga.sys  (File signed by Microsoft)
"vhdmp" (vhdmp) - "Microsoft Corporation" - C:\Windows\system32\drivers\vhdmp.sys  (File signed by Microsoft)
"viaide" (viaide) - "VIA Technologies, Inc." - C:\Windows\system32\drivers\viaide.sys  (File signed by Microsoft)
"Virtual WiFi Filter Driver" (VWiFiFlt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwififlt.sys  (File signed by Microsoft)
"Virtueller WiFi-Bustreiber" (vwifibus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifibus.sys  (File signed by Microsoft)
"vmbus" (vmbus) - "Microsoft Corporation" - C:\Windows\system32\drivers\vmbus.sys  (File signed by Microsoft)
"VMBusHID" (VMBusHID) - "Microsoft Corporation" - C:\Windows\system32\drivers\VMBusHID.sys  (File signed by Microsoft)
"vsmraid" (vsmraid) - "VIA Technologies Inc.,Ltd" - C:\Windows\system32\drivers\vsmraid.sys  (File signed by Microsoft)
"Wacom Serial Pen HID Driver" (WacomPen) - "Microsoft Corporation" - C:\Windows\system32\drivers\wacompen.sys  (File signed by Microsoft)
"WAN Miniport (IKEv2)" (RasAgileVpn) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\AgileVpn.sys  (File signed by Microsoft)
"Wd" (Wd) - "Microsoft Corporation" - C:\Windows\system32\drivers\wd.sys  (File signed by Microsoft)
"WFP Lightweight Filter" (WfpLwf) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wfplwf.sys  (File signed by Microsoft)
"WIMMount" (WIMMount) - "Microsoft Corporation" - C:\Windows\System32\drivers\wimmount.sys  (File signed by Microsoft)
"WUDFRd" (WUDFRd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\WUDFRd.sys  (File signed by Microsoft)

[Explorer]
-----( HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP  (File signed by Microsoft)
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig  (File signed by Microsoft)
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows" - "Microsoft Corporation" - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE  (File signed by Microsoft)
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /ShowWMP  (File signed by Microsoft)
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI  (File signed by Microsoft)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install  (File signed by Microsoft)
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll  (File signed by Microsoft)
{89820200-ECBD-11cf-8B85-00AA005B4383} "Web Platform Customizations" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings  (File signed by Microsoft)
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll  (File signed by Microsoft)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
-----( HKLM\Software\Classes\Protocols\Filter )-----
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll  (File signed by Microsoft)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll  (File signed by Microsoft)
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\inetcomm.dll  (File signed by Microsoft)
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll  (File signed by Microsoft)
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll  (File signed by Microsoft)
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll  (File signed by Microsoft)
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll  (File signed by Microsoft)
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll  (File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{00C6D95F-329C-409a-81D7-C46C66EA7F33} "DefaultLocation" - "Microsoft Corporation" - C:\Windows\System32\shdocvw.dll  (File signed by Microsoft)
{80009818-f38f-4af1-87b5-eadab9433e58} "MF ADTS Property Handler" - "Microsoft Corporation" - C:\Windows\System32\mf.dll  (File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\Windows\SysWOW64\ieframe.dll  (File signed by Microsoft)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll  (File signed by Microsoft)
"Notification packages" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\kerberos.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\schannel.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\wdigest.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\tspkg.dll  (File signed by Microsoft)
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\pku2u.dll  (File signed by Microsoft)
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\Windows\system32\credssp.dll  (File signed by Microsoft)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )-----
-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )-----
-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )-----
-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows )-----
-----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )-----
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )-----
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"WinPatrol" - "BillP Studios" - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices )-----
-----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff )-----
-----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\Windows\explorer.exe  (File signed by Microsoft)
"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe  (File signed by Microsoft)
-----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )-----
-----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )-----
-----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown )-----
-----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup )-----
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\Windows\system32\rdpclip.exe  (File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AvastUI.exe" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"THGuard" - "Mischel Internet Security" - "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
"TrojanScanner" - "Simply Super Software" - C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices )-----
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce )-----

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Terminal Services" - "Microsoft Corporation" - C:\Windows\System32\drprov.dll  (File signed by Microsoft)
"Microsoft Windows Network" - "Microsoft Corporation" - C:\Windows\System32\ntlanman.dll  (File signed by Microsoft)
"Web Client Network" - "Microsoft Corporation" - C:\Windows\System32\davclnt.dll  (File signed by Microsoft)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"WSD Port" - "Microsoft Corporation" - C:\Windows\system32\WSDMon.dll  (File signed by Microsoft)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - "Microsoft Corporation" - C:\Windows\ehome\ehRecvr.exe  (File signed by Microsoft)
"@%SystemRoot%\ehome\ehres.dll,-15501" (Mcx2Svc) - "Microsoft Corporation" - C:\Windows\system32\Mcx2Svc.dll  (File signed by Microsoft)
"@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - "Microsoft Corporation" - C:\Windows\ehome\ehsched.exe  (File signed by Microsoft)
"@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193" (idsvc) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe  (File signed by Microsoft)
"@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201" (NetTcpPortSharing) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe  (File signed by Microsoft)
"@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\aelupsvc.dll,-1" (AeLookupSvc) - "Microsoft Corporation" - C:\Windows\System32\aelupsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\Alg.exe,-112" (ALG) - "Microsoft Corporation" - C:\Windows\System32\alg.exe  (File signed by Microsoft)
"@%systemroot%\system32\appidsvc.dll,-100" (AppIDSvc) - "Microsoft Corporation" - C:\Windows\System32\appidsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\appinfo.dll,-100" (Appinfo) - "Microsoft Corporation" - C:\Windows\System32\appinfo.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\audiosrv.dll,-200" (AudioSrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\AxInstSV.dll,-103" (AxInstSV) - "Microsoft Corporation" - C:\Windows\System32\AxInstSV.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\bdesvc.dll,-100" (BDESVC) - "Microsoft Corporation" - C:\Windows\System32\bdesvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\bfe.dll,-1001" (BFE) - "Microsoft Corporation" - C:\Windows\System32\bfe.dll  (File signed by Microsoft)
"@%systemroot%\system32\browser.dll,-100" (Browser) - "Microsoft Corporation" - C:\Windows\System32\browser.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\bthserv.dll,-101" (bthserv) - "Microsoft Corporation" - C:\Windows\system32\bthserv.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\certprop.dll,-11" (CertPropSvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\certprop.dll,-13" (SCPolicySvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\cryptsvc.dll,-1001" (CryptSvc) - "Microsoft Corporation" - C:\Windows\system32\cryptsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\cscsvc.dll,-200" (CscService) - "Microsoft Corporation" - C:\Windows\System32\cscsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\defragsvc.dll,-101" (defragsvc) - "Microsoft Corporation" - C:\Windows\System32\defragsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\dhcpcore.dll,-100" (Dhcp) - "Microsoft Corporation" - C:\Windows\system32\dhcpcore.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\dnsapi.dll,-101" (Dnscache) - "Microsoft Corporation" - C:\Windows\System32\dnsrslvr.dll  (File signed by Microsoft)
"@%systemroot%\system32\dot3svc.dll,-1102" (dot3svc) - "Microsoft Corporation" - C:\Windows\System32\dot3svc.dll  (File signed by Microsoft)
"@%systemroot%\system32\dps.dll,-500" (DPS) - "Microsoft Corporation" - C:\Windows\system32\dps.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\dwm.exe,-2000" (UxSms) - "Microsoft Corporation" - C:\Windows\System32\uxsms.dll  (File signed by Microsoft)
"@%systemroot%\system32\eapsvc.dll,-1" (EapHost) - "Microsoft Corporation" - C:\Windows\System32\eapsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\efssvc.dll,-100" (EFS) - "Microsoft Corporation" - C:\Windows\System32\lsass.exe  (File signed by Microsoft)
"@%systemroot%\system32\fdPHost.dll,-100" (fdPHost) - "Microsoft Corporation" - C:\Windows\system32\fdPHost.dll  (File signed by Microsoft)
"@%systemroot%\system32\fdrespub.dll,-100" (FDResPub) - "Microsoft Corporation" - C:\Windows\system32\fdrespub.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\FirewallAPI.dll,-23090" (MpsSvc) - "Microsoft Corporation" - C:\Windows\system32\mpssvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\FntCache.dll,-100" (FontCache) - "Microsoft Corporation" - C:\Windows\system32\FntCache.dll  (File signed by Microsoft)
"@%systemroot%\system32\fxsresm.dll,-118" (Fax) - "Microsoft Corporation" - C:\Windows\system32\fxssvc.exe  (File signed by Microsoft)
"@%SystemRoot%\System32\hidserv.dll,-101" (hidserv) - "Microsoft Corporation" - C:\Windows\system32\hidserv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\ikeext.dll,-501" (IKEEXT) - "Microsoft Corporation" - C:\Windows\System32\ikeext.dll  (File signed by Microsoft)
"@%systemroot%\system32\IPBusEnum.dll,-102" (IPBusEnum) - "Microsoft Corporation" - C:\Windows\system32\ipbusenum.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\iphlpsvc.dll,-500" (iphlpsvc) - "Microsoft Corporation" - C:\Windows\System32\iphlpsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\ipnathlp.dll,-106" (SharedAccess) - "Microsoft Corporation" - C:\Windows\System32\ipnathlp.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\iscsidsc.dll,-5000" (MSiSCSI) - "Microsoft Corporation" - C:\Windows\system32\iscsiexe.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\kmsvc.dll,-6" (hkmsvc) - "Microsoft Corporation" - C:\Windows\system32\kmsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\ListSvc.dll,-100" (HomeGroupListener) - "Microsoft Corporation" - C:\Windows\system32\ListSvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\lltdres.dll,-1" (lltdsvc) - "Microsoft Corporation" - C:\Windows\System32\lltdsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\lmhsvc.dll,-101" (lmhosts) - "Microsoft Corporation" - C:\Windows\System32\lmhsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - "Microsoft Corporation" - C:\Windows\system32\locator.exe  (File signed by Microsoft)
"@%systemroot%\system32\mmcss.dll,-100" (MMCSS) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll  (File signed by Microsoft)
"@%systemroot%\system32\mmcss.dll,-102" (THREADORDER) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll  (File signed by Microsoft)
"@%Systemroot%\system32\mprdim.dll,-200" (RemoteAccess) - "Microsoft Corporation" - C:\Windows\System32\mprdim.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\msimsg.dll,-27" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe  (File signed by Microsoft)
"@%SystemRoot%\System32\netlogon.dll,-102" (Netlogon) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\netman.dll,-109" (Netman) - "Microsoft Corporation" - C:\Windows\System32\netman.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\netprofm.dll,-202" (netprofm) - "Microsoft Corporation" - C:\Windows\System32\netprofm.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\nlasvc.dll,-1" (NlaSvc) - "Microsoft Corporation" - C:\Windows\System32\nlasvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\nsisvc.dll,-200" (nsi) - "Microsoft Corporation" - C:\Windows\system32\nsisvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\p2psvc.dll,-8006" (p2psvc) - "Microsoft Corporation" - C:\Windows\system32\p2psvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pcasvc.dll,-1" (PcaSvc) - "Microsoft Corporation" - C:\Windows\System32\pcasvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\peerdistsvc.dll,-9000" (PeerDistSvc) - "Microsoft Corporation" - C:\Windows\system32\peerdistsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\pla.dll,-500" (pla) - "Microsoft Corporation" - C:\Windows\system32\pla.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pnrpauto.dll,-8002" (PNRPAutoReg) - "Microsoft Corporation" - C:\Windows\system32\pnrpauto.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pnrpsvc.dll,-8000" (PNRPsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pnrpsvc.dll,-8004" (p2pimsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\polstore.dll,-5010" (PolicyAgent) - "Microsoft Corporation" - C:\Windows\System32\ipsecsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\PresentationHost.exe,-3309" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe  (File signed by Microsoft)
"@%systemroot%\system32\profsvc.dll,-300" (ProfSvc) - "Microsoft Corporation" - C:\Windows\system32\profsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\provsvc.dll,-100" (HomeGroupProvider) - "Microsoft Corporation" - C:\Windows\system32\provsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\psbase.dll,-300" (ProtectedStorage) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\qagentrt.dll,-6" (napagent) - "Microsoft Corporation" - C:\Windows\system32\qagentRT.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\qmgr.dll,-1000" (BITS) - "Microsoft Corporation" - C:\Windows\System32\qmgr.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\qwave.dll,-1" (QWAVE) - "Microsoft Corporation" - C:\Windows\system32\qwave.dll  (File signed by Microsoft)
"@%Systemroot%\system32\rasauto.dll,-200" (RasAuto) - "Microsoft Corporation" - C:\Windows\System32\rasauto.dll  (File signed by Microsoft)
"@%Systemroot%\system32\rasmans.dll,-200" (RasMan) - "Microsoft Corporation" - C:\Windows\System32\rasmans.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\samsrv.dll,-1" (SamSs) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)
"@%SystemRoot%\System32\SCardSvr.dll,-1" (SCardSvr) - "Microsoft Corporation" - C:\Windows\System32\SCardSvr.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\schedsvc.dll,-100" (Schedule) - "Microsoft Corporation" - C:\Windows\system32\schedsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\sdrsvc.dll,-107" (SDRSVC) - "Microsoft Corporation" - C:\Windows\System32\SDRSVC.dll  (File signed by Microsoft)
"@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - "Microsoft Corporation" - C:\Windows\system32\SearchIndexer.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\seclogon.dll,-7001" (seclogon) - "Microsoft Corporation" - C:\Windows\system32\seclogon.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\Sens.dll,-200" (SENS) - "Microsoft Corporation" - C:\Windows\System32\sens.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\sensrsvc.dll,-1000" (SensrSvc) - "Microsoft Corporation" - C:\Windows\system32\sensrsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\SessEnv.dll,-1026" (SessionEnv) - "Microsoft Corporation" - C:\Windows\system32\sessenv.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe  (File signed by Microsoft)
"@%systemroot%\system32\spoolsv.exe,-1" (Spooler) - "Microsoft Corporation" - C:\Windows\System32\spoolsv.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\sppsvc.exe,-101" (sppsvc) - "Microsoft Corporation" - C:\Windows\system32\sppsvc.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\sppuinotify.dll,-103" (sppuinotify) - "Microsoft Corporation" - C:\Windows\system32\sppuinotify.dll  (File signed by Microsoft)
"@%systemroot%\system32\srvsvc.dll,-100" (LanmanServer) - "Microsoft Corporation" - C:\Windows\system32\srvsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\ssdpsrv.dll,-100" (SSDPSRV) - "Microsoft Corporation" - C:\Windows\System32\ssdpsrv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\sstpsvc.dll,-200" (SstpSvc) - "Microsoft Corporation" - C:\Windows\system32\sstpsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\StorSvc.dll,-100" (StorSvc) - "Microsoft Corporation" - C:\Windows\system32\storsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\swprv.dll,-103" (swprv) - "Microsoft Corporation" - C:\Windows\System32\swprv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\sysmain.dll,-1000" (SysMain) - "Microsoft Corporation" - C:\Windows\system32\sysmain.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\TabSvc.dll,-100" (TabletInputService) - "Microsoft Corporation" - C:\Windows\System32\TabSvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\tapisrv.dll,-10100" (TapiSrv) - "Microsoft Corporation" - C:\Windows\System32\tapisrv.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\tbssvc.dll,-100" (TBS) - "Microsoft Corporation" - C:\Windows\System32\tbssvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\termsrv.dll,-268" (TermService) - "Microsoft Corporation" - C:\Windows\System32\termsrv.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\trkwks.dll,-1" (TrkWks) - "Microsoft Corporation" - C:\Windows\System32\trkwks.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\umpnpmgr.dll,-100" (PlugPlay) - "Microsoft Corporation" - C:\Windows\system32\umpnpmgr.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\umpo.dll,-100" (Power) - "Microsoft Corporation" - C:\Windows\system32\umpo.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\umrdp.dll,-1000" (UmRdpService) - "Microsoft Corporation" - C:\Windows\System32\umrdp.dll  (File signed by Microsoft)
"@%systemroot%\system32\upnphost.dll,-213" (upnphost) - "Microsoft Corporation" - C:\Windows\System32\upnphost.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\vaultsvc.dll,-1003" (VaultSvc) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe  (File signed by Microsoft)
"@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\w32time.dll,-200" (W32Time) - "Microsoft Corporation" - C:\Windows\system32\w32time.dll  (File signed by Microsoft)
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe  (File signed by Microsoft)
"@%Systemroot%\system32\wbem\wmisvc.dll,-205" (Winmgmt) - "Microsoft Corporation" - C:\Windows\system32\wbem\WMIsvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\wbengine.exe,-104" (wbengine) - "Microsoft Corporation" - C:\Windows\system32\wbengine.exe  (File signed by Microsoft)
"@%systemroot%\system32\wbiosrvc.dll,-100" (WbioSrvc) - "Microsoft Corporation" - C:\Windows\System32\wbiosrvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wcncsvc.dll,-3" (wcncsvc) - "Microsoft Corporation" - C:\Windows\System32\wcncsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\WcsPlugInService.dll,-200" (WcsPlugInService) - "Microsoft Corporation" - C:\Windows\System32\WcsPlugInService.dll  (File signed by Microsoft)
"@%systemroot%\system32\wdi.dll,-500" (WdiSystemHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll  (File signed by Microsoft)
"@%systemroot%\system32\wdi.dll,-502" (WdiServiceHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll  (File signed by Microsoft)
"@%systemroot%\system32\webclnt.dll,-100" (WebClient) - "Microsoft Corporation" - C:\Windows\System32\webclnt.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wecsvc.dll,-200" (Wecsvc) - "Microsoft Corporation" - C:\Windows\system32\wecsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wercplsupport.dll,-101" (wercplsupport) - "Microsoft Corporation" - C:\Windows\System32\wercplsupport.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wersvc.dll,-100" (WerSvc) - "Microsoft Corporation" - C:\Windows\System32\WerSvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wevtsvc.dll,-200" (eventlog) - "Microsoft Corporation" - C:\Windows\System32\svchost.exe  (File signed by Microsoft)
"@%SystemRoot%\system32\wiaservc.dll,-9" (stisvc) - "Microsoft Corporation" - C:\Windows\System32\wiaservc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\winhttp.dll,-100" (WinHttpAutoProxySvc) - "Microsoft Corporation" - C:\Windows\system32\winhttp.dll  (File signed by Microsoft)
"@%systemroot%\system32\wkssvc.dll,-100" (LanmanWorkstation) - "Microsoft Corporation" - C:\Windows\System32\wkssvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wlansvc.dll,-257" (Wlansvc) - "Microsoft Corporation" - C:\Windows\System32\wlansvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wpcsvc.dll,-100" (WPCSvc) - "Microsoft Corporation" - C:\Windows\System32\wpcsvc.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wpdbusenum.dll,-100" (WPDBusEnum) - "Microsoft Corporation" - C:\Windows\system32\wpdbusenum.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wscsvc.dll,-200" (wscsvc) - "Microsoft Corporation" - C:\Windows\System32\wscsvc.dll  (File signed by Microsoft)
"@%Systemroot%\system32\wsmsvc.dll,-101" (WinRM) - "Microsoft Corporation" - C:\Windows\system32\WsmSvc.dll  (File signed by Microsoft)
"@%systemroot%\system32\wuaueng.dll,-105" (wuauserv) - "Microsoft Corporation" - C:\Windows\system32\wuaueng.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wudfsvc.dll,-1000" (wudfsvc) - "Microsoft Corporation" - C:\Windows\System32\WUDFSvc.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wwansvc.dll,-257" (WwanSvc) - "Microsoft Corporation" - C:\Windows\System32\wwansvc.dll  (File signed by Microsoft)
"@%systemroot%\sysWow64\perfhost.exe,-2" (PerfHost) - "Microsoft Corporation" - C:\Windows\SysWow64\perfhost.exe  (File signed by Microsoft)
"@%windir%\system32\RpcEpMap.dll,-1001" (RpcEptMapper) - "Microsoft Corporation" - C:\Windows\System32\RpcEpMap.dll  (File signed by Microsoft)
"@appmgmts.dll,-3250" (AppMgmt) - "Microsoft Corporation" - C:\Windows\System32\appmgmts.dll  (File signed by Microsoft)
"@comres.dll,-2450" (EventSystem) - "Microsoft Corporation" - C:\Windows\system32\es.dll  (File signed by Microsoft)
"@comres.dll,-2797" (MSDTC) - "Microsoft Corporation" - C:\Windows\System32\msdtc.exe  (File signed by Microsoft)
"@comres.dll,-2946" (KtmRm) - "Microsoft Corporation" - C:\Windows\system32\msdtckrm.dll  (File signed by Microsoft)
"@comres.dll,-947" (COMSysApp) - "Microsoft Corporation" - C:\Windows\system32\dllhost.exe  (File signed by Microsoft)
"@gpapi.dll,-112" (gpsvc) - "Microsoft Corporation" - C:\Windows\System32\gpsvc.dll  (File signed by Microsoft)
"@keyiso.dll,-100" (KeyIso) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe  (File signed by Microsoft)
"@oleres.dll,-5010" (RpcSs) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll  (File signed by Microsoft)
"@oleres.dll,-5012" (DcomLaunch) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll  (File signed by Microsoft)
"@regsvc.dll,-1" (RemoteRegistry) - "Microsoft Corporation" - C:\Windows\system32\regsvc.dll  (File signed by Microsoft)
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Microsoft .NET Framework NGEN v2.0.50727_X64" (clr_optimization_v2.0.50727_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe  (File signed by Microsoft)
"Microsoft .NET Framework NGEN v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  (File signed by Microsoft)
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe
"ZAtheros Wlan Agent" (ZAtheros Wlan Agent) - "Atheros" - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
-----( HKCU\Control Panel\IOProcs )-----
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"VmApplet" - "Microsoft Corporation" - C:\Windows\system32\SystemPropertiesPerformance.exe  (File signed by Microsoft)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\Windows\system32\dot3gpclnt.dll  (File signed by Microsoft)
{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} "CP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)
{8A28E2C5-8D06-49A4-A08C-632DAA493E17} "Deployed Printer Connections" - "Microsoft Corporation" - C:\Windows\system32\gpprnext.dll  (File signed by Microsoft)
{FB2CA36D-0B40-4307-821B-A13B252DE56C} "Enterprise QoS" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)
{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\Windows\system32\fdeploy.dll  (File signed by Microsoft)
{F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll  (File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll  (File signed by Microsoft)
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP Security" - "Microsoft Corporation" - C:\Windows\System32\polstore.dll  (File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft Disk Quota" - "Microsoft Corporation" - C:\Windows\System32\dskquota.dll  (File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\Windows\System32\cscobj.dll  (File signed by Microsoft)
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS Packet Scheduler" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Scripts" - "Microsoft Corporation" - C:\Windows\system32\gpscript.dll  (File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll  (File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Software Installation" - "Microsoft Corporation" - C:\Windows\system32\appmgmts.dll  (File signed by Microsoft)
{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} "TCPIP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll  (File signed by Microsoft)
{7933F41E-56F8-41d6-A31C-4148A711EE93} "Windows Search Group Policy Extension" - "Microsoft Corporation" - C:\Windows\System32\srchadmin.dll  (File signed by Microsoft)
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Wireless Group Policy" - "Microsoft Corporation" - C:\Windows\system32\wlgpclnt.dll  (File signed by Microsoft)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
-----( HKLM\System\CurrentControlSet\Control\BootVerificationProgram )-----

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"@%SystemRoot%\system32\napinsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\napinsp.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\nlasvc.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\NLAapi.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pnrpnsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\pnrpnsp.dll,-1001" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll  (File signed by Microsoft)
"@%SystemRoot%\system32\wshtcpip.dll,-60103" - "Microsoft Corporation" - C:\Windows\System32\mswsock.dll  (File signed by Microsoft)
"NTDS" - "Microsoft Corporation" - C:\Windows\System32\winrnr.dll  (File signed by Microsoft)
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"@%SystemRoot%\System32\wship6.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wship6.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wship6.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshqos.dll,-100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshqos.dll,-101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshqos.dll,-102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshqos.dll,-103" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshtcpip.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshtcpip.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)
"@%SystemRoot%\System32\wshtcpip.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll  (File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Achja, eben festgestellt, meine Firefox-Sync Daten sind weg! Alle Lesezeichen und Passwörter... Firefox liefert nur noch die Standardbookmarks .... SO EINE SCH**

Mir ist auch aufgefallen, dass die Scans von Malwarebytes z. B. einfach durchlaufen ohne, dass wirklich was gescannt wird. So als ob die Malware dem Programm sagt, dass es die nfizierten Dateien überspringen soll.


Alt 29.05.2014, 13:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



und das Problem hast Du auf 2 Geräten?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
--> Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Alt 30.05.2014, 09:33   #7
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



hier der scan, p.s. mir ist eingefallen,dass ich kurz bevor die probleme angefangen haben meinen usb-stick ins notebook einer kommilitonin getan hab. jetzt halt dich fest, sie hat noch zu mir gemeint, dass es ja der selbe ist den sie hat :O also doch eine bios infektion möglich? habe die ganze nacht nicht geschlafen, habe verschiedene linux-distros ausprobiert, aber beide sind verseucht mit IRGENDWAS ssh-ebury + sonstwas - ich bin fix und alle! BITTE HILFE MIR!

[/CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by SYSTEM on MININT-U6GNBK4 on 30-05-2014 10:12:38
Running from F:\scans
Platform: WIN_7 Service Pack 1 (X64) OS Language: German Standard
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.




==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is missing.

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4075.55 MB
Available physical RAM: 3538.27 MB
Total Pagefile: 4073.75 MB
Available Pagefile: 3521.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:212.62 GB) NTFS
Drive e: (GRMCPRXVOL_DE_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.69 GB) (Free:1.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:95 GB) (Free:69.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=347 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         
--- --- ---

Alt 31.05.2014, 10:27   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Zitat:
also doch eine bios infektion möglich?
ich weiß nicht was ihr alle immer trinkt. Es gibt keine BIOS Infektion. Punkt. Im Labor, vielleicht, aber nicht drausen in der freien Wildbahn.....


FRST Scan bitte nochmal, die Registry konnte nicht geladen werden. Was ist mit meiner Frage wegen den beiden Rechnern?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.06.2014, 16:08   #9
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Hallo, musste die Windows Partition nochmal formatieren, weil ich dummerweise selbst versucht habe etwas zu unternehmen, was dem System wohl geschadet hat. Zu deiner Frage, ja habe auf beiden Rechnern das Problem, auf meinem PC habe ich jetzt Linux am Laufen, meine Windows CD wird gar nicht mehr erkannt, auch andere CDs zum Beispiel die Ultimate Boot CD wird übergangen Kann ich dagegen irgendwas tun? - Habe mich zum Thema Rootkit eingelesen und habe jetzt die Frage, ob man bei einem Kernel-Rootkit überhaupt etwas machen kann? Ob das Schadprogramm, das sich unter Windows eingenistet hat etwas mit meinen Laufwerken machen kann? Zum Beispiel listet /dev/log/ logs auf die zum Teil 12GB groß sind!! udev.log ist 12.000 Zeilen lang - Die FRST-Log werde ich heute Abend posten - Ist es möglich einen Rookit zu entfernen, der sich so tief in den PC eingefressen hat?

Danke für deine Mühe soweit.

Alt 03.06.2014, 10:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Vielleicht ist einfach das Laufwerk für die Tonne? Es gibt nix was nen Formatieren überlebt, wenn es korrekt gemacht wurde.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2014, 16:59   #11
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



hier die log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 9 days old and could be outdated)
Ran by SYSTEM on MININT-63G3J2Q on 03-06-2014 18:57:46
Running from G:\scan
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 17:41 - 2014-06-03 17:43 - 00001043 ____H () C:\Windows\EPMBatch.ept
2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-06-03 17:36 - 2013-10-09 14:34 - 03381832 _____ () C:\Windows\System32\BootMan.exe
2014-06-03 17:36 - 2013-10-09 14:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe
2014-06-03 17:36 - 2013-03-07 08:49 - 00100936 _____ () C:\Windows\System32\setupempdrvx64.exe
2014-06-03 17:36 - 2013-03-07 08:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe
2014-06-03 17:36 - 2013-03-07 08:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll
2014-06-03 17:36 - 2013-03-07 08:49 - 00017480 _____ () C:\Windows\System32\epmntdrv.sys
2014-06-03 17:36 - 2013-03-07 08:49 - 00016256 _____ () C:\Windows\System32\EuEpmGdi.dll
2014-06-03 17:36 - 2013-03-07 08:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys
2014-06-03 17:36 - 2013-03-07 08:49 - 00009800 _____ () C:\Windows\System32\EuGdiDrv.sys
2014-06-03 17:36 - 2013-03-07 08:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys
2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-06-03 17:29 - 2014-06-03 17:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 17:29 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-06-03 17:29 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-06-03 17:29 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!
2014-06-03 17:22 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-06-03 17:22 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-06-03 17:22 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-06-03 17:22 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-06-03 17:22 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-06-03 17:22 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-06-03 17:22 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-06-03 17:22 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-06-03 17:22 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 17:13 - 2014-06-03 17:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll
2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys
2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe
2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk
2014-06-03 17:10 - 2014-06-03 17:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software
2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-03 17:05 - 2011-01-26 20:35 - 00425064 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2014-06-03 17:05 - 2011-01-26 20:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2014-06-03 17:05 - 2011-01-26 20:35 - 00074272 _____ () C:\Windows\System32\RtNicProp64.dll
2014-06-03 17:01 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla
2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla
2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 16:11 - 2014-06-03 18:57 - 00000000 ____D () C:\FRST
2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-03 16:08 - 2014-06-03 16:09 - 00000000 ____D () C:\users\CD
2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore
2014-06-03 05:23 - 2014-06-03 16:08 - 00000000 ____D () C:\Windows\Panther
2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old
2014-06-03 04:27 - 2014-06-03 17:55 - 01300441 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-06-01 01:12 - 2014-06-01 01:23 - 00000229 _____ () C:\mbr.log
2014-06-01 01:06 - 2014-05-26 21:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe
2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log
2014-06-01 00:35 - 2014-06-01 00:36 - 00000000 ____D () C:\AdwCleaner
2014-05-31 23:34 - 2014-06-03 16:08 - 00000000 ____D () C:\Recovery
2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme
2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-30 13:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

2014-06-03 18:57 - 2014-06-03 16:11 - 00000000 ____D () C:\FRST
2014-06-03 17:55 - 2014-06-03 04:27 - 01300441 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 17:52 - 2014-06-03 17:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 17:50 - 2010-11-21 07:21 - 00643866 _____ () C:\Windows\System32\perfh007.dat
2014-06-03 17:50 - 2010-11-21 07:21 - 00126394 _____ () C:\Windows\System32\perfc007.dat
2014-06-03 17:50 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-03 17:47 - 2014-06-03 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 17:45 - 2009-07-14 05:51 - 00022504 _____ () C:\Windows\setupact.log
2014-06-03 17:43 - 2014-06-03 17:41 - 00001043 ____H () C:\Windows\EPMBatch.ept
2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-06-03 17:36 - 2014-06-03 17:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!
2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 17:21 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll
2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys
2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe
2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk
2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software
2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-03 17:05 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\System32\restore
2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla
2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla
2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-03 16:09 - 2014-06-03 16:08 - 00000000 ____D () C:\users\CD
2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore
2014-06-03 16:08 - 2014-06-03 05:23 - 00000000 ____D () C:\Windows\Panther
2014-06-03 16:08 - 2014-05-31 23:34 - 00000000 ____D () C:\Recovery
2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Recovery
2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-06-03 05:23 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-06-03 05:23 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old
2014-06-03 04:33 - 2009-07-14 05:45 - 00274464 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-06-03 04:27 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-06-03 04:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-06-03 04:24 - 2010-11-21 07:27 - 00000000 ____D () C:\Windows\CSC
2014-06-01 01:23 - 2014-06-01 01:12 - 00000229 _____ () C:\mbr.log
2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log
2014-06-01 00:36 - 2014-06-01 00:35 - 00000000 ____D () C:\AdwCleaner
2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme
2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-26 21:26 - 2014-06-01 01:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe
2014-05-12 06:26 - 2014-06-03 17:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-05-12 06:26 - 2014-06-03 17:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-05-12 06:25 - 2014-06-03 17:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-01 08:54:27
Restore point made on: 2014-06-03 17:05:36
Restore point made on: 2014-06-03 17:09:44
Restore point made on: 2014-06-03 17:15:26
Restore point made on: 2014-06-03 17:22:08
Restore point made on: 2014-06-03 17:27:45

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4075.55 MB
Available physical RAM: 3538.39 MB
Total Pagefile: 4073.75 MB
Available Pagefile: 3529.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (lol) (Fixed) (Total:95 GB) (Free:70.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:370.66 GB) (Free:242.79 GB) NTFS
Drive e: () (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:3.69 GB) (Free:2.07 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Not Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=371 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-06-03 04:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

[/CODE]

> The current controlset is ControlSet001

davon gibt es verschiedene, evtl. das problem?

Alt 04.06.2014, 12:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Nein, das ist normal. Bitte FRST vom Desktop aus laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2014, 19:35   #13
plagiat
 
Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



Habe mittels knoppix ein Systemcheck gemacht, könntest du mal speziell über die geladenen Module, Treiber und Speicher schauen? gparted hat auch eine versteckte primäre Partition gefunden, die ich bisher noch gar nicht gesehen habe

Code:
ATTFilter
Computer
Summary
Computer
Processor	2x Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Memory	3617MB (224MB used)
Operating System	Debian GNU/Linux 7.1
User Name	knoppix (Knoppix User)
Date/Time	Mi 04 Jun 2014 16:14:26 CEST
Display
Resolution	1366x768 pixels
OpenGL Renderer	Gallium 0.4 on NVD9
X11 Vendor	The X.Org Foundation
Multimedia
Audio Adapter	HDA-Intel - HDA Intel PCH
Audio Adapter	HDA-Intel - HDA NVidia
Input Devices
Lid Switch	
Power Button	
Sleep Button	
Power Button	
Video Bus	
AT Translated Set 2 keyboard	
Microsoft Microsoft® Nano Transceiver v2.0	
Microsoft Microsoft® Nano Transceiver v2.0	
Microsoft Microsoft® Nano Transceiver v2.0	
ETPS/2 Elantech Touchpad	
WebCam SCB-0385N	
Printers
No printers found	
SCSI Disks
ATA Hitachi HTS54505	
TSSTcorp CDDVDW TS-L633J	
Operating System
Version
Kernel	Linux 3.9.6 (i686)
Compiled	#25 SMP PREEMPT Sat Jun 15 15:27:01 CEST 2013
C Library	Unknown
Default C Compiler	GNU C Compiler version 4.7.2 (Debian 4.7.2-5)
Distribution	Debian GNU/Linux 7.1
Current Session
Computer Name	Microknoppix
User Name	knoppix (Knoppix User)
Home Directory	/home/knoppix
Desktop Environment	Unknown (Window Manager: compiz)
Misc
Uptime	5 minutes
Load Average	0,00, 0,00, 0,00
Kernel Modules
Loaded Modules
parport_pc	PC-style parallel port driver
ppdev	
lp	
parport	
ipv6	IPv6 protocol stack for Linux
coretemp	Intel Core temperature monitor
kvm_intel	
kvm	
uvcvideo	USB Video Class driver
videobuf2_vmalloc	vmalloc memory handling routines for videobuf2
videobuf2_memops	common memory handling routines for videobuf2
videobuf2_core	Driver helper framework for Video for Linux 2
samsung_laptop	Samsung Backlight driver
videodev	Device registrar for Video4Linux drivers v2
media	Device node registration for media drivers
crc32_pclmul	
arc4	ARC4 Cipher Algorithm
ath9k	Support for Atheros 802.11n wireless LAN cards.
ath9k_common	Shared library for Atheros wireless 802.11n LAN cards.
ath9k_hw	Support for Atheros 802.11n wireless LAN cards.
ath	Shared library for Atheros wireless LAN cards.
mac80211	IEEE 802.11 subsystem
cfg80211	wireless configuration support
r8169	RealTek RTL-8169 Gigabit Ethernet driver
snd_hda_codec_hdmi	HDMI HD-audio codec
mii	MII hardware support library
lpc_ich	LPC interface for Intel ICH
snd_hda_codec_realtek	Realtek HD-audio codec
i2c_i801	I801 SMBus driver
joydev	Joystick device interfaces
snd_hda_intel	Intel HDA driver
snd_hda_codec	HDA codec core
nouveau	nVidia Riva/TNT/GeForce/Quadro/Tesla
mxm_wmi	MXM WMI Driver
wmi	ACPI-WMI Mapping Driver
ttm	TTM memory manager subsystem (for DRM device)
drm_kms_helper	DRM KMS helper
Boots
Boots
Wed Jun 4 16:09	3.9.6|-
Languages
Available Languages
be_BY	Belarusian locale for Belarus
be_BY.cp1251	Belarusian locale for Belarus
be_BY.utf8	Belarusian locale for Belarus
bg_BG	Bulgarian locale for Bulgaria
bg_BG.cp1251	Bulgarian locale for Bulgaria
bg_BG.utf8	Bulgarian locale for Bulgaria
cs_CZ	Czech locale for the Czech Republic
cs_CZ.iso88592	Czech locale for the Czech Republic
cs_CZ.utf8	Czech locale for the Czech Republic
czech	Czech locale for the Czech Republic
da_DK	Danish locale for Denmark
da_DK.iso88591	Danish locale for Denmark
da_DK.utf8	Danish locale for Denmark
danish	Danish locale for Denmark
dansk	Danish locale for Denmark
de_AT@euro	German locale for Austria with Euro
de_AT.iso885915	German locale for Austria with Euro
de_AT.utf8	German locale for Austria
de_CH	German locale for Switzerland
de_CH.iso88591	German locale for Switzerland
de_CH.utf8	German locale for Switzerland
de_DE	German locale for Germany
de_DE@euro	German locale for Germany with Euro
de_DE.iso88591	German locale for Germany
de_DE.iso885915	German locale for Germany with Euro
de_DE.utf8	German locale for Germany
deutsch	German locale for Germany
en_GB	English locale for Britain
en_GB.iso88591	English locale for Britain
en_GB.iso885915	English locale for Britain
en_GB.utf8	English locale for Britain
en_IE@euro	English locale for Ireland with Euro
en_IE.iso885915	English locale for Ireland with Euro
en_IE.utf8	English locale for Ireland
en_US	English locale for the USA
en_US.iso88591	English locale for the USA
en_US.iso885915	English locale for the USA
en_US.utf8	English locale for the USA
es_ES@euro	Spanish locale for Spain with Euro
es_ES.iso885915	Spanish locale for Spain with Euro
es_ES.utf8	Spanish locale for Spain
fi_FI@euro	Finnish locale for Finland with Euro
fi_FI.iso885915	Finnish locale for Finland with Euro
fi_FI.utf8	Finnish locale for Finland
fr_FR@euro	French locale for France with Euro
fr_FR.iso885915	French locale for France with Euro
fr_FR.utf8	French locale for France
german	German locale for Germany
hebrew	Hebrew locale for Israel
he_IL	Hebrew locale for Israel
he_IL.iso88598	Hebrew locale for Israel
he_IL.utf8	Hebrew locale for Israel
hi_IN	Hindi language locale for India
hi_IN.utf8	Hindi language locale for India
hu_HU	Hungarian locale for Hungary
hu_HU.iso88592	Hungarian locale for Hungary
hu_HU.utf8	Hungarian locale for Hungary
hungarian	Hungarian locale for Hungary
it_IT@euro	Italian locale for Italy with Euro
it_IT.iso885915	Italian locale for Italy with Euro
it_IT.utf8	Italian locale for Italy
ja_JP.utf8	Japanese language locale for Japan
nl_NL@euro	Dutch locale for the Netherlands with Euro
nl_NL.iso885915	Dutch locale for the Netherlands with Euro
nl_NL.utf8	Dutch locale for the Netherlands
pl_PL	Polish locale for Poland
pl_PL.iso88592	Polish locale for Poland
pl_PL.utf8	Polish locale for Poland
polish	Polish locale for Poland
ru_RU.koi8r	Russian locale for Russia
ru_RU.utf8	Russian locale for Russia
russian	Russian locale for Russia
sk_SK	Slovak locale for Slovak
sk_SK.iso88592	Slovak locale for Slovak
sk_SK.utf8	Slovak locale for Slovak
slovak	Slovak locale for Slovak
slovene	Slovenian locale for Slovenia
slovenian	Slovenian locale for Slovenia
sl_SI	Slovenian locale for Slovenia
sl_SI.iso88592	Slovenian locale for Slovenia
sl_SI.utf8	Slovenian locale for Slovenia
tr_TR	Turkish locale for Turkey
tr_TR.iso88599	Turkish locale for Turkey
tr_TR.utf8	Turkish locale for Turkey
turkish	Turkish locale for Turkey
zh_CN.utf8	Chinese locale for Peoples Republic of China
zh_TW.utf8	Chinese locale for Taiwan R.O.C.
Filesystems
Mounted File Systems
/dev/sr0	/mnt-system	100,00 % (0,0 B of 700,9 MiB)
tmpfs	/ramdisk	0,05 % (2,8 GiB of 2,8 GiB)
/dev/cloop	/KNOPPIX	100,00 % (0,0 B of 1,9 GiB)
unionfs	/UNIONFS	0,05 % (2,8 GiB of 2,8 GiB)
unionfs	/usr	0,05 % (2,8 GiB of 2,8 GiB)
unionfs	/home	0,05 % (2,8 GiB of 2,8 GiB)
tmpfs	/run	13,79 % (17,2 MiB of 20,0 MiB)
tmpfs	/UNIONFS/var/run	13,79 % (17,2 MiB of 20,0 MiB)
tmpfs	/UNIONFS/var/lock	0,00 % (10,0 MiB of 10,0 MiB)
tmpfs	/UNIONFS/var/log	0,06 % (99,9 MiB of 100,0 MiB)
tmpfs	/tmp	0,00 % (2,0 GiB of 2,0 GiB)
udev	/dev	0,02 % (20,0 MiB of 20,0 MiB)
tmpfs	/dev/shm	0,00 % (2,0 GiB of 2,0 GiB)
Display
Display
Resolution	1366x768 pixels
Vendor	The X.Org Foundation
Version	1.12.4
Monitors
Monitor 0	1366x768 pixels
Extensions
BIG-REQUESTS	
Composite	
DAMAGE	
DOUBLE-BUFFER	
DPMS	
DRI2	
GLX	
Generic Event Extension	
MIT-SCREEN-SAVER	
MIT-SHM	
RANDR	
RECORD	
RENDER	
SECURITY	
SGI-GLX	
SHAPE	
SYNC	
X-Resource	
XC-MISC	
XFIXES	
XFree86-DGA	
XFree86-VidModeExtension	
XINERAMA	
XInputExtension	
XKEYBOARD	
XTEST	
XVideo	
XVideo-MotionCompensation	
OpenGL
Vendor	nouveau
Renderer	Gallium 0.4 on NVD9
Version	3.0 Mesa 9.1.3
Direct Rendering	Yes
Environment Variables
Environment Variables
SSH_AGENT_PID	2941
SAL_USE_VCLPLUGIN	gtk
SPEECHD_ADDRESS	unix_socket:/var/run/speech-dispatcher/speechd.sock
XDG_MENU_PREFIX	lxde-
TERM	linux
SHELL	/bin/bash
XDG_SESSION_COOKIE	7f2fcb52ce34afe36e290df148665669-1401891042.825290-1760436476
LC_ALL	de_DE.UTF-8
USER	knoppix
SSH_AUTH_SOCK	/tmp/ssh-7nhNEhcu3XsY/agent.2831
PATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
MAIL	/var/mail/knoppix
LC_MESSAGES	de_DE.UTF-8
COUNTRY	DE
PWD	/home/knoppix
LANG	de_DE.UTF-8.UTF-8
HOME	/home/knoppix
SHLVL	1
XDG_CONFIG_HOME	/home/knoppix/.config
LANGUAGE	de
GNOME_DESKTOP_SESSION_ID	LXDE
LOGNAME	knoppix
G_FILENAME_ENCODING	@locale
XDG_DATA_DIRS	/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/
DBUS_SESSION_BUS_ADDRESS	unix:abstract=/tmp/dbus-Fl0u1CrfCM,guid=0229bcb028d2e5c7a6eeaa5a538f28e2
WINDOWPATH	5
DISPLAY	:0
STARTUP	/usr/bin/ssh-agent /usr/bin/ck-launch-session /usr/bin/dbus-launch --exit-with-session startlxde
XAUTHORITY	/home/knoppix/.Xauthority
_LXSESSION_PID	2946
DESKTOP_SESSION	LXDE
XDG_CURRENT_DESKTOP	LXDE
Users
Users
root	root
daemon	daemon
bin	bin
sys	sys
sync	sync
games	games
man	man
lp	lp
mail	mail
news	news
uucp	uucp
proxy	proxy
www-data	www-data
backup	backup
list	Mailing List Manager
irc	ircd
gnats	Gnats Bug-Reporting System (admin)
nobody	nobody
libuuid	
messagebus	
knoppix	Knoppix User
speech-dispatcher	Speech Dispatcher
polkituser	PolicyKit
festival	
saned	
statd	
partimag	Partimage Server
sshd	
tftp	tftp daemon
hplip	HPLIP system user
avahi	Avahi mDNS daemon
mysql	MySQL Server
postgres	PostgreSQL administrator
privoxy	
debian-tor	
vde2-net	
timidity	TiMidity++ MIDI sequencer service
usbmux	usbmux daemon
ntop	
libvirt-qemu	Libvirt Qemu
colord	colord colour management daemon
nx	
syslog	
klog	
haldaemon	Hardware abstraction layer
distccd	
Devices
Processor
Processors
Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz	2714,00MHz
Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz	2691,00MHz
Memory
Memory
Total Memory	3617536 kB
Free Memory	3167052 kB
Buffers	74516 kB
Cached	226064 kB
Cached Swap	0 kB
Active	138412 kB
Inactive	237616 kB
Active(anon)	78976 kB
Inactive(anon)	2048 kB
Active(file)	59436 kB
Inactive(file)	235568 kB
Unevictable	0 kB
Mlocked	0 kB
High Memory	2748360 kB
Free High Memory	2419568 kB
Low Memory	869176 kB
Free Low Memory	747484 kB
Virtual Memory	2713148 kB
Free Virtual Memory	2713148 kB
Dirty	0 kB
Writeback	0 kB
AnonPages	75448 kB
Mapped	40264 kB
Shmem	5576 kB
Slab	42416 kB
SReclaimable	19656 kB
SUnreclaim	22760 kB
KernelStack	1696 kB
PageTables	1868 kB
NFS_Unstable	0 kB
Bounce	0 kB
WritebackTmp	0 kB
CommitLimit	4521916 kB
Committed_AS	418556 kB
VmallocTotal	122880 kB
VmallocUsed	63432 kB
VmallocChunk	50864 kB
HardwareCorrupted	0 kB
HugePages_Total	0
HugePages_Free	0
HugePages_Rsvd	0
HugePages_Surp	0
Hugepagesize	4096 kB
DirectMap4k	16376 kB
DirectMap4M	892928 kB
PCI Devices
PCI Devices
Host bridge	Intel Corporation 2nd Generation Core Processor Family DRAM Controller
PCI bridge	Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port
Communication controller	Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1
USB controller	Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
Audio device	Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller
PCI bridge	Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1
PCI bridge	Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4
USB controller	Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
ISA bridge	Intel Corporation HM65 Express Chipset Family LPC Controller
IDE interface	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
SMBus	Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
IDE interface	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
VGA compatible controller	NVIDIA Corporation GF119 [GeForce GT 520M]
Audio device	NVIDIA Corporation GF119 HDMI Audio Controller
Network controller	Atheros Communications Inc. AR9285 Wireless Network Adapter
Ethernet controller	Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
USB Devices
Printers
Printers
No printers found	
Battery
Battery: BAT1
State	discharging (load: 1804 mA)
Capacity	2232 mAh / 4400 mAh (50,73%)
Battery Technology	rechargeable (LION)
Model Number	
Serial Number	
Sensors
Input Devices
Input Devices
Lid Switch	
Power Button	
Sleep Button	
Power Button	
Video Bus	
AT Translated Set 2 keyboard	
Microsoft Microsoft® Nano Transceiver v2.0	
Microsoft Microsoft® Nano Transceiver v2.0	
Microsoft Microsoft® Nano Transceiver v2.0	
ETPS/2 Elantech Touchpad	
WebCam SCB-0385N	
Storage
SCSI Disks
ATA Hitachi HTS54505	
TSSTcorp CDDVDW TS-L633J	
DMI
BIOS
Date	11/21/2012
Vendor	Phoenix Technologies Ltd. (www.phoenix.com)
Version	07PQ
Board
Name	RV420/RV520/RV720/E3530/S3530/E3420/E3520
Vendor	SAMSUNG ELECTRONICS CO., LTD. (www.samsung.com)
Resources
I/O Ports
0000-0cf7 	PCI Bus 0000:00
0000-001f 	dma1
0020-0021 	pic1
0040-0043 	timer0
0050-0053 	timer1
0060-0060 	keyboard
0062-0062 	EC data
0064-0064 	keyboard
0066-0066 	EC cmd
0070-0077 	rtc0
0080-008f 	dma page reg
00a0-00a1 	pic2
00c0-00df 	dma2
00f0-00ff 	fpu
0170-0177 	pata_legacy
01f0-01f7 	pata_legacy
0376-0376 	pata_legacy
03c0-03df 	vga+
03f6-03f6 	pata_legacy
0400-0453 	pnp 00:04
0400-0403 	ACPI PM1a_EVT_BLK
0404-0405 	ACPI PM1a_CNT_BLK
0408-040b 	ACPI PM_TMR
0410-0415 	ACPI CPU throttle
0420-042f 	ACPI GPE0_BLK
0430-0433 	iTCO_wdt
0450-0450 	ACPI PM2_CNT_BLK
0454-0457 	pnp 00:06
0458-047f 	pnp 00:04
0460-047f 	iTCO_wdt
0500-057f 	pnp 00:04
0680-069f 	pnp 00:04
0a00-0a0f 	pnp 00:04
0cf8-0cff 	PCI conf1
0d00-ffff 	PCI Bus 0000:00
1000-100f 	pnp 00:04
164e-164f 	pnp 00:04
2000-2fff 	PCI Bus 0000:03
2000-20ff 	Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
2000-20ff 	RealTek RTL-8169 Gigabit Ethernet driver
3000-3fff 	PCI Bus 0000:01
3000-307f 	NVIDIA Corporation GF119 [GeForce GT 520M]
4020-402f 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4020-402f 	ata_piix
4030-403f 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4030-403f 	ata_piix
4040-404f 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4040-404f 	ata_piix
4050-405f 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4050-405f 	ata_piix
4060-4067 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4060-4067 	ata_piix
4068-406f 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4068-406f 	ata_piix
4070-4077 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4070-4077 	ata_piix
4078-407f 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4078-407f 	ata_piix
4080-4083 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4080-4083 	ata_piix
4084-4087 	Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4084-4087 	ata_piix
4088-408b 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4088-408b 	ata_piix
408c-408f 	Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
408c-408f 	ata_piix
5000-5003 	pnp 00:04
efa0-efbf 	Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
ffff-ffff 	pnp 00:04
Memory
00000000-00000fff 	reserved
00001000-0009d7ff 	System RAM
0009d800-0009ffff 	reserved
000a0000-000bffff 	PCI Bus 0000:00
000a0000-000bffff 	Video RAM area
000c0000-000c7fff 	Video ROM
000e0000-000fffff 	reserved
000f0000-000fffff 	System ROM
00100000-df3eefff 	System RAM
01000000-016614ee 	Kernel code
016614ef-0191a0ff 	Kernel data
019b5000-01a16fff 	Kernel bss
df3ef000-df6eefff 	reserved
df6ef000-df79efff 	ACPI Non-volatile Storage
df79f000-df7fefff 	ACPI Tables
df7ff000-df7fffff 	System RAM
df800000-dfffffff 	reserved
e0000000-feafffff 	PCI Bus 0000:00
e0000000-f1ffffff 	PCI Bus 0000:01
e0000000-efffffff 	NVIDIA Corporation GF119 [GeForce GT 520M]
f0000000-f1ffffff 	NVIDIA Corporation GF119 [GeForce GT 520M]
f2000000-f30fffff 	PCI Bus 0000:01
f2000000-f2ffffff 	NVIDIA Corporation GF119 [GeForce GT 520M]
f3000000-f3003fff 	NVIDIA Corporation GF119 HDMI Audio Controller
f3000000-f3003fff 	ICH HD audio
f3080000-f30fffff 	NVIDIA Corporation GF119 [GeForce GT 520M]
f3100000-f31fffff 	PCI Bus 0000:03
f3100000-f3103fff 	Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
f3100000-f3103fff 	RealTek RTL-8169 Gigabit Ethernet driver
f3104000-f3104fff 	Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
f3104000-f3104fff 	RealTek RTL-8169 Gigabit Ethernet driver
f3200000-f32fffff 	PCI Bus 0000:02
f3200000-f320ffff 	Atheros Communications Inc. AR9285 Wireless Network Adapter
f3200000-f320ffff 	Support for Atheros 802.11n wireless LAN cards.
f3300000-f3303fff 	Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller
f3300000-f3303fff 	ICH HD audio
f3304000-f33040ff 	Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
f3305000-f330500f 	Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1
f3308000-f33083ff 	Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
f3308000-f33083ff 	ehci_hcd
f3309000-f33093ff 	Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
f3309000-f33093ff 	ehci_hcd
f8000000-fbffffff 	PCI MMCONFIG 0000 [bus 00-3f]
f8000000-fbffffff 	reserved
f8000000-fbffffff 	pnp 00:09
fec00000-fec00fff 	reserved
fec00000-fec003ff 	IOAPIC 0
fed00000-fed003ff 	HPET 0
fed08000-fed08fff 	reserved
fed10000-fed19fff 	reserved
fed10000-fed17fff 	pnp 00:09
fed18000-fed18fff 	pnp 00:09
fed19000-fed19fff 	pnp 00:09
fed1c000-fed1ffff 	reserved
fed1c000-fed1ffff 	pnp 00:09
fed1f410-fed1f414 	iTCO_wdt
fed20000-fed3ffff 	pnp 00:09
fed40000-fed44fff 	PCI Bus 0000:00
fed45000-fed8ffff 	pnp 00:09
fed90000-fed93fff 	pnp 00:09
fee00000-fee00fff 	Local APIC
fee00000-fee00fff 	reserved
ff001000-ff7fffff 	goldfish_pdev_bus
ff001000-ff7fffff 	goldfish
ffd80000-ffffffff 	reserved
DMA
4	cascade
Network
Interfaces
Network Interfaces
wlan0	0,00MiB	0,00MiB	
lo	0,00MiB	0,00MiB	127.0.0.1
eth0	0,00MiB	0,00MiB	
IP Connections
Connections
127.0.0.1:631	LISTEN	0.0.0.0:*	tcp
::1:631	LISTEN	:::*	tcp6
0.0.0.0:631		0.0.0.0:*	udp
Routing Table
IP routing table
ARP Table
ARP Table
DNS Servers
Name servers
Statistics
IP
4	Requests sent out
0	Incoming packets discarded
0	Incoming packets discarded
4	Requests sent out
4	Requests sent out
ICMP
0	ICMP messages failed
0	ICMP messages failed
0	ICMP messages failed
0	ICMP messages failed
TCP
3	Resets sent
0	Bad segments received.
3	Resets sent
0	Bad segments received.
0	Bad segments received.
6	Segments send out
6	Segments send out
0	Bad segments received.
0	Bad segments received.
3	Resets sent
UDP
0	Packets sent
0	Packets sent
0	Packets sent
0	Packets sent
UDPLITE
TCPEXT
0	Packet headers predicted
IPEXT
Shared Directories
SAMBA
NFS
         
Habe windows gestartet und einen quickscan gemacht, bekam folgende hinweise:+

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-04 14:47:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\CD\AppData\Local\Temp\pgldqpoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                           000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                               000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                           00000000765ba322 1 byte [62]
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000778c1465 2 bytes [8C, 77]
.text   C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000778c14bb 2 bytes [8C, 77]
.text   ...                                                                                                                                      * 2
.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\System32\svchost.exe[916] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\System32\svchost.exe[968] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\AUDIODG.EXE[340] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\svchost.exe[372] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                               000000007764eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\System32\spoolsv.exe[1392] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory           000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory               000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory            0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           00000000765ba322 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         00000000778c1465 2 bytes [8C, 77]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000778c14bb 2 bytes [8C, 77]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory             000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                 000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory              0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112             00000000765ba322 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000778c1465 2 bytes [8C, 77]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000778c14bb 2 bytes [8C, 77]
.text   ...                                                                                                                                      * 2
.text   C:\Windows\system32\svchost.exe[1760] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                             0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                 00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\taskhost.exe[1952] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                             000000007764eecd 1 byte [62]
.text   C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                  000000007764eecd 1 byte [62]
.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                      0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                          00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                       0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\Explorer.EXE[1276] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                      000000007764eecd 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                    000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                        000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                     0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                    00000000765ba322 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000778c1465 2 bytes [8C, 77]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000778c14bb 2 bytes [8C, 77]
.text   ...                                                                                                                                      * 2
.text   C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              000000007764eecd 1 byte [62]
.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        0000000077761490 5 bytes JMP 00000000778c0010
.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            00000000777614f0 5 bytes JMP 00000000778c0028
.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                         0000000077761810 5 bytes JMP 00000000778c0040
.text   C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                        000000007764eecd 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                            000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                             0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter                     00000000765987c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                            00000000765ba322 1 byte [62]
.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  000000007790fab0 5 bytes JMP 0000000175308cf0
.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      000000007790fb48 5 bytes JMP 0000000175308ea0
.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory   0000000077910028 5 bytes JMP 0000000175308d80
.text   C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112  00000000765ba322 1 byte [62]
.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                000000007790fab0 5 bytes JMP 0000000175308cf0
.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    000000007790fb48 5 bytes JMP 0000000175308ea0
.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077910028 5 bytes JMP 0000000175308d80
.text   D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                00000000765ba322 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\SearchIndexer.exe [2712:2600]                                                                                        000007feff310168
Thread  C:\Windows\system32\SearchIndexer.exe [2712:948]                                                                                         000007fef49e5170
Thread  C:\Windows\system32\SearchIndexer.exe [2712:2652]                                                                                        000007fef61c69ac
Thread  C:\Windows\system32\SearchIndexer.exe [2712:2632]                                                                                        000007fef5d63dac
Thread  C:\Windows\system32\SearchIndexer.exe [2712:2624]                                                                                        000007fef5d61710
Thread  C:\Windows\system32\SearchIndexer.exe [2712:2288]                                                                                        000007fef5d8c4dc
Thread  C:\Windows\system32\SearchIndexer.exe [2712:2900]                                                                                        000007fef5d8b278

---- EOF - GMER 2.1 ----
         
hier die frst-log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by CD (administrator) on CD-PC on 05-06-2014 00:33:18
Running from H:\scan
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-1778027116-683302701-3316222676-1000\...\MountPoints2: {8357a3ca-eace-11e3-a23b-806e6f6e6963} - G:\autostart.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1

FireFox:
========
FF ProfilePath: C:\Users\CD\AppData\Roaming\Mozilla\Firefox\Profiles\3nc3miz1.default
FF NetworkProxy: "type", 0
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:30 - 2014-06-05 00:31 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 18:41 - 2014-06-03 18:43 - 00001043 ____H () C:\Windows\EPMBatch.ept
2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0
2014-06-03 18:36 - 2013-10-09 15:34 - 03381832 _____ () C:\Windows\system32\BootMan.exe
2014-06-03 18:36 - 2013-10-09 15:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe
2014-06-03 18:36 - 2013-03-07 09:49 - 00100936 _____ () C:\Windows\system32\setupempdrvx64.exe
2014-06-03 18:36 - 2013-03-07 09:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe
2014-06-03 18:36 - 2013-03-07 09:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll
2014-06-03 18:36 - 2013-03-07 09:49 - 00017480 _____ () C:\Windows\system32\epmntdrv.sys
2014-06-03 18:36 - 2013-03-07 09:49 - 00016256 _____ () C:\Windows\system32\EuEpmGdi.dll
2014-06-03 18:36 - 2013-03-07 09:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys
2014-06-03 18:36 - 2013-03-07 09:49 - 00009800 _____ () C:\Windows\system32\EuGdiDrv.sys
2014-06-03 18:36 - 2013-03-07 09:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys
2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-06-03 18:29 - 2014-06-05 00:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 18:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 18:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 18:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!
2014-06-03 18:22 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-03 18:22 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-03 18:22 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-03 18:22 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-03 18:22 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-03 18:22 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-03 18:22 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-03 18:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-03 18:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 18:13 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe
2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk
2014-06-03 18:10 - 2014-06-03 18:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software
2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-03 18:05 - 2011-01-26 21:35 - 00425064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-06-03 18:05 - 2011-01-26 21:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-06-03 18:05 - 2011-01-26 21:35 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll
2014-06-03 18:01 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla
2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla
2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 17:11 - 2014-06-05 00:33 - 00000000 ____D () C:\FRST
2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-03 17:08 - 2014-06-05 00:32 - 00000000 ____D () C:\Users\CD
2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore
2014-06-03 17:08 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 17:08 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-03 06:23 - 2014-06-03 17:08 - 00000000 ____D () C:\Windows\Panther
2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old
2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-06-03 05:27 - 2014-06-04 14:34 - 01445451 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-06-01 02:12 - 2014-06-01 02:23 - 00000229 _____ () C:\mbr.log
2014-06-01 02:06 - 2014-05-26 22:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe
2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log
2014-06-01 01:35 - 2014-06-01 01:36 - 00000000 ____D () C:\AdwCleaner
2014-06-01 00:34 - 2014-06-03 17:08 - 00000000 ____D () C:\Recovery
2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme
2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-30 14:27 - 2010-11-21 05:23 - 00383786 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

2014-06-05 01:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-05 00:33 - 2014-06-03 17:11 - 00000000 ____D () C:\FRST
2014-06-05 00:32 - 2014-06-03 18:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 00:32 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD
2014-06-05 00:31 - 2014-06-04 14:30 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 00:31 - 2009-07-14 06:51 - 00022616 _____ () C:\Windows\setupact.log
2014-06-04 14:34 - 2014-06-03 05:27 - 01445451 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 18:52 - 2014-06-03 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 18:50 - 2010-11-21 08:21 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-06-03 18:50 - 2010-11-21 08:21 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-06-03 18:50 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 18:43 - 2014-06-03 18:41 - 00001043 ____H () C:\Windows\EPMBatch.ept
2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0
2014-06-03 18:36 - 2014-06-03 18:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat!
2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 18:21 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe
2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk
2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software
2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-03 18:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla
2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla
2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore
2014-06-03 17:08 - 2014-06-03 06:23 - 00000000 ____D () C:\Windows\Panther
2014-06-03 17:08 - 2014-06-01 00:34 - 00000000 ____D () C:\Recovery
2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-06-03 06:23 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-06-03 06:23 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old
2014-06-03 05:33 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-06-03 05:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-06-03 05:27 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-03 05:24 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC
2014-06-01 02:23 - 2014-06-01 02:12 - 00000229 _____ () C:\mbr.log
2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log
2014-06-01 01:36 - 2014-06-01 01:35 - 00000000 ____D () C:\AdwCleaner
2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme
2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-26 22:26 - 2014-06-01 02:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe
2014-05-12 07:26 - 2014-06-03 18:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 18:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 18:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-03 05:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 05.06.2014, 19:14   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Standard

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen
.dll, administrator, association, avg, avira, defender, download, explorer, explorer.exe, harddisk, iexplore.exe, kaspersky, laptop, malware, microsoft, problem, registry, security, services.exe, svchost.exe, system, system32, treiber, win32, windows, winlogon.exe



Ähnliche Themen: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen


  1. Windows 7 / 64bit - Bundestrojaner oder nicht?
    Log-Analyse und Auswertung - 01.11.2014 (10)
  2. Windows 7 64bit Kann mein Windows nicht dauerhaft Aktivieren mit dem KEY
    Plagegeister aller Art und deren Bekämpfung - 25.10.2014 (15)
  3. Windows 7 64Bit, Virus: Infector.Gen9
    Log-Analyse und Auswertung - 09.09.2014 (14)
  4. GVU Trojaner Windows 7 64bit, abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (8)
  5. Windows 7 64bit: Komme nicht ins Internet
    Log-Analyse und Auswertung - 24.06.2014 (5)
  6. Windows 7 Ultimate 64bit - Windows-Sicherheitscenterdienst ist deaktiviert und lässt sich nicht aktivieren.
    Log-Analyse und Auswertung - 10.12.2013 (21)
  7. Windows 7(64bit) do-search ist nicht wegzubekommen
    Log-Analyse und Auswertung - 29.11.2013 (9)
  8. Windows 7 64Bit: Fast alle Downloads in Internet Explorer als Virus erkannt, Sicherheitscenter nicht aktivierbar, Win-Defender ohne Zugriff
    Log-Analyse und Auswertung - 19.10.2013 (13)
  9. GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (17)
  10. Virus - Dieses Programm kann die Webseite nicht anzeigen - Win 7 64bit
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (12)
  11. Trojaner Das Programm kann die Webseite nicht anzeigen Windows 7 64bit
    Log-Analyse und Auswertung - 04.10.2012 (10)
  12. gvu trojaner version nicht bekannt windows im abgesicherten modus nur nach auschalten anwählbar (win7 64bit) leider kaum fachwissen
    Log-Analyse und Auswertung - 14.08.2012 (12)
  13. GEMA Virus - Windows 7 - 64bit
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  14. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  15. Noch ein xxx.JPG.scr Virus/Trojaner via Facebook-Chat/ Win7 64bit startet nicht
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (28)
  16. habe wahrscheinlich einen rotkit
    Log-Analyse und Auswertung - 15.06.2011 (10)
  17. rotkit, bluescreen windows vista hängt
    Plagegeister aller Art und deren Bekämpfung - 21.01.2011 (1)

Zum Thema Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen - Hallo, ich habe jetzt schon seit bestimmt einer Woche das Problem, dass mein PC und Laptop befallen sind. Schon Kaspersky, Avira und AVG mit jeweiligem Rescue Disks zur Hilfe genommen, - Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen...
Archiv
Du betrachtest: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.