Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bka-virus otl logfile (https://www.trojaner-board.de/112521-bka-virus-otl-logfile.html)

Madhbrand 28.03.2012 18:45
Bka-virus otl logfile
 
Habe den BKA Virus,sämtliche Reiningungsvesuche sind fehlgeschlagen. Habe mithilfe von OTL die logfiles erstellt.

Madhbrand 28.03.2012 19:01
Sorry habs lieder falsch gepostet^^

Hier das OTL

OTL Logfile:
Code:
OTL logfile created on: 28.03.2012 19:35:06 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,13 Gb Available Physical Memory | 89,44% Memory free
15,95 Gb Paging File | 15,18 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 407,95 Gb Free Space | 82,91% Space Free | Partition Type: NTFS
Drive D: | 439,36 Gb Total Space | 292,87 Gb Free Space | 66,66% Space Free | Partition Type: NTFS
Drive G: | 7,51 Gb Total Space | 7,49 Gb Free Space | 99,72% Space Free | Partition Type: FAT32
 
Computer Name: PC-SEBI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe (UASSOFT.COM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 9E 11 8A 4E EA CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {43CBFBA8-6856-4FC3-A06C-64F9D4D8E7FB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=c0a93b36000000000000bcaec5ae9adf
IE - HKCU\..\SearchScopes\{43CBFBA8-6856-4FC3-A06C-64F9D4D8E7FB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE450
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7D33FED0-3A3B-4FE7-8F97-417DAB3F2D10}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,17131,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sebastian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.10 14:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.26 00:40:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.18 15:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.26 19:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.12 21:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions
[2011.12.12 21:22:28 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.11.19 16:50:36 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\46roig29.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2012.01.05 23:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.05 23:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SkypePM] C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C83D017-8AC1-4CF9-8F52-AB0FE7850C2A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A396B56-296F-4D0F-AF0C-068BDD014E4F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d0af910-0e28-11e1-b9af-bcaec5ae9adf}\Shell - "" = AutoRun
O33 - MountPoints2\{2d0af910-0e28-11e1-b9af-bcaec5ae9adf}\Shell\AutoRun\command - "" = E:\hmh-acrev.exe
O33 - MountPoints2\{493a0626-486d-11e1-b719-0026832e2b56}\Shell - "" = AutoRun
O33 - MountPoints2\{493a0626-486d-11e1-b719-0026832e2b56}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{53bcac4b-5585-11e0-83e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53bcac4b-5585-11e0-83e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 19:15:18 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.27 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.27 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012.03.24 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Syndicate
[2012.03.24 19:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.03.24 17:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Codec
[2012.03.14 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Avira
[2012.03.14 21:26:51 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.14 21:26:51 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.14 21:26:51 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.14 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.14 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.14 17:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.03.12 16:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700780F900003B9A9B4EB2367
[2012.03.11 21:21:14 | 000,000,000 | -HSD | C] -- C:\Users\Sebastian\AppData\Local\ab82230d
[2012.03.04 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Facebook
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 19:26:33 | 001,792,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.28 19:26:33 | 000,767,968 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.28 19:26:33 | 000,711,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.28 19:26:33 | 000,173,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.28 19:26:33 | 000,141,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.28 19:22:27 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.28 19:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 19:22:12 | 2129,203,199 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.28 19:20:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.03.28 19:19:05 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.28 19:19:05 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.28 19:18:36 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 19:18:33 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012.03.28 19:16:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 19:16:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 19:15:06 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.28 19:15:06 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.28 19:15:06 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.28 19:15:06 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.28 19:15:06 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.03.28 15:55:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.28 15:49:48 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.24 19:56:28 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012.03.14 20:44:06 | 000,002,002 | ---- | M] () -- C:\Users\Sebastian\Desktop\Avira DE-Cleaner.lnk
[2012.03.04 20:59:55 | 702,380,442 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.04 19:26:04 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 19:22:27 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.24 19:56:28 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012.03.14 20:44:06 | 000,002,002 | ---- | C] () -- C:\Users\Sebastian\Desktop\Avira DE-Cleaner.lnk
[2012.03.04 22:50:45 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.04 22:50:45 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.04 19:26:04 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.26 18:37:52 | 000,040,274 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.25 14:51:34 | 000,092,596 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.12 00:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 14:49:49 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\{14CD9CF2-85F3-43D3-B977-EDFE24F1A274}
[2011.10.04 20:36:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.08 16:03:48 | 000,001,763 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.08 16:01:14 | 000,000,316 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.14 15:02:34 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.14 15:02:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.06.14 15:02:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.27 08:23:13 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.01 18:18:55 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.01 18:18:55 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.17 12:48:36 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat
[2011.04.17 12:47:48 | 001,769,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.29 13:50:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.23 22:04:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.03.23 22:01:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.23 22:01:48 | 000,027,873 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.23 21:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.23 21:53:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.10.13 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AbiSuite
[2011.08.24 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Azureus
[2011.11.06 03:01:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2011.03.24 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\CheckPoint
[2012.01.26 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite
[2012.02.11 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DarknessIIDemo
[2011.04.15 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo
[2011.11.21 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\gtk-2.0
[2011.10.14 16:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Kalypso Media
[2011.03.26 01:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LolClient
[2012.01.22 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LucasArts
[2011.08.24 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.10.04 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++
[2011.12.14 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PriceGong
[2012.01.13 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ProtectDISC
[2012.01.29 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PunkBuster
[2011.10.11 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Raptr
[2011.11.11 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SplitMediaLabs
[2012.02.10 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\The Creative Assembly
[2011.08.02 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\thriXXX
[2011.03.31 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2011.07.02 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Tropico 3
[2011.12.03 23:01:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Tunngle
[2011.06.24 09:25:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubisoft
[2011.12.14 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\uTorrent
[2012.03.28 19:22:27 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.03.27 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
[2012.03.28 15:55:02 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
[2012.03.28 19:18:33 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012.01.17 21:22:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
[/code]

Und hier noch die OTL Extra

OTL Logfile:
Code:
OTL Extras logfile created on: 28.03.2012 19:35:06 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,13 Gb Available Physical Memory | 89,44% Memory free
15,95 Gb Paging File | 15,18 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 407,95 Gb Free Space | 82,91% Space Free | Partition Type: NTFS
Drive D: | 439,36 Gb Total Space | 292,87 Gb Free Space | 66,66% Space Free | Partition Type: NTFS
Drive G: | 7,51 Gb Total Space | 7,49 Gb Free Space | 99,72% Space Free | Partition Type: FAT32
 
Computer Name: PC-SEBI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{15AD6738-23E8-4AE6-93E9-434E717EECB2}" = System Requirements Lab CYRI (64-bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4053C201-4DE9-0AFA-F58C-401D7DFE249B}" = AMD Drag and Drop Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00
"{7E277F9D-DA06-2F67-B2BF-BAF2F254D0EB}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{876B1B00-AB52-ACC6-BB0B-342897AC7B23}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3E7D4EB-D170-F9A8-B6C5-403CE95AC1B1}" = ccc-utility64
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{023E7812-63E0-F0EB-F226-806679332948}" = CCC Help Spanish
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E87F64-7182-985A-694E-08475EE6F5F1}" = CCC Help English
"{0C1FCF1A-251B-51EC-D674-0BB161BEE8CA}" = CCC Help Thai
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A7A8F56-CDB2-2925-5714-AE602C8C80D0}" = CCC Help Portuguese
"{1E2C7E1C-7FE0-63F6-5D98-26DD6B419569}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2410A9B7-A14A-FCD4-203B-E4266C98A65A}" = CCC Help Polish
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26024EB6-2EE4-DA42-CDE9-50844AE9CFB9}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2D483B8D-7B78-7484-4552-10EFD62D3FD2}" = CCC Help Norwegian
"{2D62D645-8460-6888-9E89-0F93947E0925}" = CCC Help German
"{2EF94C49-4D4F-2137-26C2-4E52E36E54DF}" = Catalyst Control Center InstallProxy
"{30B950DB-5E14-4186-A1D7-B582B5966087}" = Catalyst Control Center Graphics Previews Vista
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D961EFC-64B0-5DE7-E2FD-304EF8695922}" = CCC Help Finnish
"{4ED65F46-B813-CBE5-2B5A-61444D7ADCDD}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{5F15CD04-5682-D6AA-D5E5-F2A6643EF261}" = Catalyst Control Center Graphics Previews Common
"{64C67386-CF44-9E7A-7133-8F9CE8D6C41E}" = ccc-core-static
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C45785-4B36-A86B-7FA8-C1BDE8C00442}" = CCC Help Danish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FD9F64-38ED-4746-AB58-971CE14032E8}" = CCC Help Chinese Standard
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{82BF91C4-229F-4447-EC70-D31705D7D2E7}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B85258-2B47-571C-0D9C-50051A5EE20B}" = CCC Help Turkish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB19FE-9933-192C-ADA4-85211B7B83A5}" = CCC Help Czech
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A15FEDD-8A58-7A22-2CCC-D89A7512D7D0}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EA81723-22AD-686B-D090-8C1C9A9794D0}" = CCC Help Greek
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B213DE3E-F4E9-B9FA-B770-95E1BC8B8D8A}" = CCC Help Chinese Traditional
"{C38901F3-ED24-16C8-E1AC-C03AC05AC99F}" = CCC Help Korean
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D51A7556-FA80-9167-7576-C5B103E2B837}" = CCC Help Italian
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"{E13F254C-A426-634A-DEAA-4926F200292C}" = CCC Help French
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA378B42-D3E2-4749-A7A5-77AAF226F889}_is1" = Batman: Arkham Asylum GotY Edition
"{FBA739C4-DF56-3ADF-79EE-DE39533BBB6A}" = Catalyst Control Center Localization All
"{FBD71CB8-D95B-8DCA-8162-F052F502F382}" = CCC Help Dutch
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.17b Update
"5513-1208-7298-9440" = JDownloader 0.9
"Ad-Aware" = Ad-Aware
"ArtMoney SE_is1" = ArtMoney SE v7.37.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diamond 10.10 2400-5900 And 6800 Win7Vista" = Diamond 10.10 2400-5900 And 6800 Win7Vista
"Die Gilde" = Die Gilde
"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"Die Gilde Update v1.04a" = Die Gilde Update v1.04a
"FarmingSimulator2011_PLATINUMDE_is1" = Landwirtschafts Simulator 2011
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"Notepad++" = Notepad++
"Patrizier II Gold_is1" = Patrizier II Gold
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 204410" = The Darkness II Demo
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Syndicate_is1" = Syndicate
"thriXXX WebLaunch" = thriXXX WebLaunch
"Tunngle beta_is1" = Tunngle beta
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Medal of Honor Deutsch Patch by ChrisXPS" = Medal of Honor Deutsch Patch by ChrisXPS
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 10:52:28 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x111c  Startzeit der fehlerhaften Anwendung: 0x01ccfadc8d4f2424  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: d39d6be6-66d2-11e1-8ff7-0026832e2b56
 
Error - 05.03.2012 12:00:40 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1da4  Startzeit der fehlerhaften Anwendung: 0x01ccfae3c6d74962  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 5aa5d2fa-66dc-11e1-8ff7-0026832e2b56
 
Error - 05.03.2012 15:22:34 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x95c  Startzeit der fehlerhaften Anwendung: 0x01ccfafeb92cdc15  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 8f254aaa-66f8-11e1-8ff7-0026832e2b56
 
Error - 06.03.2012 13:02:25 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 698    Startzeit: 01ccfbbad9375620    Endzeit: 6    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.03.2012 15:22:09 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x390  Startzeit der fehlerhaften Anwendung: 0x01ccfbc4a05e7b46  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: aa87bd9c-67c1-11e1-8685-0026832e2b56
 
Error - 07.03.2012 12:19:15 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01ccfc77fa57b28b  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 47a880d4-6871-11e1-a494-0026832e2b56
 
Error - 07.03.2012 12:43:20 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1bfc    Startzeit: 01ccfc815f711bda    Endzeit: 15    Anwendungspfad:
 D:\Games\lol\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: a3f59b85-6874-11e1-a494-0026832e2b56

 
Error - 07.03.2012 13:05:41 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01ccfc81cd6ff4fa  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: c4604a11-6877-11e1-a494-0026832e2b56
 
Error - 07.03.2012 13:25:21 | Computer Name = PC-Sebi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600,
 Zeitstempel: 0x4ca30e16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000121da  ID des fehlerhaften
 Prozesses: 0x1344  Startzeit der fehlerhaften Anwendung: 0x01ccfc8703f4181c  Pfad der
 fehlerhaften Anwendung: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\lol\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.131\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 83aed840-687a-11e1-a494-0026832e2b56
 
Error - 11.03.2012 11:52:36 | Computer Name = PC-Sebi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1514    Startzeit: 01ccff9396795adb    Endzeit: 5    Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
[ System Events ]
Error - 28.03.2012 13:19:14 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.03.2012 13:22:23 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description =
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.03.2012 13:22:25 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  avipbb  avkmgr  discache  luafv  spldr  Wanarpv6
 
Error - 28.03.2012 13:22:36 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description =
 
Error - 28.03.2012 13:22:39 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description =
 
Error - 28.03.2012 13:22:40 | Computer Name = PC-Sebi | Source = DCOM | ID = 10005
Description =
 
Error - 28.03.2012 13:22:41 | Computer Name = PC-Sebi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---


Schonmal im voraus vielen Dank

markusg 28.03.2012 20:21
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\Sebastian\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Madhbrand 28.03.2012 20:41
Erstmal danke für die schnelle Antwort =) Ich hab nur den letzten satz nicht ganz verstanden. Heißt das ich soll da txt datei die ich nach dem neustart erhalte kopieren und wieder per [code] einfügen? Und heißt starte im normalen modus ich soll danach nochmal mit OTL die logfile erstellen?

Tut mir Leid falls ich ein wenig begriffsstuzig bin, bin aber gerade ein wenig verwirrt^^

Habs jetzt doch verstanden;) werde es morgen aussprobieren und die Daten dann hier reinstellen

Erstmal riesigen Dank für den schnellen Support und das jetzt alles wieder funktioniert =) Die moved files hab ich bereits erfolgreic hochgeladen und ist der text von OTL nach dem Fix.

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\Sebastian\AppData\Local\Skype\SkypePM.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: Public
 
User: Sebastian
->Flash cache emptied: 6258 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sebastian
->Temp folder emptied: 117659976 bytes
->Temporary Internet Files folder emptied: 277375948 bytes
->Java cache emptied: 852668 bytes
->FireFox cache emptied: 75192818 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 156672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 976005626 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102427 bytes
RecycleBin emptied: 84631083 bytes
 
Total Files Cleaned = 1.461,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161651

Files\Folders moved on Reboot...
C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\ZLT04a85.TMP not found!

Registry entries deleted on Reboot...
und nochmal vielen vielen dank

markusg 29.03.2012 17:33
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Madhbrand 29.03.2012 19:12
Hab ich gemacht auch wenn aviria sich anscheinend trotz task manager nicht komplett beenden ließ -,-. Gab aber sons keine Komplikationen.

Combofix Logfile:
Code:
ComboFix 12-03-29.02 - Sebastian 29.03.2012  19:42:04.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.6111 [GMT 2:00]
ausgeführt von:: d:\download\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sebastian\AppData\Roaming\PriceGong
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\1.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\a.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\b.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\c.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\d.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\e.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\f.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\g.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\h.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\i.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\j.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\k.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\l.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\m.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\n.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\o.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\p.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\q.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\r.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\s.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\t.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\u.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\v.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\w.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\wlu.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\x.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\y.txt
c:\users\Sebastian\AppData\Roaming\PriceGong\Data\z.txt
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_sidebar.exe        pid: 2168    D8: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources
-------\Service_WUDFHost.exe      pid: 1176    3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
-------\Service_WUDFHost.exe      pid: 1304    3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
-------\Service_WUDFHost.exe      pid: 4400    3C: c:\windows\System32\de-DE\WUDFHost.exe.mui
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 17:53 . 2012-03-29 17:53        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2012-03-29 17:53 . 2012-03-29 17:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-29 15:54 . 2012-03-20 11:41        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2012-03-28 17:15 . 2012-03-28 17:15        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 19:53 . 2012-03-28 17:16        --------        d-----w-        c:\program files (x86)\GridinSoft Trojan Killer
2012-03-24 15:45 . 2012-03-24 15:45        --------        d-----w-        c:\program files (x86)\Video Codec
2012-03-14 19:32 . 2012-03-14 19:32        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\Avira
2012-03-14 19:26 . 2012-01-31 07:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-03-14 19:26 . 2012-01-31 07:56        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-14 19:26 . 2011-09-16 15:08        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-03-14 19:26 . 2012-03-14 19:26        --------        d-----w-        c:\programdata\Avira
2012-03-14 19:26 . 2012-03-14 19:26        --------        d-----w-        c:\program files (x86)\Avira
2012-03-14 15:25 . 2012-03-29 17:53        --------        d-----w-        c:\users\Sebastian\AppData\Local\LogMeIn Hamachi
2012-03-14 15:25 . 2012-03-14 15:25        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-03-12 14:35 . 2012-03-12 15:02        --------        d-----w-        c:\programdata\B7E858A700780F900003B9A9B4EB2367
2012-03-11 19:21 . 2012-03-11 19:21        --------        d-sh--w-        c:\users\Sebastian\AppData\Local\ab82230d
2012-03-09 13:51 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB7E22B7-C2C6-4C0B-A70F-F0DFD23A28E6}\mpengine.dll
2012-03-04 20:50 . 2012-03-04 20:51        --------        d-----w-        c:\users\Sebastian\AppData\Local\Facebook
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 17:15 . 2011-08-07 13:44        660368        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2011-03-24 17:26        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-19 12:28 . 2011-05-21 18:00        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 21:37 . 2011-06-14 13:02        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-01-29 21:37 . 2011-06-14 13:02        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-01-26 22:31 . 2011-08-11 18:12        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-01-26 15:53 . 2012-01-26 15:53        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-14 04:06 . 2012-02-16 14:14        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-01-05 21:26 . 2012-01-05 21:26        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 14:14        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 14:14        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Facebook Update"="c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-04 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-29 2152152]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-10-14 745832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-29 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17        302592        ----a-w-        c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-03-20 16:02]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000Core.job
- c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-04 20:50]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2372967722-2650738230-3856024893-1000UA.job
- c:\users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-04 20:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 20:27]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 20:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"combofix"="c:\combofix\CF26352.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\46roig29.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-ArtMoney SE_is1 - d:\games\starcraft2\ArtMoney\Uninstall\unins000.exe
AddRemove-BattlEye - d:\games\arma 2\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Die Gilde - c:\windows\unvise32.exe
AddRemove-Die Gilde 2 - Back to the Roots_is1 - d:\games\gilde\unins000.exe
AddRemove-Little Fighter 2 version 2.0a - c:\program files (x86)\LittleFighter2\LF2_v2.0a\Uninstal.exe
AddRemove-Patrizier II Gold_is1 - d:\games\patrizier 2\unins000.exe
AddRemove-Sierra-Dienstprogramme - c:\program files (x86)\Sierra On-Line\sutil32.exe
AddRemove-thriXXX WebLaunch - c:\program files (x86)\thriXXX\WebLaunch\WebLaunchUninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~2\VUZE_R~1\UNINST~1.EXE
AddRemove-{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1 - c:\program files (x86)\Hex-Editor MX\unins000.exe
AddRemove-Medal of Honor Deutsch Patch by ChrisXPS - d:\games\moh\Uninstal.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe        pid: 2168    D8: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe      pid: 1176    3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe      pid: 1304    3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe      pid: 4400    3C: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29  20:07:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-29 18:07
.
Vor Suchlauf: 9 Verzeichnis(se), 439.601.147.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 444.944.166.912 Bytes frei
.
- - End Of File - - 2F20B880D78D14777BE09B38584E4295
--- --- ---

markusg 29.03.2012 20:01
tdss killer nutzen, log posten
http://www.trojaner-board.de/82358-t...entfernen.html

Madhbrand 29.03.2012 20:18
TDSS Killer findet nichts,außerdem hab ich nicht ganz rausgefunden wo ich die logfile herkriege. Könnte mir das bitte einer erläutern =)?

Habs doch gefunden^^
Code:
21:29:17.0599 6176        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:29:19.0612 6176        ============================================================
21:29:19.0612 6176        Current date / time: 2012/03/29 21:29:19.0612
21:29:19.0612 6176        SystemInfo:
21:29:19.0612 6176       
21:29:19.0612 6176        OS Version: 6.1.7601 ServicePack: 1.0
21:29:19.0612 6176        Product type: Workstation
21:29:19.0612 6176        ComputerName: PC-SEBI
21:29:19.0612 6176        UserName: Sebastian
21:29:19.0612 6176        Windows directory: C:\Windows
21:29:19.0612 6176        System windows directory: C:\Windows
21:29:19.0612 6176        Running under WOW64
21:29:19.0612 6176        Processor architecture: Intel x64
21:29:19.0612 6176        Number of processors: 4
21:29:19.0612 6176        Page size: 0x1000
21:29:19.0612 6176        Boot type: Normal boot
21:29:19.0612 6176        ============================================================
21:29:19.0861 6176        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:29:19.0877 6176        \Device\Harddisk0\DR0:
21:29:19.0877 6176        MBR used
21:29:19.0877 6176        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:29:19.0877 6176        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36EB6000
21:29:19.0877 6176        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36EE8800, BlocksNum 0x3D81D800
21:29:19.0924 6176        Initialize success
21:29:19.0924 6176        ============================================================
21:29:21.0328 2036        ============================================================
21:29:21.0328 2036        Scan started
21:29:21.0328 2036        Mode: Manual;
21:29:21.0328 2036        ============================================================
21:29:22.0061 2036        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:29:22.0061 2036        1394ohci - ok
21:29:22.0139 2036        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:29:22.0139 2036        acedrv11 - ok
21:29:22.0186 2036        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:29:22.0201 2036        ACPI - ok
21:29:22.0233 2036        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:29:22.0248 2036        AcpiPmi - ok
21:29:22.0389 2036        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:22.0404 2036        AdobeARMservice - ok
21:29:22.0467 2036        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:22.0467 2036        adp94xx - ok
21:29:22.0529 2036        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:22.0529 2036        adpahci - ok
21:29:22.0591 2036        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:22.0591 2036        adpu320 - ok
21:29:22.0638 2036        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:29:22.0638 2036        AeLookupSvc - ok
21:29:22.0701 2036        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:29:22.0701 2036        AFD - ok
21:29:22.0763 2036        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:29:22.0763 2036        agp440 - ok
21:29:22.0794 2036        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:29:22.0810 2036        ALG - ok
21:29:22.0857 2036        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:29:22.0857 2036        aliide - ok
21:29:22.0935 2036        AMD External Events Utility (3dc106c903c1bd42e2acc3d5deff9367) C:\Windows\system32\atiesrxx.exe
21:29:22.0935 2036        AMD External Events Utility - ok
21:29:22.0997 2036        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:29:22.0997 2036        amdide - ok
21:29:23.0044 2036        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:23.0044 2036        AmdK8 - ok
21:29:23.0215 2036        amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:23.0247 2036        amdkmdag - ok
21:29:23.0278 2036        amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:29:23.0278 2036        amdkmdap - ok
21:29:23.0309 2036        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:23.0309 2036        AmdPPM - ok
21:29:23.0340 2036        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:29:23.0340 2036        amdsata - ok
21:29:23.0356 2036        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:23.0356 2036        amdsbs - ok
21:29:23.0371 2036        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:29:23.0371 2036        amdxata - ok
21:29:23.0449 2036        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:29:23.0449 2036        AntiVirSchedulerService - ok
21:29:23.0465 2036        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:29:23.0481 2036        AntiVirService - ok
21:29:23.0543 2036        AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:29:23.0543 2036        AppHostSvc - ok
21:29:23.0574 2036        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:29:23.0574 2036        AppID - ok
21:29:23.0605 2036        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:29:23.0605 2036        AppIDSvc - ok
21:29:23.0621 2036        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:29:23.0621 2036        Appinfo - ok
21:29:23.0652 2036        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:29:23.0652 2036        arc - ok
21:29:23.0668 2036        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:23.0668 2036        arcsas - ok
21:29:23.0715 2036        asmthub3        (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
21:29:23.0715 2036        asmthub3 - ok
21:29:23.0761 2036        asmtxhci        (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
21:29:23.0761 2036        asmtxhci - ok
21:29:23.0839 2036        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:29:23.0839 2036        aspnet_state - ok
21:29:23.0855 2036        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:23.0855 2036        AsyncMac - ok
21:29:23.0902 2036        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:29:23.0902 2036        atapi - ok
21:29:23.0917 2036        AthBTPort      (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
21:29:23.0917 2036        AthBTPort - ok
21:29:23.0949 2036        ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
21:29:23.0949 2036        ATHDFU - ok
21:29:23.0980 2036        AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:29:23.0980 2036        AtherosSvc - ok
21:29:24.0011 2036        AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
21:29:24.0011 2036        AtiHDAudioService - ok
21:29:24.0042 2036        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
21:29:24.0058 2036        atksgt - ok
21:29:24.0089 2036        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:24.0105 2036        AudioEndpointBuilder - ok
21:29:24.0105 2036        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:24.0120 2036        AudioSrv - ok
21:29:24.0167 2036        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:24.0167 2036        avgntflt - ok
21:29:24.0198 2036        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:24.0198 2036        avipbb - ok
21:29:24.0214 2036        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:29:24.0214 2036        avkmgr - ok
21:29:24.0245 2036        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:29:24.0245 2036        AxInstSV - ok
21:29:24.0276 2036        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:29:24.0276 2036        b06bdrv - ok
21:29:24.0323 2036        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:24.0323 2036        b57nd60a - ok
21:29:24.0432 2036        Bandoo Coordinator (799e48fdf68d388b1b9bcbb6bd062fa2) C:\Program Files (x86)\Bandoo\Bandoo.exe
21:29:24.0448 2036        Bandoo Coordinator - ok
21:29:24.0463 2036        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:29:24.0463 2036        BDESVC - ok
21:29:24.0479 2036        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:29:24.0479 2036        Beep - ok
21:29:24.0510 2036        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:29:24.0510 2036        BFE - ok
21:29:24.0557 2036        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:29:24.0557 2036        BITS - ok
21:29:24.0573 2036        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:24.0573 2036        blbdrive - ok
21:29:24.0619 2036        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:29:24.0619 2036        bowser - ok
21:29:24.0619 2036        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:24.0619 2036        BrFiltLo - ok
21:29:24.0635 2036        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:24.0635 2036        BrFiltUp - ok
21:29:24.0666 2036        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:29:24.0666 2036        BridgeMP - ok
21:29:24.0697 2036        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:29:24.0697 2036        Browser - ok
21:29:24.0713 2036        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:29:24.0713 2036        Brserid - ok
21:29:24.0729 2036        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:24.0729 2036        BrSerWdm - ok
21:29:24.0744 2036        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:24.0744 2036        BrUsbMdm - ok
21:29:24.0760 2036        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:24.0760 2036        BrUsbSer - ok
21:29:24.0791 2036        BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
21:29:24.0791 2036        BTATH_A2DP - ok
21:29:24.0822 2036        BTATH_BUS      (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
21:29:24.0822 2036        BTATH_BUS - ok
21:29:24.0838 2036        BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:29:24.0838 2036        BTATH_HCRP - ok
21:29:24.0853 2036        BTATH_LWFLT    (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:29:24.0853 2036        BTATH_LWFLT - ok
21:29:24.0853 2036        BTATH_RCP      (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:29:24.0869 2036        BTATH_RCP - ok
21:29:24.0885 2036        BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
21:29:24.0885 2036        BtFilter - ok
21:29:24.0916 2036        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:29:24.0916 2036        BthEnum - ok
21:29:24.0931 2036        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:24.0931 2036        BTHMODEM - ok
21:29:24.0947 2036        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:29:24.0947 2036        BthPan - ok
21:29:24.0963 2036        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:29:24.0978 2036        BTHPORT - ok
21:29:25.0009 2036        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:29:25.0009 2036        bthserv - ok
21:29:25.0025 2036        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:29:25.0025 2036        BTHUSB - ok
21:29:25.0150 2036        catchme - ok
21:29:25.0165 2036        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:25.0165 2036        cdfs - ok
21:29:25.0212 2036        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:29:25.0212 2036        cdrom - ok
21:29:25.0228 2036        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:25.0228 2036        CertPropSvc - ok
21:29:25.0259 2036        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:29:25.0259 2036        circlass - ok
21:29:25.0275 2036        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:29:25.0275 2036        CLFS - ok
21:29:25.0337 2036        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:25.0337 2036        clr_optimization_v2.0.50727_32 - ok
21:29:25.0353 2036        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:25.0368 2036        clr_optimization_v2.0.50727_64 - ok
21:29:25.0415 2036        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:25.0431 2036        clr_optimization_v4.0.30319_32 - ok
21:29:25.0446 2036        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:25.0446 2036        clr_optimization_v4.0.30319_64 - ok
21:29:25.0462 2036        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:25.0462 2036        CmBatt - ok
21:29:25.0493 2036        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:29:25.0493 2036        cmdide - ok
21:29:25.0540 2036        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:29:25.0540 2036        CNG - ok
21:29:25.0555 2036        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:25.0555 2036        Compbatt - ok
21:29:25.0587 2036        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:29:25.0587 2036        CompositeBus - ok
21:29:25.0587 2036        COMSysApp - ok
21:29:25.0602 2036        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:25.0602 2036        crcdisk - ok
21:29:25.0633 2036        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:29:25.0633 2036        CryptSvc - ok
21:29:25.0665 2036        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:25.0680 2036        DcomLaunch - ok
21:29:25.0696 2036        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:29:25.0696 2036        defragsvc - ok
21:29:25.0727 2036        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:25.0727 2036        DfsC - ok
21:29:25.0758 2036        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:29:25.0758 2036        Dhcp - ok
21:29:25.0774 2036        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:25.0774 2036        discache - ok
21:29:25.0805 2036        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:29:25.0805 2036        Disk - ok
21:29:25.0821 2036        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:29:25.0836 2036        Dnscache - ok
21:29:25.0852 2036        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:29:25.0867 2036        dot3svc - ok
21:29:25.0883 2036        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:29:25.0883 2036        DPS - ok
21:29:25.0914 2036        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:25.0914 2036        drmkaud - ok
21:29:25.0945 2036        dtsoftbus01    (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:29:25.0945 2036        dtsoftbus01 - ok
21:29:25.0992 2036        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:25.0992 2036        DXGKrnl - ok
21:29:26.0008 2036        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:29:26.0008 2036        EapHost - ok
21:29:26.0070 2036        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:29:26.0086 2036        ebdrv - ok
21:29:26.0117 2036        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:29:26.0117 2036        EFS - ok
21:29:26.0148 2036        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:29:26.0148 2036        ehRecvr - ok
21:29:26.0164 2036        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:29:26.0164 2036        ehSched - ok
21:29:26.0195 2036        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:26.0195 2036        elxstor - ok
21:29:26.0226 2036        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:26.0226 2036        ErrDev - ok
21:29:26.0242 2036        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:29:26.0242 2036        EventSystem - ok
21:29:26.0257 2036        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:26.0257 2036        exfat - ok
21:29:26.0289 2036        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:26.0289 2036        fastfat - ok
21:29:26.0320 2036        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:29:26.0335 2036        Fax - ok
21:29:26.0351 2036        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:29:26.0367 2036        fdc - ok
21:29:26.0367 2036        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:29:26.0382 2036        fdPHost - ok
21:29:26.0382 2036        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:29:26.0382 2036        FDResPub - ok
21:29:26.0398 2036        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:26.0398 2036        FileInfo - ok
21:29:26.0413 2036        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:26.0413 2036        Filetrace - ok
21:29:26.0413 2036        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:26.0413 2036        flpydisk - ok
21:29:26.0429 2036        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:26.0429 2036        FltMgr - ok
21:29:26.0460 2036        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:29:26.0476 2036        FontCache - ok
21:29:26.0523 2036        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:26.0523 2036        FontCache3.0.0.0 - ok
21:29:26.0538 2036        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:26.0538 2036        FsDepends - ok
21:29:26.0554 2036        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:26.0554 2036        Fs_Rec - ok
21:29:26.0585 2036        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:26.0585 2036        fvevol - ok
21:29:26.0601 2036        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:26.0601 2036        gagp30kx - ok
21:29:26.0632 2036        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:29:26.0647 2036        gpsvc - ok
21:29:26.0679 2036        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:26.0679 2036        gupdate - ok
21:29:26.0694 2036        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:26.0694 2036        gupdatem - ok
21:29:26.0710 2036        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:29:26.0710 2036        hamachi - ok
21:29:26.0819 2036        Hamachi2Svc    (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:29:26.0835 2036        Hamachi2Svc - ok
21:29:26.0850 2036        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:26.0850 2036        hcw85cir - ok
21:29:26.0881 2036        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:29:26.0881 2036        HdAudAddService - ok
21:29:26.0913 2036        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:26.0913 2036        HDAudBus - ok
21:29:26.0928 2036        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:26.0928 2036        HidBatt - ok
21:29:26.0928 2036        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:26.0928 2036        HidBth - ok
21:29:26.0959 2036        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:29:26.0959 2036        HidIr - ok
21:29:26.0975 2036        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:29:26.0975 2036        hidserv - ok
21:29:27.0006 2036        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:29:27.0006 2036        HidUsb - ok
21:29:27.0037 2036        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:29:27.0037 2036        hkmsvc - ok
21:29:27.0053 2036        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:29:27.0053 2036        HomeGroupListener - ok
21:29:27.0084 2036        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:29:27.0084 2036        HomeGroupProvider - ok
21:29:27.0115 2036        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:29:27.0115 2036        HpSAMD - ok
21:29:27.0147 2036        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:29:27.0147 2036        HTTP - ok
21:29:27.0178 2036        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:29:27.0178 2036        hwpolicy - ok
21:29:27.0209 2036        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:29:27.0209 2036        i8042prt - ok
21:29:27.0225 2036        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:29:27.0240 2036        iaStor - ok
21:29:27.0271 2036        IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:29:27.0271 2036        IAStorDataMgrSvc - ok
21:29:27.0303 2036        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:29:27.0303 2036        iaStorV - ok
21:29:27.0349 2036        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:27.0365 2036        idsvc - ok
21:29:27.0381 2036        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:27.0381 2036        iirsp - ok
21:29:27.0443 2036        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:29:27.0459 2036        IKEEXT - ok
21:29:27.0537 2036        IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
21:29:27.0552 2036        IntcAzAudAddService - ok
21:29:27.0599 2036        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:29:27.0599 2036        intelide - ok
21:29:27.0615 2036        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:27.0615 2036        intelppm - ok
21:29:27.0630 2036        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:29:27.0646 2036        IPBusEnum - ok
21:29:27.0661 2036        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:27.0661 2036        IpFilterDriver - ok
21:29:27.0739 2036        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:29:27.0739 2036        iphlpsvc - ok
21:29:27.0755 2036        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:27.0755 2036        IPMIDRV - ok
21:29:27.0786 2036        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:29:27.0786 2036        IPNAT - ok
21:29:27.0802 2036        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:27.0802 2036        IRENUM - ok
21:29:27.0833 2036        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:27.0833 2036        isapnp - ok
21:29:27.0864 2036        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:27.0864 2036        iScsiPrt - ok
21:29:27.0942 2036        ISWKL          (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:29:27.0942 2036        ISWKL - ok
21:29:27.0989 2036        IswSvc          (f7b072b70575bf81a1336531de327081) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
21:29:27.0989 2036        IswSvc - ok
21:29:28.0005 2036        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:28.0005 2036        kbdclass - ok
21:29:28.0036 2036        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:28.0036 2036        kbdhid - ok
21:29:28.0067 2036        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:28.0067 2036        KeyIso - ok
21:29:28.0098 2036        KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:29:28.0098 2036        KMWDFILTER - ok
21:29:28.0145 2036        KMWDSERVICE    (0000a08bed0d9dcab5dd619602c19b98) C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
21:29:28.0145 2036        KMWDSERVICE - ok
21:29:28.0161 2036        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:29:28.0161 2036        KSecDD - ok
21:29:28.0176 2036        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:28.0176 2036        KSecPkg - ok
21:29:28.0207 2036        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:28.0207 2036        ksthunk - ok
21:29:28.0239 2036        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:29:28.0239 2036        KtmRm - ok
21:29:28.0270 2036        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:29:28.0270 2036        LanmanServer - ok
21:29:28.0301 2036        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:29:28.0301 2036        LanmanWorkstation - ok
21:29:28.0379 2036        Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
21:29:28.0395 2036        Lavasoft Ad-Aware Service - ok
21:29:28.0441 2036        Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
21:29:28.0441 2036        Lavasoft Kernexplorer - ok
21:29:28.0457 2036        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
21:29:28.0457 2036        Lbd - ok
21:29:28.0488 2036        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:29:28.0488 2036        LGBusEnum - ok
21:29:28.0519 2036        LGSHidFilt      (6eb4aff7873275925a6eb2efeb5be933) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
21:29:28.0519 2036        LGSHidFilt - ok
21:29:28.0535 2036        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:29:28.0535 2036        LGVirHid - ok
21:29:28.0582 2036        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
21:29:28.0582 2036        lirsgt - ok
21:29:28.0613 2036        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:28.0613 2036        lltdio - ok
21:29:28.0660 2036        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:29:28.0660 2036        lltdsvc - ok
21:29:28.0675 2036        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:29:28.0675 2036        lmhosts - ok
21:29:28.0691 2036        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:28.0691 2036        LSI_FC - ok
21:29:28.0707 2036        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:28.0707 2036        LSI_SAS - ok
21:29:28.0722 2036        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:28.0722 2036        LSI_SAS2 - ok
21:29:28.0738 2036        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:28.0753 2036        LSI_SCSI - ok
21:29:28.0753 2036        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:29:28.0753 2036        luafv - ok
21:29:28.0831 2036        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:29:28.0831 2036        McComponentHostService - ok
21:29:28.0863 2036        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:29:28.0863 2036        Mcx2Svc - ok
21:29:28.0878 2036        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:29:28.0878 2036        megasas - ok
21:29:28.0894 2036        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:28.0894 2036        MegaSR - ok
21:29:28.0925 2036        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:29:28.0925 2036        MEIx64 - ok
21:29:28.0941 2036        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:28.0941 2036        MMCSS - ok
21:29:28.0956 2036        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:29:28.0956 2036        Modem - ok
21:29:28.0987 2036        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:29:28.0987 2036        monitor - ok
21:29:29.0034 2036        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:29.0034 2036        mouclass - ok
21:29:29.0050 2036        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:29.0050 2036        mouhid - ok
21:29:29.0081 2036        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:29:29.0081 2036        mountmgr - ok
21:29:29.0112 2036        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:29:29.0112 2036        mpio - ok
21:29:29.0128 2036        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:29:29.0128 2036        mpsdrv - ok
21:29:29.0175 2036        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:29:29.0175 2036        MpsSvc - ok
21:29:29.0206 2036        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:29:29.0206 2036        MRxDAV - ok
21:29:29.0237 2036        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:29.0237 2036        mrxsmb - ok
21:29:29.0268 2036        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:29.0268 2036        mrxsmb10 - ok
21:29:29.0299 2036        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:29.0299 2036        mrxsmb20 - ok
21:29:29.0315 2036        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:29:29.0315 2036        msahci - ok
21:29:29.0346 2036        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:29:29.0346 2036        msdsm - ok
21:29:29.0362 2036        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:29:29.0362 2036        MSDTC - ok
21:29:29.0377 2036        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:29:29.0377 2036        Msfs - ok
21:29:29.0393 2036        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:29.0393 2036        mshidkmdf - ok
21:29:29.0424 2036        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:29:29.0424 2036        msisadrv - ok
21:29:29.0440 2036        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:29:29.0440 2036        MSiSCSI - ok
21:29:29.0440 2036        msiserver - ok
21:29:29.0471 2036        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:29.0471 2036        MSKSSRV - ok
21:29:29.0471 2036        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:29.0471 2036        MSPCLOCK - ok
21:29:29.0471 2036        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:29:29.0487 2036        MSPQM - ok
21:29:29.0518 2036        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:29:29.0518 2036        MsRPC - ok
21:29:29.0533 2036        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:29:29.0533 2036        mssmbios - ok
21:29:29.0549 2036        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:29:29.0549 2036        MSTEE - ok
21:29:29.0565 2036        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:29.0565 2036        MTConfig - ok
21:29:29.0565 2036        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:29:29.0565 2036        Mup - ok
21:29:29.0596 2036        mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:29:29.0596 2036        mv91xx - ok
21:29:29.0627 2036        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:29:29.0627 2036        napagent - ok
21:29:29.0658 2036        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:29.0658 2036        NativeWifiP - ok
21:29:29.0689 2036        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:29:29.0705 2036        NDIS - ok
21:29:29.0721 2036        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:29.0721 2036        NdisCap - ok
21:29:29.0736 2036        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:29.0736 2036        NdisTapi - ok
21:29:29.0783 2036        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:29.0783 2036        Ndisuio - ok
21:29:29.0799 2036        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:29.0814 2036        NdisWan - ok
21:29:29.0830 2036        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:29:29.0830 2036        NDProxy - ok
21:29:29.0845 2036        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:29:29.0845 2036        NetBIOS - ok
21:29:29.0877 2036        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:29:29.0877 2036        NetBT - ok
21:29:29.0908 2036        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:29.0908 2036        Netlogon - ok
21:29:29.0939 2036        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:29:29.0939 2036        Netman - ok
21:29:30.0017 2036        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0017 2036        NetMsmqActivator - ok
21:29:30.0033 2036        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0033 2036        NetPipeActivator - ok
21:29:30.0033 2036        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:29:30.0048 2036        netprofm - ok
21:29:30.0048 2036        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0048 2036        NetTcpActivator - ok
21:29:30.0048 2036        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:30.0064 2036        NetTcpPortSharing - ok
21:29:30.0079 2036        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:30.0079 2036        nfrd960 - ok
21:29:30.0126 2036        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:29:30.0126 2036        NlaSvc - ok
21:29:30.0189 2036        nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
21:29:30.0189 2036        nosGetPlusHelper - ok
21:29:30.0204 2036        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:29:30.0204 2036        Npfs - ok
21:29:30.0220 2036        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:29:30.0220 2036        nsi - ok
21:29:30.0220 2036        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:29:30.0220 2036        nsiproxy - ok
21:29:30.0282 2036        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:29:30.0298 2036        Ntfs - ok
21:29:30.0313 2036        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:29:30.0313 2036        Null - ok
21:29:30.0329 2036        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:29:30.0329 2036        nusb3hub - ok
21:29:30.0345 2036        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:29:30.0345 2036        nusb3xhc - ok
21:29:30.0391 2036        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:29:30.0391 2036        nvraid - ok
21:29:30.0407 2036        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:29:30.0407 2036        nvstor - ok
21:29:30.0438 2036        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:29:30.0438 2036        nv_agp - ok
21:29:30.0469 2036        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:29:30.0469 2036        ohci1394 - ok
21:29:30.0501 2036        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:30.0501 2036        p2pimsvc - ok
21:29:30.0516 2036        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:29:30.0516 2036        p2psvc - ok
21:29:30.0532 2036        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:29:30.0532 2036        Parport - ok
21:29:30.0563 2036        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:29:30.0563 2036        partmgr - ok
21:29:30.0579 2036        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:29:30.0579 2036        PcaSvc - ok
21:29:30.0594 2036        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:29:30.0594 2036        pci - ok
21:29:30.0610 2036        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:29:30.0625 2036        pciide - ok
21:29:30.0625 2036        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:30.0625 2036        pcmcia - ok
21:29:30.0641 2036        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:29:30.0641 2036        pcw - ok
21:29:30.0672 2036        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:29:30.0672 2036        PEAUTH - ok
21:29:30.0719 2036        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:29:30.0719 2036        PerfHost - ok
21:29:30.0766 2036        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:29:30.0781 2036        pla - ok
21:29:30.0813 2036        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:29:30.0828 2036        PlugPlay - ok
21:29:30.0844 2036        PnkBstrA - ok
21:29:30.0875 2036        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:29:30.0875 2036        PNRPAutoReg - ok
21:29:30.0875 2036        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:30.0891 2036        PNRPsvc - ok
21:29:30.0906 2036        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:29:30.0906 2036        PolicyAgent - ok
21:29:30.0937 2036        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:29:30.0953 2036        Power - ok
21:29:30.0969 2036        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:30.0969 2036        PptpMiniport - ok
21:29:30.0984 2036        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:29:30.0984 2036        Processor - ok
21:29:31.0015 2036        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:29:31.0015 2036        ProfSvc - ok
21:29:31.0031 2036        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:31.0031 2036        ProtectedStorage - ok
21:29:31.0062 2036        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:29:31.0062 2036        Psched - ok
21:29:31.0109 2036        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:31.0125 2036        ql2300 - ok
21:29:31.0140 2036        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:31.0140 2036        ql40xx - ok
21:29:31.0171 2036        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:29:31.0171 2036        QWAVE - ok
21:29:31.0187 2036        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:29:31.0187 2036        QWAVEdrv - ok
21:29:31.0203 2036        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:31.0203 2036        RasAcd - ok
21:29:31.0218 2036        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:31.0218 2036        RasAgileVpn - ok
21:29:31.0249 2036        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:29:31.0249 2036        RasAuto - ok
21:29:31.0265 2036        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:31.0265 2036        Rasl2tp - ok
21:29:31.0281 2036        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:29:31.0296 2036        RasMan - ok
21:29:31.0296 2036        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:31.0296 2036        RasPppoe - ok
21:29:31.0312 2036        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:31.0312 2036        RasSstp - ok
21:29:31.0343 2036        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:31.0343 2036        rdbss - ok
21:29:31.0359 2036        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:31.0359 2036        rdpbus - ok
21:29:31.0374 2036        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:31.0374 2036        RDPCDD - ok
21:29:31.0390 2036        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:29:31.0390 2036        RDPENCDD - ok
21:29:31.0405 2036        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:29:31.0405 2036        RDPREFMP - ok
21:29:31.0437 2036        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:29:31.0437 2036        RDPWD - ok
21:29:31.0468 2036        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:29:31.0468 2036        rdyboost - ok
21:29:31.0499 2036        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:29:31.0499 2036        RemoteAccess - ok
21:29:31.0515 2036        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:29:31.0515 2036        RemoteRegistry - ok
21:29:31.0546 2036        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:31.0546 2036        RFCOMM - ok
21:29:31.0561 2036        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:29:31.0561 2036        RpcEptMapper - ok
21:29:31.0577 2036        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:29:31.0577 2036        RpcLocator - ok
21:29:31.0624 2036        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:31.0624 2036        RpcSs - ok
21:29:31.0639 2036        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:31.0639 2036        rspndr - ok
21:29:31.0671 2036        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:31.0671 2036        RTL8167 - ok
21:29:31.0686 2036        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:31.0686 2036        SamSs - ok
21:29:31.0702 2036        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:29:31.0717 2036        sbp2port - ok
21:29:31.0717 2036        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:29:31.0733 2036        SCardSvr - ok
21:29:31.0749 2036        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:31.0749 2036        scfilter - ok
21:29:31.0795 2036        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:29:31.0811 2036        Schedule - ok
21:29:31.0827 2036        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:31.0827 2036        SCPolicySvc - ok
21:29:31.0842 2036        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:29:31.0842 2036        SDRSVC - ok
21:29:31.0873 2036        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:29:31.0873 2036        secdrv - ok
21:29:31.0889 2036        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:29:31.0889 2036        seclogon - ok
21:29:31.0905 2036        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:29:31.0905 2036        SENS - ok
21:29:31.0920 2036        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:29:31.0920 2036        SensrSvc - ok
21:29:31.0936 2036        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:29:31.0936 2036        Serenum - ok
21:29:31.0951 2036        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:29:31.0951 2036        Serial - ok
21:29:31.0983 2036        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:31.0983 2036        sermouse - ok
21:29:32.0014 2036        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:29:32.0014 2036        SessionEnv - ok
21:29:32.0045 2036        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:29:32.0045 2036        sffdisk - ok
21:29:32.0045 2036        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:32.0045 2036        sffp_mmc - ok
21:29:32.0061 2036        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:29:32.0061 2036        sffp_sd - ok
21:29:32.0076 2036        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:32.0076 2036        sfloppy - ok
21:29:32.0107 2036        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:29:32.0107 2036        SharedAccess - ok
21:29:32.0139 2036        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:29:32.0154 2036        ShellHWDetection - ok
21:29:32.0170 2036        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:32.0170 2036        SiSRaid2 - ok
21:29:32.0185 2036        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:32.0185 2036        SiSRaid4 - ok
21:29:32.0201 2036        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:29:32.0201 2036        Smb - ok
21:29:32.0232 2036        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:29:32.0232 2036        SNMPTRAP - ok
21:29:32.0248 2036        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:29:32.0248 2036        spldr - ok
21:29:32.0263 2036        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:29:32.0263 2036        Spooler - ok
21:29:32.0357 2036        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:29:32.0373 2036        sppsvc - ok
21:29:32.0388 2036        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:29:32.0388 2036        sppuinotify - ok
21:29:32.0419 2036        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:29:32.0419 2036        srv - ok
21:29:32.0435 2036        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:29:32.0435 2036        srv2 - ok
21:29:32.0451 2036        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:32.0451 2036        srvnet - ok
21:29:32.0466 2036        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:29:32.0466 2036        SSDPSRV - ok
21:29:32.0482 2036        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:29:32.0482 2036        SstpSvc - ok
21:29:32.0529 2036        Steam Client Service - ok
21:29:32.0544 2036        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:32.0544 2036        stexstor - ok
21:29:32.0575 2036        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:29:32.0591 2036        stisvc - ok
21:29:32.0607 2036        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:29:32.0607 2036        swenum - ok
21:29:32.0622 2036        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:29:32.0622 2036        swprv - ok
21:29:32.0669 2036        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:29:32.0669 2036        SysMain - ok
21:29:32.0700 2036        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:29:32.0700 2036        TabletInputService - ok
21:29:32.0747 2036        tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
21:29:32.0747 2036        tap0901t - ok
21:29:32.0778 2036        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:29:32.0778 2036        TapiSrv - ok
21:29:32.0794 2036        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:29:32.0809 2036        TBS - ok
21:29:32.0856 2036        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:29:32.0872 2036        Tcpip - ok
21:29:32.0919 2036        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:32.0919 2036        TCPIP6 - ok
21:29:32.0950 2036        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:29:32.0950 2036        tcpipreg - ok
21:29:32.0965 2036        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:29:32.0965 2036        TDPIPE - ok
21:29:32.0981 2036        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:29:32.0981 2036        TDTCP - ok
21:29:32.0997 2036        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:29:33.0012 2036        tdx - ok
21:29:33.0028 2036        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:29:33.0028 2036        TermDD - ok
21:29:33.0043 2036        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:29:33.0059 2036        TermService - ok
21:29:33.0075 2036        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:29:33.0075 2036        Themes - ok
21:29:33.0090 2036        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:33.0090 2036        THREADORDER - ok
21:29:33.0106 2036        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:29:33.0106 2036        TrkWks - ok
21:29:33.0137 2036        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:29:33.0137 2036        TrustedInstaller - ok
21:29:33.0168 2036        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:33.0168 2036        tssecsrv - ok
21:29:33.0184 2036        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:29:33.0184 2036        TsUsbFlt - ok
21:29:33.0231 2036        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:33.0231 2036        tunnel - ok
21:29:33.0309 2036        TunngleService  (de4fa36e187db4242df8fff2e2a86631) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
21:29:33.0324 2036        TunngleService - ok
21:29:33.0324 2036        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:33.0340 2036        uagp35 - ok
21:29:33.0371 2036        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:29:33.0371 2036        udfs - ok
21:29:33.0387 2036        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:29:33.0387 2036        UI0Detect - ok
21:29:33.0402 2036        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:29:33.0402 2036        uliagpkx - ok
21:29:33.0433 2036        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:29:33.0433 2036        umbus - ok
21:29:33.0449 2036        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:29:33.0449 2036        UmPass - ok
21:29:33.0465 2036        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:29:33.0480 2036        upnphost - ok
21:29:33.0511 2036        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:33.0511 2036        usbccgp - ok
21:29:33.0527 2036        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:29:33.0527 2036        usbcir - ok
21:29:33.0558 2036        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:33.0558 2036        usbehci - ok
21:29:33.0574 2036        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:33.0574 2036        usbhub - ok
21:29:33.0605 2036        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:29:33.0605 2036        usbohci - ok
21:29:33.0605 2036        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:33.0605 2036        usbprint - ok
21:29:33.0621 2036        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:33.0621 2036        USBSTOR - ok
21:29:33.0636 2036        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:29:33.0636 2036        usbuhci - ok
21:29:33.0652 2036        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:29:33.0652 2036        UxSms - ok
21:29:33.0683 2036        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:33.0683 2036        VaultSvc - ok
21:29:33.0683 2036        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:29:33.0699 2036        vdrvroot - ok
21:29:33.0730 2036        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:29:33.0730 2036        vds - ok
21:29:33.0745 2036        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:33.0745 2036        vga - ok
21:29:33.0745 2036        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:29:33.0745 2036        VgaSave - ok
21:29:33.0777 2036        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:29:33.0777 2036        vhdmp - ok
21:29:33.0792 2036        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:29:33.0792 2036        viaide - ok
21:29:33.0808 2036        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:29:33.0808 2036        volmgr - ok
21:29:33.0839 2036        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:29:33.0855 2036        volmgrx - ok
21:29:33.0870 2036        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:29:33.0870 2036        volsnap - ok
21:29:33.0917 2036        Vsdatant        (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
21:29:33.0917 2036        Vsdatant - ok
21:29:33.0964 2036        vsmon - ok
21:29:33.0979 2036        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:33.0979 2036        vsmraid - ok
21:29:34.0026 2036        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:29:34.0042 2036        VSS - ok
21:29:34.0073 2036        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:29:34.0073 2036        vwifibus - ok
21:29:34.0073 2036        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:29:34.0089 2036        W32Time - ok
21:29:34.0135 2036        W3SVC          (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:34.0151 2036        W3SVC - ok
21:29:34.0151 2036        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:34.0167 2036        WacomPen - ok
21:29:34.0182 2036        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:34.0182 2036        WANARP - ok
21:29:34.0182 2036        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:34.0182 2036        Wanarpv6 - ok
21:29:34.0198 2036        WAS            (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:34.0213 2036        WAS - ok
21:29:34.0260 2036        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:29:34.0276 2036        wbengine - ok
21:29:34.0291 2036        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:29:34.0291 2036        WbioSrvc - ok
21:29:34.0338 2036        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:29:34.0338 2036        wcncsvc - ok
21:29:34.0338 2036        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:29:34.0354 2036        WcsPlugInService - ok
21:29:34.0354 2036        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:29:34.0354 2036        Wd - ok
21:29:34.0385 2036        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:29:34.0385 2036        Wdf01000 - ok
21:29:34.0401 2036        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:34.0401 2036        WdiServiceHost - ok
21:29:34.0416 2036        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:34.0416 2036        WdiSystemHost - ok
21:29:34.0447 2036        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:29:34.0447 2036        WebClient - ok
21:29:34.0463 2036        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:29:34.0463 2036        Wecsvc - ok
21:29:34.0494 2036        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:29:34.0494 2036        wercplsupport - ok
21:29:34.0525 2036        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:29:34.0525 2036        WerSvc - ok
21:29:34.0541 2036        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:34.0541 2036        WfpLwf - ok
21:29:34.0557 2036        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:29:34.0557 2036        WIMMount - ok
21:29:34.0588 2036        WinDefend - ok
21:29:34.0603 2036        WinHttpAutoProxySvc - ok
21:29:34.0650 2036        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:29:34.0650 2036        Winmgmt - ok
21:29:34.0713 2036        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:29:34.0728 2036        WinRM - ok
21:29:34.0775 2036        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:29:34.0775 2036        Wlansvc - ok
21:29:34.0884 2036        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:34.0900 2036        wlidsvc - ok
21:29:34.0931 2036        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:29:34.0931 2036        WmiAcpi - ok
21:29:34.0947 2036        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:34.0947 2036        wmiApSrv - ok
21:29:34.0947 2036        WMPNetworkSvc - ok
21:29:34.0962 2036        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:29:34.0962 2036        WPCSvc - ok
21:29:34.0978 2036        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:29:34.0978 2036        WPDBusEnum - ok
21:29:34.0993 2036        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:34.0993 2036        ws2ifsl - ok
21:29:35.0009 2036        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:29:35.0009 2036        wscsvc - ok
21:29:35.0025 2036        WSearch - ok
21:29:35.0071 2036        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:29:35.0087 2036        wuauserv - ok
21:29:35.0103 2036        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:35.0103 2036        WudfPf - ok
21:29:35.0118 2036        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:35.0118 2036        WUDFRd - ok
21:29:35.0134 2036        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:29:35.0134 2036        wudfsvc - ok
21:29:35.0149 2036        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:29:35.0149 2036        WwanSvc - ok
21:29:35.0212 2036        xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
21:29:35.0212 2036        xusb21 - ok
21:29:35.0259 2036        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:35.0305 2036        \Device\Harddisk0\DR0 - ok
21:29:35.0305 2036        Boot (0x1200)  (cf0f9e95c291bfe3db32c743889fd440) \Device\Harddisk0\DR0\Partition0
21:29:35.0305 2036        \Device\Harddisk0\DR0\Partition0 - ok
21:29:35.0321 2036        Boot (0x1200)  (9f788c3f6aa99293229e4ff2addf2b77) \Device\Harddisk0\DR0\Partition1
21:29:35.0321 2036        \Device\Harddisk0\DR0\Partition1 - ok
21:29:35.0337 2036        Boot (0x1200)  (a899ccaabb6537ad95a1c911400617f2) \Device\Harddisk0\DR0\Partition2
21:29:35.0337 2036        \Device\Harddisk0\DR0\Partition2 - ok
21:29:35.0337 2036        ============================================================
21:29:35.0337 2036        Scan finished
21:29:35.0337 2036        ============================================================
21:29:35.0337 1244        Detected object count: 0
21:29:35.0337 1244        Actual detected object count: 0
21:29:37.0833 6720        Deinitialize success

markusg 30.03.2012 10:32
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Madhbrand 30.03.2012 17:58
bitteschön =)

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sebastian :: PC-SEBI [Administrator]

30.03.2012 18:23:33
mbam-log-2012-03-30 (18-23-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397421
Laufzeit: 33 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 30.03.2012 19:48
lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Madhbrand 30.03.2012 22:11
erledigt :)

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        23.06.2011        4,53MB        9.20.00.0                                                              notwenig
Ad-Aware        Lavasoft        24.03.2011                                                                                                                                                              notwendig       
Ad-Aware        Lavasoft Limited        28.03.2012        34,6MB        9.0.7                                                                                                          notwendig
Adobe Download Manager        NOS Microsystems Ltd.        23.03.2011                1.6.2.100                                              notwendig
Adobe Flash Player 10 ActiveX 64-bit        Adobe Systems Incorporated        23.03.2011        6,00MB        10.3.162.28                        notwendig
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        18.02.2012        6,00MB        11.1.102.62                        notwendig
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        17.11.2011        6,00MB        11.1.102.55                        notwendig
Adobe Reader X (10.1.2) - Deutsch        Adobe Systems Incorporated        12.01.2012        168,2MB        10.1.2                                  notwendig
ArtMoney SE v7.37.1        System SoftLab        25.06.2011                7.37                                                                        unnötig
Asmedia ASM104x USB 3.0 Host Controller Driver        Asmedia Technology        25.01.2012        2,23MB        1.10.0.0              unbekannt
Avira Free Antivirus        Avira        13.03.2012        109,3MB        12.0.0.898                                                                                                  notwendig
BattlEye Uninstall                16.09.2011                                                                                                                                      unbekannt
BlueJ        BlueJ Team        22.11.2011        9,24MB        3.0.6                                                                                                            notwendig
Bluetooth Win7 Suite (64)        Atheros Communications        22.03.2011        59,1MB        7.2.0.40                                                  notwendig
Call of Duty: Modern Warfare 3 - Multiplayer        Infinity Ward - Sledgehammer Games        16.02.2012                          unnötig
Call of Juarez - Bound in Blood        Ubisoft        29.05.2011        2.892MB        1.00.0000                                                                                unnötig
CCleaner        Piriform        29.03.2012                3.17                                                                                                                                notwendig
DAEMON Tools Lite        DT Soft Ltd        25.01.2012                4.45.2.0287                                                                              hilfreich aber nicht notwendig
Diamond 10.10 2400-5900 And 6800 Win7Vista        Diamond Multimedia        10.05.2011                3.0.795.0            notwendig
Die Gilde                19.09.2011                                                                                                                                                        notwendig
Die Gilde 2 - Back to the Roots Patch v1.2        Gilde2.de        19.08.2011                                                                                                  unnötig               
Die Gilde Gold-Edition        JoWooD Productions Software AG        09.08.2011                2.06                                        notwendig
Die Gilde Update v1.04a                19.09.2011                                                                                                                                      notwendig               
DriverBoost        DriverBoost        18.01.2012        7,67MB        7                                                                                                    unnötig
Empire: Total War        The Creative Assembly        09.02.2012                                                                                                                    unnötig               
Facebook Video Calling 1.2.0.159        Skype Limited        20.03.2012        4,76MB        1.2.159                                                    unbekannt
GameShadow        Ihr Firmenname        21.10.2011        17,1MB        2.01.0000                                                                                    unbekannt
GIMP 2.6.8                20.11.2011                                                                                                                                                        unnötig               
Hex-Editor MX        NEXT-Soft        09.08.2011                6.0                                                                                                                  unnötig
Hitman Blood Money        Eidos        21.10.2011                1.00.0000                                                                                    unnötig
Intel(R) Control Center        Intel Corporation        28.03.2012                1.2.1.1007                                                                notwendig
Intel(R) Management Engine Components        Intel Corporation        28.03.2012                7.0.0.1144                          notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        28.03.2012                10.0.0.1046                                          notwendig
Java(TM) 6 Update 26 (64-bit)        Oracle        06.08.2011        91,6MB        6.0.260                                                                                      notwendig
Java(TM) 6 Update 30        Oracle        04.01.2012        95,2MB        6.0.300                                                                                      notwendig
Java(TM) 7 Update 3 (64-bit)        Oracle        27.03.2012        93,7MB        7.0.30                                                                                        notwendig
Java(TM) SE Development Kit 7 Update 1 (64-bit)        Oracle        22.11.2011        140,9MB        1.7.0.10                                                  notwendig
JDownloader 0.9        AppWork GmbH        13.09.2011                0.9                                                                                              notwendig
Keyboard Driver        Driver Builder        26.12.2011        3,43MB        5.1                                                                                              notwendig
Landwirtschafts Simulator 2011        GIANTS Software        08.12.2011        768MB        1.0                                                            sehr unnötig!!!
League of Legends        Riot Games        15.08.2011                1.02.0000                                                                                  notwendig
LEGO Star Wars III The Clone Wars        LucasArts        21.01.2012                1.0                                                                            unnötig
Little Fighter 2 version 2.0a                29.09.2011                                                                                                                                    unnötig               
Logitech Gaming Software 8.00        Logitech Inc.        10.08.2011        28,8MB        8.00.127                                                notwendig                                             
LogMeIn Hamachi        LogMeIn, Inc.        13.03.2012                2.1.0.166                                                                                  notwendig
Magicka        Arrowhead Game Studios AB        24.01.2012                                                                                                                                    notwendig               
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        29.03.2012        17,4MB        1.60.1.1000      notwendig
marvell 91xx driver        Marvell        25.01.2012                1.0.0.1051                                                                                                  unbekannt
McAfee Security Scan Plus        McAfee, Inc.        01.12.2011        8,30MB        2.0.181.2                                                                  unnötig?!
Microsoft .NET Framework 1.1                16.04.2011                                                                                                                    notwendig                                                                                                                                                                                                                                  notwendig               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        06.10.2011        38,8MB        4.0.30319            notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        06.10.2011        2,94MB        4.0.30319    notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation        07.10.2011        52,0MB        4.0.30319                                                        notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        07.10.2011        10,7MB        4.0.30319                    notwendig
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        24.08.2011        31,3MB        3.5.88.0                        unnötig
Microsoft Games for Windows Marketplace        Microsoft Corporation        26.08.2011        6,04MB        3.5.50.0                                          unnötig
Microsoft Office 2000 Premium        Microsoft Corporation        26.05.2011        252MB        9.00.2816                                                        notwendig
Microsoft Silverlight        Microsoft Corporation        15.02.2012        60,4MB        4.1.10111.0                                                                                        notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        27.11.2011        2,38MB        8.0.59193                                                  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        23.03.2011        0,77MB        9.0.30729              notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        25.08.2011        0,77MB        9.0.30729.6161  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        06.04.2011        5,77MB        9.0.21022                              notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        31.03.2011        0,23MB        9.0.30729                              notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        23.03.2011        0,23MB        9.0.30729            notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.03.2011        0,58MB        9.0.30729.4148  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        25.08.2011        0,59MB        9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        23.12.2011        15,0MB        10.0.40219    notwendig
Microsoft WSE 3.0 Runtime        Microsoft Corp.        13.09.2011        0,92MB        3.0.5305.0                                                                                              notwendig
Microsoft Xbox 360 Accessories 1.2        Microsoft        24.07.2011        7,82MB        1.20.146.0                                                                                              notwendig
Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        26.01.2012        7,55MB        3.1.10527.0                                      notwendig
Mozilla Firefox 8.0 (x86 de)        Mozilla        17.11.2011        34,9MB        8.0                                                                                                                              notwendig
Mozilla Thunderbird (3.1.20)        Mozilla        25.03.2012                3.1.20 (de)                                                                                                                notwendig
Notepad++                17.09.2011                5.9.3                                                                                                                                            unnötig
NVIDIA PhysX        NVIDIA Corporation        30.09.2011        78,9MB        9.10.0513                                                                                                                notwendig
Oblivion        Bethesda Softworks        03.10.2011                1.00.0000                                                                                                                                  unnötig
Paint.NET v3.5.10        dotPDN LLC        14.01.2012        10,7MB        3.60.0                                                                                                                        unnötig
Patch v4.1        RUNEFORGE Games Studios        20.08.2011        66,2MB                                                                                                                          notwendig
Patch v4.17b Update        RUNEFORGE Games Studios        21.08.2011        48,5MB                                                                                                      notwendig       
Patrizier II Gold                03.12.2011                                                                                                                                                                                        unnötig               
ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        17.09.2011                11.0.0.14                                                                                unbekannt
PunkBuster Services        Even Balance, Inc.        28.01.2012                0.991                                                                                                        unnötig
Realtek Ethernet Controller Driver        Realtek        22.03.2011                7.31.1025.2010                                                                                      notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        19.01.2012                6.0.1.6235                                                            notwendig
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        22.03.2011        1,03MB        2.0.4.0                                notwendig
Sierra-Dienstprogramme                07.08.2011                                                                                                                                                                      unnötig               
Skype™ 4.0        Skype Technologies S.A.        14.04.2011        29,8MB        4.0.206                                                                                                      notwendig
StarCraft II        Blizzard Entertainment        21.02.2012                1.4.3.21029                                                                                            notwendig
Steam        Valve Corporation        05.04.2011        35,5MB        1.0.0.0                                                                                                                                            notwendig
Syndicate                23.03.2012                                                                                                                                                                                                      unnötig               
System Requirements Lab CYRI (64-bit)        Husdawg, LLC        16.12.2011        0,61MB        4.5.1.0                                                                                    unbekannt                                                                                 
TeamSpeak 3 Client        TeamSpeak Systems GmbH        21.06.2011                                                                                                                                                  unnötig               
The Darkness II Demo        Digital Extremes        27.01.2012                                                                                                                                                  unnötig               
The Elder Scrolls V: Skyrim        Bethesda Game Studios        22.12.2011                                                                                                                                notwendig               
thriXXX WebLaunch        thriXXX        01.08.2011                1.0                                                                                                                                                unbekannt
Tunngle beta        Tunngle.net GmbH        11.11.2011                                                                                                                                                                    notwendig               
Ubisoft Game Launcher        UBISOFT        28.01.2012                1.0.0.0                                                                                                                      notwendig
UnderCoverXP 1.23        Wicked & Wild Inc.        14.01.2012        2,12MB                                                                                                                                            unnötig                                                                                                                                  notwendig
uTorrentBar_DE Toolbar        uTorrentBar_DE        11.12.2011                                                                                                                                                  unnötig               
Vuze Remote Toolbar        Vuze Remote        23.08.2011                6.3.3.3                                                                                                      unnötig
Windows Live ID Sign-in Assistant        Microsoft Corporation        28.11.2011        10,0MB        6.500.3165.0                                                      unbekannt
WinRAR 4.00 (64-Bit)        win.rar GmbH        10.05.2011                4.00.0                                                                                                      notwendig
ZoneAlarm        Check Point, Inc        25.11.2011                9.2.105.000                                                                                                              notwendig
ZoneAlarm Toolbar        Check Point Software Technologies        25.11.2011                                                                                                                                notwendig

markusg 31.03.2012 16:21
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ArtMoney
BattlEye
Call of Duty:
Call of Juarez
Die Gilde : alle unnötigen
DriverBoost
Empire:
Facebook
GIMP
Hex
Hitman
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren

deinstaliere:
Landwirtschafts
LEGO
Little Fighter
McAfee
Notepad
Oblivion
Paint
Patrizier
PunkBuster
Sierra
Syndicate
TeamSpeak
The Darkness
UnderCoverXP
uTorrentBar_DE
Vuze
Windows Live
ZoneAlarm : beide
diese firewall leistet nichts, was die windows eigene nicht kann, also überflüssig.
öffne ccleaner analysieren bereinigen neustart
testen wie der pc läuft

Madhbrand 31.03.2012 19:19
Hab alles deinstalliert und neu konfiguriert wie beschrieben, Pc läuft einwandfrei (sogar einen tick schneller). Schonmal großen Dank dafür!! Ich wollte noch Fragen welchen Browser ihr am meisten empfehlt kann mich nicht recht zwischen explorer,Firefox und Chrome entscheiden ^^

Hab doch ein kleines Problem bemerkt, meine Internetverbindung bricht alle 10-15 für ein paar sekunden zusammen bevor es sich automatisch wieder neu verbindet. Woran kann das liegen?

Nach einiger Zeit googlen hab ich rausgefunden das dieses problem angeblich mit der Deinstallation von ZoneAlarm(scheiß Programm!!!) zusammenhängt, hab aber keine ahnung was ich machen soll um dies zu beheben. Soll ich nochmal mit otl logfiles erstellen?

Ps: Hab ZoneAlarm neuinstalliert was fürs erste das Problem behoben hat.

markusg 01.04.2012 17:54
hmm, evtl. alle erstellten regeln löschen und die deinstalation mit rewo versuchen:
http://www.hijackthis-forum.de/tipps...installer.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19