Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Seth. avazutracking.net

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.03.2013, 18:26   #1
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hallo allerseits,

seit längerem öffnet sich beim surfen im Internet, mit Firefox 19.0, aus dem nichts heraus, die Seite Seth. avazutracking.net ohne Inhalt, oder ich werde an irgendwelche Gaming Portale weitergeleitet.
Vorallem geschieht dies, wenn ich auf "mangafox.me" bin.
Ich habe mir schon mehrere threads zu diesem thema durchgelesen und muss gleich sagen, dass ich eine totale Anfängerin bin und von logfiles etc. nicht viel Ahnung habe.
Ich benutze Windows 7 Home Premium.

Danke im vorraus für die Hilfe.

Alt 03.03.2013, 19:52   #2
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.03.2013, 14:46   #3
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hier der OTL.txt OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.03.2013 13:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,60 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 78,71% Memory free
15,21 Gb Paging File | 13,03 Gb Available in Paging File | 85,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 379,44 Gb Free Space | 89,95% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,85 Gb Free Space | 92,59% Space Free | Partition Type: NTFS
 
Computer Name: ALICE-PC | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 07:06:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
PRC - [2013.02.28 17:09:54 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.27 14:38:04 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013.02.27 13:39:51 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013.02.12 16:58:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:57:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.12.04 15:36:48 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 13:03:32 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.01.29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.01.19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.28 17:09:52 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.27 14:38:03 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.05.11 13:03:31 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.11.09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.11.09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011.08.10 06:59:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.08.09 22:46:16 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.28 17:09:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 14:38:05 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 16:58:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:57:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.01.28 13:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.11.09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.11.09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.11.09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.11.09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.11.09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.11.09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.05.11 13:18:25 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.05.11 13:18:17 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.05.11 13:15:30 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.05.11 13:15:30 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.09 23:33:32 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.08.09 22:08:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.10 10:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 20:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.11.28 21:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.28 11:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.09.30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.09.21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010.09.03 06:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.25 03:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.igoogle.com/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117449&tt=4912_5&babsrc=SP_ss&mntrId=8c075b3b000000000000e006e6120852
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE506
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™"
FF - prefs.js..browser.search.order.1: "GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.11 08:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.02.07 22:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.28 17:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\0k9jrar1.default\extensions\firejump@firejump.net [2013.02.07 22:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\0k9jrar1.default\extensions\extension@preispilot.com [2013.02.07 22:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.28 17:09:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.17 19:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Extensions
[2013.02.24 15:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions
[2013.02.24 15:12:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.07 22:21:47 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions\addon@freecorder.com
[2013.02.07 22:21:47 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions\extension@preispilot.com
[2013.02.07 22:21:47 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions\firejump@firejump.net
[2012.12.12 19:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\0k9jrar1.default\extensions\extension@preispilot.com\chrome
[2012.12.13 21:49:52 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\0k9jrar1.default\extensions\extension@preispilot.com.xpi
[2012.12.08 20:41:53 | 000,006,520 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\0k9jrar1.default\searchplugins\mngr.xml
[2012.10.17 19:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.28 17:09:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.08 14:59:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.08 20:41:53 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.02.08 14:59:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.08 14:59:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.08 14:59:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.08 14:59:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.08 14:59:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.claro-search.com/?affID=117449&tt=4912_5&babsrc=HP_ss&mntrId=8c075b3b000000000000e006e6120852
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Freecorder = C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm\7.0.0.7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20121017095400.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121018192727.dll (McAfee, Inc.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (freecorder.com)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B09B6E4A-3F4D-4978-A654-C9D66DD9C668}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6077BBD-4505-41B7-8BA5-8CCED08CFC03}: DhcpNameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.03 20:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.03.03 07:06:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2013.02.18 09:22:48 | 000,000,000 | ---D | C] -- C:\Users\Alice\dwhelper
[2013.02.18 09:02:17 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Local\Freecorder 7 Audio
[2013.02.18 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\Freecorder 7 Audio
[2013.02.10 00:43:13 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\Avira
[2013.02.10 00:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.10 00:34:19 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.10 00:34:19 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.10 00:34:19 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.10 00:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.10 00:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 C:\Users\Alice\Documents\*.tmp files -> C:\Users\Alice\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 13:28:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.04 12:37:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 20:02:08 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013.03.03 19:22:10 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.03 19:22:10 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.03 19:22:10 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.03 19:22:10 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.03 19:22:10 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.03 19:17:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.03 18:00:53 | 000,000,000 | ---- | M] () -- C:\Users\Alice\defogger_reenable
[2013.03.03 17:54:31 | 000,050,477 | ---- | M] () -- C:\Users\Alice\Desktop\Defogger.exe
[2013.03.03 15:28:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.03 12:55:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 12:55:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 12:47:26 | 000,126,383 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.03.03 12:46:34 | 1828,900,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.03 07:06:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2013.02.25 19:33:34 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.14 03:48:42 | 000,404,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.10 00:34:48 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.05 17:39:44 | 000,010,456 | ---- | M] () -- C:\Users\Alice\Desktop\An Acer.odt
[1 C:\Users\Alice\Documents\*.tmp files -> C:\Users\Alice\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.03 18:00:53 | 000,000,000 | ---- | C] () -- C:\Users\Alice\defogger_reenable
[2013.03.03 17:54:30 | 000,050,477 | ---- | C] () -- C:\Users\Alice\Desktop\Defogger.exe
[2013.02.10 00:34:48 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.05 17:24:18 | 000,010,456 | ---- | C] () -- C:\Users\Alice\Desktop\An Acer.odt
[2012.12.12 19:23:25 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll
[2012.12.02 21:20:56 | 000,000,241 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2012.12.02 21:20:56 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2012.12.02 21:13:24 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012.12.02 21:13:24 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012.12.02 21:04:54 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2012.11.29 22:42:00 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.05.11 13:24:34 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.05.11 13:24:34 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.05.11 13:03:40 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.05.11 13:03:40 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.05.11 13:03:40 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.05.11 13:03:40 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.05.11 13:03:26 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.05.11 12:42:58 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2012.05.11 12:42:58 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2012.05.11 12:29:38 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.05.11 12:25:52 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.08.10 06:56:20 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | ---- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.08 20:41:41 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Babylon
[2013.02.07 22:21:46 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DesktopIconForAmazon
[2013.02.18 09:01:59 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Freecorder 7 Audio
[2012.12.12 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Freecorder 7 Converter
[2012.12.17 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Freecorder 7 Screen
[2012.12.08 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Freecorder 7 Video
[2012.12.14 18:32:54 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\MAGIX
[2012.12.12 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Publish Providers
[2013.02.07 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\SoftGrid Client
[2012.12.12 18:18:48 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Sony
[2012.11.29 22:43:32 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.16 21:27:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.16 21:27:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.07 21:25:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.17 19:12:25 | 000,000,000 | ---D | M] -- C:\PFiles
[2013.02.07 22:30:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.17 15:23:54 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.10 00:34:17 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.16 21:27:12 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.16 21:27:13 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.03.04 13:28:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.05.11 12:51:19 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2013.02.07 22:30:09 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.07 22:33:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,024,314 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.05.11 13:13:21 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.05.11 13:13:22 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 20:28:52 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.03 18:00:53 | 000,000,000 | ---- | M] () -- C:\Users\Alice\defogger_reenable
[2013.03.04 14:03:01 | 001,835,008 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT
[2013.03.04 14:03:01 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG1
[2012.10.16 21:27:25 | 000,000,000 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG2
[2012.10.16 22:35:07 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.10.16 22:35:07 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.10.16 22:35:07 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.02.08 04:21:58 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6f0af9eb-7162-11e2-a29f-dc0ea1eaadb8}.TM.blf
[2013.02.08 04:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6f0af9eb-7162-11e2-a29f-dc0ea1eaadb8}.TMContainer00000000000000000001.regtrans-ms
[2013.02.08 04:21:58 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6f0af9eb-7162-11e2-a29f-dc0ea1eaadb8}.TMContainer00000000000000000002.regtrans-ms
[2012.10.16 21:27:26 | 000,000,020 | -HS- | M] () -- C:\Users\Alice\ntuser.ini
[2012.12.26 20:11:15 | 000,000,000 | ---- | M] () -- C:\Users\Alice\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Und hier der Extras.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.03.2013 13:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,60 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 78,71% Memory free
15,21 Gb Paging File | 13,03 Gb Available in Paging File | 85,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 379,44 Gb Free Space | 89,95% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,85 Gb Free Space | 92,59% Space Free | Partition Type: NTFS
 
Computer Name: ALICE-PC | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD3C53F-CCC5-4337-8CCF-D38444D98CF1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E7F28203-21EB-4653-A794-510F00C128E2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C762C98-D24A-4C91-9BAB-615144B2BD4C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1F7B8F0E-3847-4A4B-AE58-7B8861D8398B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2CBEC209-605C-4FC4-9BDE-D850F33DE06C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{54F3ED58-6569-40B8-9D19-4C0A8BE251DB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{669EF67C-9599-4A25-9F90-E50ADCC6A640}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{74DB4DF6-3DF3-4F3D-8B68-71DBEF44D208}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{759E9583-2ECF-4755-B865-6748499AF0FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{188080EF-C0B5-FBCC-3CD1-074C917E0DBB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{42C76910-6CD4-EC68-FB78-0D3DE411AD63}" = ATI Catalyst Install Manager
"{4485075E-F429-5E8D-452E-E7C0BDA12A19}" = ATI AVIVO64 Codecs
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9423DCA0-FC4A-DD5C-1285-651E161B4EE3}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE3857CE-9EAC-5077-9EBC-F9587D633224}" = AMD Fuel
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DesktopIconAmazon" = Desktop Icon für Amazon
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{092E59AB-28A8-75E5-BB0B-B9C6ED8748E9}" = CCC Help Swedish
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = 
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2C663DDE-2534-DA14-1E2B-DFA50E8967A4}" = CCC Help Dutch
"{2F686923-3566-1B63-0414-68804A2D5127}" = CCC Help Finnish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31211E28-2740-ED67-B93A-9ABAD6E67F6F}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D1C429-D8F0-6CE9-186B-6B9C3EF7BB8D}" = Catalyst Control Center Graphics Previews Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F3A0CDA-F5F1-7259-4CF9-D879E800EA2A}" = CCC Help Chinese Standard
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{426FA60E-1A36-5D4C-9240-A7809B8B5E38}" = CCC Help Norwegian
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-250C
"{4E396741-EAF9-4E21-9B4F-B16DEFA531A6}" = Catalyst Control Center - Branding
"{514272C3-F7DD-A659-7956-D39D0C6A12B1}" = Catalyst Control Center Profiles Mobile
"{59042421-E167-9211-2E99-192BCB6D170B}" = CCC Help Turkish
"{5964B563-30BF-4F15-2844-5BD267609D0B}" = CCC Help Russian
"{5E32E456-BE4B-9865-6579-AF24339862C6}" = CCC Help English
"{6162F499-DBD2-8B3A-9CB8-CC0CE9D1E9D2}" = CCC Help Chinese Traditional
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{673A9A60-C409-A6D1-0327-9CFE08B31B9C}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C50974F-2605-0F92-E226-6B701471CBDE}" = CCC Help Czech
"{70CC1270-E6C7-E78A-D1F0-9A981A46DC2F}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7565761B-ED80-C32B-0EF9-403125465C52}" = CCC Help French
"{75BA6802-2766-FED3-85D8-60A7AA4346E7}" = CCC Help Greek
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA92548-B5C5-36D6-D70F-C4D3332F02F0}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BEEDECC5-F0AE-734B-91BB-63516AA4A5B7}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D50A70C4-BFB8-E45C-1E57-CA282161B91A}" = AMD VISION Engine Control Center
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DAC69BCB-0C47-B2A1-66F8-C9FDBDA48682}" = CCC Help German
"{DBF6CD69-FADE-2016-EF15-5362D8FC214B}" = CCC Help Hungarian
"{DDBCDF95-9958-7A8F-F655-90E2FF1C27B5}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0AD689C-EDC0-1914-AE55-F8207B20E489}" = Catalyst Control Center Localization All
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E946FE9C-B883-BD46-9CB9-CC4BA737E53F}" = CCC Help Italian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6143CF8-93D8-3A6F-FFB4-3D957642E194}" = CCC Help Korean
"{F8E78851-82D8-BBEC-9EBA-DB6D55E3520C}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Chrome" = Freecorder extension for Chrome
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 19:54:26 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:26.252]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:27 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:27.796]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:29 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:29.340]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:30 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:30.885]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:32 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:32.429]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:33 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:33.974]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:35 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:35.518]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:37 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:37.062]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:38 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:38.607]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 19:54:40 | Computer Name = Alice-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 00:54:40.151]: [00000108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 02.03.2013 13:22:55 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 00:43:08 | Computer Name = Alice-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.03.2013 00:43:52 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 03:26:37 | Computer Name = Alice-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.03.2013 09:01:12 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 11:46:55 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom1 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 12:44:40 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom2 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 14:21:16 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom3 ist für den Zugriff noch nicht bereit.
 
Error - 03.03.2013 21:43:01 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 04.03.2013 03:01:45 | Computer Name = Alice-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom5 ist für den Zugriff noch nicht bereit.
 
 
< End of report >
         
--- --- ---
__________________

Alt 04.03.2013, 17:40   #4
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 16:37   #5
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hier das Texdokument

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alice
->Temp folder emptied: 478612556 bytes
->Temporary Internet Files folder emptied: 536932900 bytes
->FireFox cache emptied: 455995784 bytes
->Google Chrome cache emptied: 5353178 bytes
->Flash cache emptied: 25106 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 387995672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53187 bytes
RecycleBin emptied: 28617952 bytes

Total Files Cleaned = 1.806,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03052013_162250

Files\Folders moved on Reboot...
C:\Users\Alice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 05.03.2013, 16:51   #6
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Seth. avazutracking.net

Alt 05.03.2013, 18:51   #7
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



TDSSKiller Log

18:38:22.0423 5104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:38:23.0734 5104 ============================================================
18:38:23.0734 5104 Current date / time: 2013/03/05 18:38:23.0734
18:38:23.0734 5104 SystemInfo:
18:38:23.0734 5104
18:38:23.0734 5104 OS Version: 6.1.7601 ServicePack: 1.0
18:38:23.0734 5104 Product type: Workstation
18:38:23.0734 5104 ComputerName: ALICE-PC
18:38:23.0734 5104 UserName: Alice
18:38:23.0734 5104 Windows directory: C:\windows
18:38:23.0734 5104 System windows directory: C:\windows
18:38:23.0734 5104 Running under WOW64
18:38:23.0734 5104 Processor architecture: Intel x64
18:38:23.0734 5104 Number of processors: 2
18:38:23.0734 5104 Page size: 0x1000
18:38:23.0734 5104 Boot type: Normal boot
18:38:23.0734 5104 ============================================================
18:38:25.0824 5104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:38:25.0840 5104 ============================================================
18:38:25.0840 5104 \Device\Harddisk0\DR0:
18:38:25.0871 5104 MBR partitions:
18:38:25.0871 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:38:25.0871 5104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
18:38:25.0886 5104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
18:38:25.0886 5104 ============================================================
18:38:25.0949 5104 C: <-> \Device\Harddisk0\DR0\Partition2
18:38:26.0089 5104 D: <-> \Device\Harddisk0\DR0\Partition3
18:38:26.0089 5104 ============================================================
18:38:26.0089 5104 Initialize success
18:38:26.0089 5104 ============================================================
18:40:43.0588 3912 ============================================================
18:40:43.0588 3912 Scan started
18:40:43.0588 3912 Mode: Manual; SigCheck; TDLFS;
18:40:43.0588 3912 ============================================================
18:40:44.0196 3912 ================ Scan system memory ========================
18:40:44.0196 3912 System memory - ok
18:40:44.0212 3912 ================ Scan services =============================
18:40:44.0508 3912 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:40:44.0820 3912 1394ohci - ok
18:40:44.0867 3912 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:40:44.0914 3912 ACPI - ok
18:40:44.0945 3912 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:40:45.0007 3912 AcpiPmi - ok
18:40:45.0054 3912 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
18:40:45.0117 3912 ACPIVPC - ok
18:40:45.0257 3912 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:40:45.0382 3912 AdobeFlashPlayerUpdateSvc - ok
18:40:45.0569 3912 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
18:40:45.0694 3912 adp94xx - ok
18:40:45.0725 3912 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
18:40:45.0803 3912 adpahci - ok
18:40:45.0819 3912 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
18:40:45.0881 3912 adpu320 - ok
18:40:45.0928 3912 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:40:46.0084 3912 AeLookupSvc - ok
18:40:46.0162 3912 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:40:46.0287 3912 AFD - ok
18:40:46.0333 3912 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:40:46.0380 3912 agp440 - ok
18:40:46.0411 3912 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:40:46.0521 3912 ALG - ok
18:40:46.0583 3912 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:40:46.0661 3912 aliide - ok
18:40:46.0723 3912 [ 901F9232B7761A70DBF6250D5C0D4034 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:40:46.0801 3912 AMD External Events Utility - ok
18:40:46.0879 3912 AMD FUEL Service - ok
18:40:46.0926 3912 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:40:47.0051 3912 amdide - ok
18:40:47.0160 3912 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
18:40:47.0238 3912 amdiox64 - ok
18:40:47.0269 3912 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
18:40:47.0379 3912 AmdK8 - ok
18:40:47.0581 3912 [ 03965795805E359D7AD9F02415478984 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
18:40:47.0831 3912 amdkmdag - ok
18:40:47.0862 3912 [ EBE165070375C15F0E239DF24ADC6650 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
18:40:47.0940 3912 amdkmdap - ok
18:40:47.0971 3912 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:40:48.0034 3912 AmdPPM - ok
18:40:48.0065 3912 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:40:48.0237 3912 amdsata - ok
18:40:48.0283 3912 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
18:40:48.0330 3912 amdsbs - ok
18:40:48.0408 3912 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:40:48.0471 3912 amdxata - ok
18:40:48.0502 3912 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
18:40:48.0533 3912 amd_sata - ok
18:40:48.0564 3912 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
18:40:48.0611 3912 amd_xata - ok
18:40:48.0689 3912 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:40:48.0736 3912 AntiVirSchedulerService - ok
18:40:48.0767 3912 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:40:48.0814 3912 AntiVirService - ok
18:40:48.0861 3912 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:40:48.0970 3912 AppID - ok
18:40:49.0001 3912 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:40:49.0095 3912 AppIDSvc - ok
18:40:49.0126 3912 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:40:49.0251 3912 Appinfo - ok
18:40:49.0266 3912 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
18:40:49.0329 3912 arc - ok
18:40:49.0344 3912 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
18:40:49.0407 3912 arcsas - ok
18:40:49.0438 3912 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:40:49.0641 3912 AsyncMac - ok
18:40:49.0687 3912 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:40:49.0734 3912 atapi - ok
18:40:49.0812 3912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:40:49.0968 3912 AudioEndpointBuilder - ok
18:40:49.0984 3912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:40:50.0077 3912 AudioSrv - ok
18:40:50.0109 3912 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
18:40:50.0155 3912 avgntflt - ok
18:40:50.0202 3912 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
18:40:50.0265 3912 avipbb - ok
18:40:50.0280 3912 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
18:40:50.0327 3912 avkmgr - ok
18:40:50.0358 3912 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:40:50.0452 3912 AxInstSV - ok
18:40:50.0499 3912 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
18:40:50.0623 3912 b06bdrv - ok
18:40:50.0655 3912 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:40:50.0748 3912 b57nd60a - ok
18:40:50.0920 3912 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
18:40:51.0076 3912 BCM43XX - ok
18:40:51.0138 3912 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:40:51.0216 3912 BDESVC - ok
18:40:51.0279 3912 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:40:51.0372 3912 Beep - ok
18:40:51.0435 3912 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
18:40:51.0559 3912 BFE - ok
18:40:51.0606 3912 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
18:40:51.0731 3912 BITS - ok
18:40:51.0762 3912 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:40:51.0871 3912 blbdrive - ok
18:40:51.0918 3912 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:40:52.0027 3912 bowser - ok
18:40:52.0059 3912 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
18:40:52.0090 3912 BPntDrv - ok
18:40:52.0121 3912 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
18:40:52.0199 3912 BrFiltLo - ok
18:40:52.0215 3912 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
18:40:52.0277 3912 BrFiltUp - ok
18:40:52.0324 3912 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:40:52.0417 3912 Browser - ok
18:40:52.0636 3912 [ B98EF68B1E3DC5AC79A432900947EA2D ] Browser Manager C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
18:40:52.0761 3912 Browser Manager - ok
18:40:52.0792 3912 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:40:52.0885 3912 Brserid - ok
18:40:52.0948 3912 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:40:53.0041 3912 BrSerWdm - ok
18:40:53.0073 3912 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:40:53.0135 3912 BrUsbMdm - ok
18:40:53.0166 3912 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:40:53.0244 3912 BrUsbSer - ok
18:40:53.0260 3912 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
18:40:53.0353 3912 BthEnum - ok
18:40:53.0385 3912 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
18:40:53.0463 3912 BTHMODEM - ok
18:40:53.0494 3912 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
18:40:53.0572 3912 BthPan - ok
18:40:53.0619 3912 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
18:40:53.0743 3912 BTHPORT - ok
18:40:53.0790 3912 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:40:53.0884 3912 bthserv - ok
18:40:53.0915 3912 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
18:40:54.0040 3912 BTHUSB - ok
18:40:54.0102 3912 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:40:54.0227 3912 cdfs - ok
18:40:54.0274 3912 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:40:54.0352 3912 cdrom - ok
18:40:54.0399 3912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:40:54.0539 3912 CertPropSvc - ok
18:40:54.0570 3912 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\windows\system32\drivers\cfwids.sys
18:40:54.0617 3912 cfwids - ok
18:40:54.0664 3912 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
18:40:54.0742 3912 circlass - ok
18:40:54.0773 3912 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:40:54.0820 3912 CLFS - ok
18:40:54.0898 3912 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:40:54.0991 3912 clr_optimization_v2.0.50727_32 - ok
18:40:55.0038 3912 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:40:55.0116 3912 clr_optimization_v2.0.50727_64 - ok
18:40:55.0194 3912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:40:55.0257 3912 clr_optimization_v4.0.30319_32 - ok
18:40:55.0303 3912 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:40:55.0381 3912 clr_optimization_v4.0.30319_64 - ok
18:40:55.0428 3912 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
18:40:55.0475 3912 clwvd - ok
18:40:55.0522 3912 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:40:55.0584 3912 CmBatt - ok
18:40:55.0615 3912 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:40:55.0662 3912 cmdide - ok
18:40:55.0693 3912 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
18:40:55.0787 3912 CNG - ok
18:40:55.0881 3912 [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
18:40:56.0021 3912 CnxtHdAudService - ok
18:40:56.0068 3912 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
18:40:56.0177 3912 Compbatt - ok
18:40:56.0208 3912 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
18:40:56.0317 3912 CompositeBus - ok
18:40:56.0349 3912 COMSysApp - ok
18:40:56.0364 3912 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
18:40:56.0442 3912 crcdisk - ok
18:40:56.0505 3912 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
18:40:56.0583 3912 CryptSvc - ok
18:40:56.0723 3912 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:40:56.0817 3912 cvhsvc - ok
18:40:56.0895 3912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:40:57.0035 3912 DcomLaunch - ok
18:40:57.0082 3912 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:40:57.0253 3912 defragsvc - ok
18:40:57.0300 3912 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:40:57.0456 3912 DfsC - ok
18:40:57.0550 3912 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:40:57.0675 3912 Dhcp - ok
18:40:57.0690 3912 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:40:57.0799 3912 discache - ok
18:40:57.0831 3912 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
18:40:57.0893 3912 Disk - ok
18:40:57.0909 3912 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:40:57.0987 3912 Dnscache - ok
18:40:58.0018 3912 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:40:58.0158 3912 dot3svc - ok
18:40:58.0205 3912 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:40:58.0299 3912 DPS - ok
18:40:58.0345 3912 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:40:58.0408 3912 drmkaud - ok
18:40:58.0439 3912 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:40:58.0533 3912 DXGKrnl - ok
18:40:58.0564 3912 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:40:58.0673 3912 EapHost - ok
18:40:58.0751 3912 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
18:40:58.0891 3912 ebdrv - ok
18:40:58.0923 3912 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:40:59.0001 3912 EFS - ok
18:40:59.0079 3912 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:40:59.0235 3912 ehRecvr - ok
18:40:59.0266 3912 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
18:40:59.0375 3912 ehSched - ok
18:40:59.0469 3912 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
18:40:59.0578 3912 elxstor - ok
18:40:59.0593 3912 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:40:59.0671 3912 ErrDev - ok
18:40:59.0734 3912 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:40:59.0874 3912 EventSystem - ok
18:40:59.0905 3912 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:40:59.0999 3912 exfat - ok
18:41:00.0046 3912 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:41:00.0155 3912 fastfat - ok
18:41:00.0186 3912 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:41:00.0280 3912 Fax - ok
18:41:00.0295 3912 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
18:41:00.0342 3912 fbfmon - ok
18:41:00.0358 3912 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
18:41:00.0467 3912 fdc - ok
18:41:00.0514 3912 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:41:00.0623 3912 fdPHost - ok
18:41:00.0639 3912 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:41:00.0748 3912 FDResPub - ok
18:41:00.0795 3912 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:41:00.0841 3912 FileInfo - ok
18:41:00.0888 3912 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:41:00.0997 3912 Filetrace - ok
18:41:01.0029 3912 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
18:41:01.0075 3912 flpydisk - ok
18:41:01.0107 3912 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:41:01.0169 3912 FltMgr - ok
18:41:01.0247 3912 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
18:41:01.0341 3912 FontCache - ok
18:41:01.0450 3912 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:01.0512 3912 FontCache3.0.0.0 - ok
18:41:01.0559 3912 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:41:01.0621 3912 FsDepends - ok
18:41:01.0653 3912 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:41:01.0699 3912 Fs_Rec - ok
18:41:01.0731 3912 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:41:01.0809 3912 fvevol - ok
18:41:01.0840 3912 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
18:41:01.0902 3912 gagp30kx - ok
18:41:01.0949 3912 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:41:02.0089 3912 gpsvc - ok
18:41:02.0167 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:02.0230 3912 gupdate - ok
18:41:02.0245 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:02.0292 3912 gupdatem - ok
18:41:02.0355 3912 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:41:02.0417 3912 gusvc - ok
18:41:02.0464 3912 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:41:02.0589 3912 hcw85cir - ok
18:41:02.0620 3912 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:41:02.0713 3912 HdAudAddService - ok
18:41:02.0745 3912 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
18:41:02.0854 3912 HDAudBus - ok
18:41:02.0885 3912 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
18:41:02.0947 3912 HidBatt - ok
18:41:02.0963 3912 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
18:41:03.0057 3912 HidBth - ok
18:41:03.0088 3912 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
18:41:03.0150 3912 HidIr - ok
18:41:03.0197 3912 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
18:41:03.0291 3912 hidserv - ok
18:41:03.0337 3912 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
18:41:03.0400 3912 HidUsb - ok
18:41:03.0431 3912 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
18:41:03.0493 3912 HipShieldK - ok
18:41:03.0525 3912 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:41:03.0634 3912 hkmsvc - ok
18:41:03.0649 3912 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:41:03.0852 3912 HomeGroupListener - ok
18:41:03.0883 3912 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:41:03.0961 3912 HomeGroupProvider - ok
18:41:04.0008 3912 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:41:04.0086 3912 HpSAMD - ok
18:41:04.0133 3912 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:41:04.0258 3912 HTTP - ok
18:41:04.0289 3912 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:41:04.0336 3912 hwpolicy - ok
18:41:04.0367 3912 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
18:41:04.0429 3912 i8042prt - ok
18:41:04.0476 3912 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:41:04.0539 3912 iaStorV - ok
18:41:04.0632 3912 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:04.0741 3912 idsvc - ok
18:41:04.0788 3912 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
18:41:04.0835 3912 iirsp - ok
18:41:04.0882 3912 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:41:05.0007 3912 IKEEXT - ok
18:41:05.0069 3912 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:41:05.0178 3912 intelide - ok
18:41:05.0241 3912 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
18:41:05.0334 3912 intelppm - ok
18:41:05.0365 3912 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:41:05.0459 3912 IPBusEnum - ok
18:41:05.0506 3912 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:41:05.0599 3912 IpFilterDriver - ok
18:41:05.0631 3912 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:41:05.0709 3912 iphlpsvc - ok
18:41:05.0724 3912 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:41:05.0818 3912 IPMIDRV - ok
18:41:05.0818 3912 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:41:05.0927 3912 IPNAT - ok
18:41:05.0974 3912 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:41:06.0114 3912 IRENUM - ok
18:41:06.0145 3912 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:41:06.0208 3912 isapnp - ok
18:41:06.0239 3912 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:41:06.0301 3912 iScsiPrt - ok
18:41:06.0348 3912 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:41:06.0395 3912 kbdclass - ok
18:41:06.0426 3912 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:41:06.0504 3912 kbdhid - ok
18:41:06.0520 3912 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:41:06.0567 3912 KeyIso - ok
18:41:06.0613 3912 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:41:06.0676 3912 KSecDD - ok
18:41:06.0691 3912 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:41:06.0754 3912 KSecPkg - ok
18:41:06.0769 3912 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:41:06.0879 3912 ksthunk - ok
18:41:06.0925 3912 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:41:07.0050 3912 KtmRm - ok
18:41:07.0097 3912 [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
18:41:07.0144 3912 L1C - ok
18:41:07.0206 3912 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
18:41:07.0300 3912 LanmanServer - ok
18:41:07.0347 3912 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:41:07.0503 3912 LanmanWorkstation - ok
18:41:07.0565 3912 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
18:41:07.0596 3912 LHDmgr - ok
18:41:07.0674 3912 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:41:07.0815 3912 lltdio - ok
18:41:07.0861 3912 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:41:07.0986 3912 lltdsvc - ok
18:41:08.0017 3912 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:41:08.0127 3912 lmhosts - ok
18:41:08.0173 3912 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
18:41:08.0220 3912 LSI_FC - ok
18:41:08.0267 3912 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
18:41:08.0361 3912 LSI_SAS - ok
18:41:08.0392 3912 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
18:41:08.0439 3912 LSI_SAS2 - ok
18:41:08.0454 3912 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
18:41:08.0501 3912 LSI_SCSI - ok
18:41:08.0532 3912 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:41:08.0688 3912 luafv - ok
18:41:08.0782 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:41:08.0829 3912 McAfee SiteAdvisor Service - ok
18:41:08.0907 3912 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
18:41:09.0047 3912 McAWFwk - ok
18:41:09.0078 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:41:09.0109 3912 McMPFSvc - ok
18:41:09.0125 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:41:09.0172 3912 mcmscsvc - ok
18:41:09.0172 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:41:09.0219 3912 McNaiAnn - ok
18:41:09.0234 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:41:09.0281 3912 McNASvc - ok
18:41:09.0343 3912 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
18:41:09.0406 3912 McODS - ok
18:41:09.0421 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:41:09.0453 3912 McOobeSv - ok
18:41:09.0468 3912 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:41:09.0515 3912 McProxy - ok
18:41:09.0546 3912 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:41:09.0609 3912 McShield - ok
18:41:09.0655 3912 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:41:09.0749 3912 Mcx2Svc - ok
18:41:09.0811 3912 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
18:41:09.0889 3912 megasas - ok
18:41:09.0921 3912 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
18:41:09.0967 3912 MegaSR - ok
18:41:10.0014 3912 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
18:41:10.0170 3912 mfeapfk - ok
18:41:10.0186 3912 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
18:41:10.0248 3912 mfeavfk - ok
18:41:10.0342 3912 mfeavfk01 - ok
18:41:10.0404 3912 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:41:10.0576 3912 mfefire - ok
18:41:10.0607 3912 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
18:41:10.0685 3912 mfefirek - ok
18:41:10.0701 3912 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
18:41:10.0794 3912 mfehidk - ok
18:41:10.0825 3912 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
18:41:10.0872 3912 mferkdet - ok
18:41:10.0935 3912 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\windows\system32\mfevtps.exe
18:41:10.0981 3912 mfevtp - ok
18:41:11.0013 3912 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
18:41:11.0075 3912 mfewfpk - ok
18:41:11.0122 3912 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:41:11.0262 3912 MMCSS - ok
18:41:11.0293 3912 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:41:11.0449 3912 Modem - ok
18:41:11.0481 3912 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:41:11.0527 3912 monitor - ok
18:41:11.0559 3912 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:41:11.0621 3912 mouclass - ok
18:41:11.0637 3912 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
18:41:11.0761 3912 mouhid - ok
18:41:11.0793 3912 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:41:11.0839 3912 mountmgr - ok
18:41:11.0917 3912 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:41:12.0058 3912 MozillaMaintenance - ok
18:41:12.0089 3912 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:41:12.0151 3912 mpio - ok
18:41:12.0167 3912 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:41:12.0261 3912 mpsdrv - ok
18:41:12.0339 3912 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
18:41:12.0463 3912 MpsSvc - ok
18:41:12.0495 3912 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:41:12.0573 3912 MRxDAV - ok
18:41:12.0604 3912 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:41:12.0682 3912 mrxsmb - ok
18:41:12.0697 3912 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:41:12.0760 3912 mrxsmb10 - ok
18:41:12.0791 3912 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:41:12.0853 3912 mrxsmb20 - ok
18:41:12.0869 3912 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:41:12.0916 3912 msahci - ok
18:41:12.0947 3912 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:41:13.0009 3912 msdsm - ok
18:41:13.0041 3912 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:41:13.0119 3912 MSDTC - ok
18:41:13.0150 3912 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:41:13.0259 3912 Msfs - ok
18:41:13.0290 3912 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:41:13.0384 3912 mshidkmdf - ok
18:41:13.0415 3912 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:41:13.0462 3912 msisadrv - ok
18:41:13.0509 3912 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:41:13.0633 3912 MSiSCSI - ok
18:41:13.0649 3912 msiserver - ok
18:41:13.0680 3912 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:41:13.0789 3912 MSKSSRV - ok
18:41:13.0821 3912 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:41:13.0914 3912 MSPCLOCK - ok
18:41:13.0930 3912 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:41:14.0070 3912 MSPQM - ok
18:41:14.0117 3912 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:41:14.0335 3912 MsRPC - ok
18:41:14.0367 3912 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
18:41:14.0398 3912 mssmbios - ok
18:41:14.0429 3912 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:41:14.0523 3912 MSTEE - ok
18:41:14.0554 3912 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
18:41:14.0601 3912 MTConfig - ok
18:41:14.0632 3912 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:41:14.0679 3912 Mup - ok
18:41:14.0725 3912 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:41:14.0835 3912 napagent - ok
18:41:14.0881 3912 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:41:14.0959 3912 NativeWifiP - ok
18:41:14.0991 3912 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
18:41:15.0053 3912 NDIS - ok
18:41:15.0084 3912 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:41:15.0193 3912 NdisCap - ok
18:41:15.0225 3912 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:41:15.0318 3912 NdisTapi - ok
18:41:15.0349 3912 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:41:15.0459 3912 Ndisuio - ok
18:41:15.0474 3912 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:41:15.0583 3912 NdisWan - ok
18:41:15.0615 3912 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:41:15.0708 3912 NDProxy - ok
18:41:15.0755 3912 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:41:15.0864 3912 NetBIOS - ok
18:41:15.0880 3912 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:41:15.0989 3912 NetBT - ok
18:41:16.0005 3912 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:41:16.0051 3912 Netlogon - ok
18:41:16.0114 3912 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:41:16.0332 3912 Netman - ok
18:41:16.0348 3912 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:41:16.0473 3912 netprofm - ok
18:41:16.0504 3912 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:16.0566 3912 NetTcpPortSharing - ok
18:41:16.0660 3912 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
18:41:16.0738 3912 nfrd960 - ok
18:41:16.0769 3912 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
18:41:16.0831 3912 NlaSvc - ok
18:41:16.0863 3912 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:41:16.0956 3912 Npfs - ok
18:41:16.0987 3912 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:41:17.0097 3912 nsi - ok
18:41:17.0112 3912 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:41:17.0221 3912 nsiproxy - ok
18:41:17.0284 3912 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:41:17.0393 3912 Ntfs - ok
18:41:17.0424 3912 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:41:17.0502 3912 Null - ok
18:41:17.0549 3912 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:41:17.0596 3912 nvraid - ok
18:41:17.0627 3912 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:41:17.0674 3912 nvstor - ok
18:41:17.0705 3912 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:41:17.0767 3912 nv_agp - ok
18:41:17.0783 3912 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:41:17.0861 3912 ohci1394 - ok
18:41:17.0908 3912 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:41:18.0095 3912 ose - ok
18:41:18.0282 3912 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:41:18.0672 3912 osppsvc - ok
18:41:18.0719 3912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:41:18.0828 3912 p2pimsvc - ok
18:41:18.0859 3912 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:41:18.0922 3912 p2psvc - ok
18:41:18.0969 3912 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
18:41:19.0031 3912 Parport - ok
18:41:19.0062 3912 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:41:19.0140 3912 partmgr - ok
18:41:19.0171 3912 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:41:19.0265 3912 PcaSvc - ok
18:41:19.0296 3912 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:41:19.0343 3912 pci - ok
18:41:19.0359 3912 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:41:19.0421 3912 pciide - ok
18:41:19.0452 3912 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
18:41:19.0515 3912 pcmcia - ok
18:41:19.0530 3912 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:41:19.0577 3912 pcw - ok
18:41:19.0608 3912 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:41:19.0749 3912 PEAUTH - ok
18:41:19.0889 3912 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:41:19.0983 3912 PerfHost - ok
18:41:20.0139 3912 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:41:20.0435 3912 pla - ok
18:41:20.0497 3912 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:41:20.0622 3912 PlugPlay - ok
18:41:20.0653 3912 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:41:20.0763 3912 PNRPAutoReg - ok
18:41:20.0794 3912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:41:20.0841 3912 PNRPsvc - ok
18:41:20.0903 3912 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:41:21.0028 3912 PolicyAgent - ok
18:41:21.0075 3912 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:41:21.0231 3912 Power - ok
18:41:21.0371 3912 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:41:21.0605 3912 PptpMiniport - ok
18:41:21.0621 3912 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
18:41:21.0745 3912 Processor - ok
18:41:21.0792 3912 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:41:21.0886 3912 ProfSvc - ok
18:41:21.0933 3912 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:41:21.0979 3912 ProtectedStorage - ok
18:41:22.0042 3912 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:41:22.0135 3912 Psched - ok
18:41:22.0229 3912 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
18:41:22.0354 3912 ql2300 - ok
18:41:22.0385 3912 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
18:41:22.0432 3912 ql40xx - ok
18:41:22.0479 3912 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:41:22.0557 3912 QWAVE - ok
18:41:22.0588 3912 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:41:22.0666 3912 QWAVEdrv - ok
18:41:22.0681 3912 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:41:22.0775 3912 RasAcd - ok
18:41:22.0837 3912 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:41:22.0931 3912 RasAgileVpn - ok
18:41:22.0947 3912 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:41:23.0071 3912 RasAuto - ok
18:41:23.0087 3912 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:41:23.0196 3912 Rasl2tp - ok
18:41:23.0259 3912 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:41:23.0383 3912 RasMan - ok
18:41:23.0415 3912 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:41:23.0524 3912 RasPppoe - ok
18:41:23.0555 3912 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:41:23.0664 3912 RasSstp - ok
18:41:23.0727 3912 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:41:23.0883 3912 rdbss - ok
18:41:23.0914 3912 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
18:41:24.0007 3912 rdpbus - ok
18:41:24.0070 3912 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:41:24.0195 3912 RDPCDD - ok
18:41:24.0273 3912 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:41:24.0413 3912 RDPENCDD - ok
18:41:24.0444 3912 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:41:24.0538 3912 RDPREFMP - ok
18:41:24.0569 3912 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:41:24.0663 3912 RDPWD - ok
18:41:24.0709 3912 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:41:24.0772 3912 rdyboost - ok
18:41:24.0819 3912 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:41:24.0943 3912 RemoteAccess - ok
18:41:24.0975 3912 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:41:25.0099 3912 RemoteRegistry - ok
18:41:25.0146 3912 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
18:41:25.0240 3912 RFCOMM - ok
18:41:25.0271 3912 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:41:25.0396 3912 RpcEptMapper - ok
18:41:25.0427 3912 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:41:25.0505 3912 RpcLocator - ok
18:41:25.0552 3912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
18:41:25.0645 3912 RpcSs - ok
18:41:25.0692 3912 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:41:25.0817 3912 rspndr - ok
18:41:25.0848 3912 [ 89DFB71B370D82DFE75183F677043CEE ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
18:41:25.0926 3912 RSUSBVSTOR - ok
18:41:25.0989 3912 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
18:41:26.0067 3912 RTL8167 - ok
18:41:26.0113 3912 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:41:26.0160 3912 SamSs - ok
18:41:26.0191 3912 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:41:26.0254 3912 sbp2port - ok
18:41:26.0301 3912 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:41:26.0410 3912 SCardSvr - ok
18:41:26.0425 3912 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:41:26.0535 3912 scfilter - ok
18:41:26.0581 3912 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:41:26.0722 3912 Schedule - ok
18:41:26.0784 3912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:41:26.0862 3912 SCPolicySvc - ok
18:41:26.0909 3912 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:41:27.0003 3912 SDRSVC - ok
18:41:27.0049 3912 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:41:27.0159 3912 secdrv - ok
18:41:27.0174 3912 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:41:27.0283 3912 seclogon - ok
18:41:27.0299 3912 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
18:41:27.0408 3912 SENS - ok
18:41:27.0455 3912 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:41:27.0580 3912 SensrSvc - ok
18:41:27.0611 3912 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
18:41:27.0658 3912 Serenum - ok
18:41:27.0689 3912 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
18:41:27.0751 3912 Serial - ok
18:41:27.0783 3912 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
18:41:27.0845 3912 sermouse - ok
18:41:27.0876 3912 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:41:27.0985 3912 SessionEnv - ok
18:41:28.0017 3912 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:41:28.0079 3912 sffdisk - ok
18:41:28.0095 3912 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:41:28.0173 3912 sffp_mmc - ok
18:41:28.0188 3912 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:41:28.0266 3912 sffp_sd - ok
18:41:28.0282 3912 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
18:41:28.0344 3912 sfloppy - ok
18:41:28.0391 3912 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
18:41:28.0469 3912 Sftfs - ok
18:41:28.0563 3912 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:41:28.0656 3912 sftlist - ok
18:41:28.0672 3912 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
18:41:28.0734 3912 Sftplay - ok
18:41:28.0750 3912 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
18:41:28.0797 3912 Sftredir - ok
18:41:28.0812 3912 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
18:41:28.0859 3912 Sftvol - ok
18:41:28.0890 3912 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:41:28.0937 3912 sftvsa - ok
18:41:28.0984 3912 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
18:41:29.0124 3912 SharedAccess - ok
18:41:29.0171 3912 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:41:29.0296 3912 ShellHWDetection - ok
18:41:29.0327 3912 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
18:41:29.0389 3912 SiSRaid2 - ok
18:41:29.0421 3912 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
18:41:29.0514 3912 SiSRaid4 - ok
18:41:29.0561 3912 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:41:29.0686 3912 Smb - ok
18:41:29.0748 3912 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:41:29.0842 3912 SNMPTRAP - ok
18:41:29.0873 3912 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:41:29.0920 3912 spldr - ok
18:41:29.0967 3912 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:41:30.0107 3912 Spooler - ok
18:41:30.0232 3912 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:41:30.0419 3912 sppsvc - ok
18:41:30.0466 3912 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:41:30.0606 3912 sppuinotify - ok
18:41:30.0669 3912 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:41:30.0762 3912 srv - ok
18:41:30.0793 3912 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:41:30.0871 3912 srv2 - ok
18:41:30.0887 3912 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:41:30.0949 3912 srvnet - ok
18:41:30.0996 3912 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:41:31.0105 3912 SSDPSRV - ok
18:41:31.0121 3912 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:41:31.0230 3912 SstpSvc - ok
18:41:31.0261 3912 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
18:41:31.0308 3912 stexstor - ok
18:41:31.0371 3912 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:41:31.0464 3912 stisvc - ok
18:41:31.0480 3912 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
18:41:31.0527 3912 swenum - ok
18:41:31.0589 3912 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:41:31.0714 3912 swprv - ok
18:41:31.0776 3912 [ B3AD15FA10EBEAFC1275F34050E4E230 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:41:31.0854 3912 SynTP - ok
18:41:31.0948 3912 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:41:32.0041 3912 SysMain - ok
18:41:32.0073 3912 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:41:32.0166 3912 TabletInputService - ok
18:41:32.0197 3912 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:41:32.0307 3912 TapiSrv - ok
18:41:32.0353 3912 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:41:32.0431 3912 TBS - ok
18:41:32.0525 3912 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:41:32.0697 3912 Tcpip - ok
18:41:32.0743 3912 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:41:32.0837 3912 TCPIP6 - ok
18:41:32.0884 3912 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:41:32.0931 3912 tcpipreg - ok
18:41:32.0977 3912 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:41:33.0071 3912 TDPIPE - ok
18:41:33.0087 3912 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:41:33.0149 3912 TDTCP - ok
18:41:33.0165 3912 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:41:33.0258 3912 tdx - ok
18:41:33.0289 3912 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
18:41:33.0336 3912 TermDD - ok
18:41:33.0399 3912 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:41:33.0633 3912 TermService - ok
18:41:33.0648 3912 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:41:33.0726 3912 Themes - ok
18:41:33.0773 3912 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:41:33.0867 3912 THREADORDER - ok
18:41:33.0882 3912 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:41:34.0007 3912 TrkWks - ok
18:41:34.0069 3912 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:41:34.0194 3912 TrustedInstaller - ok
18:41:34.0241 3912 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:41:34.0335 3912 tssecsrv - ok
18:41:34.0366 3912 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:41:34.0444 3912 TsUsbFlt - ok
18:41:34.0459 3912 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
18:41:34.0537 3912 TsUsbGD - ok
18:41:34.0584 3912 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:41:34.0693 3912 tunnel - ok
18:41:34.0725 3912 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
18:41:34.0771 3912 uagp35 - ok
18:41:34.0803 3912 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:41:34.0943 3912 udfs - ok
18:41:35.0005 3912 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:41:35.0083 3912 UI0Detect - ok
18:41:35.0115 3912 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:41:35.0161 3912 uliagpkx - ok
18:41:35.0193 3912 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
18:41:35.0271 3912 umbus - ok
18:41:35.0286 3912 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
18:41:35.0349 3912 UmPass - ok
18:41:35.0380 3912 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:41:35.0505 3912 upnphost - ok
18:41:35.0536 3912 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:41:35.0629 3912 usbccgp - ok
18:41:35.0661 3912 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:41:35.0723 3912 usbcir - ok
18:41:35.0754 3912 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:41:35.0817 3912 usbehci - ok
18:41:35.0848 3912 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
18:41:35.0895 3912 usbfilter - ok
18:41:35.0941 3912 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:41:36.0004 3912 usbhub - ok
18:41:36.0035 3912 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
18:41:36.0082 3912 usbohci - ok
18:41:36.0113 3912 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:41:36.0191 3912 usbprint - ok
18:41:36.0238 3912 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:41:36.0285 3912 usbscan - ok
18:41:36.0316 3912 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:41:36.0519 3912 USBSTOR - ok
18:41:36.0565 3912 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:41:36.0643 3912 usbuhci - ok
18:41:36.0675 3912 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
18:41:36.0862 3912 usbvideo - ok
18:41:36.0909 3912 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:41:37.0018 3912 UxSms - ok
18:41:37.0049 3912 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:41:37.0096 3912 VaultSvc - ok
18:41:37.0127 3912 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:41:37.0174 3912 vdrvroot - ok
18:41:37.0205 3912 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:41:37.0330 3912 vds - ok
18:41:37.0361 3912 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:41:37.0408 3912 vga - ok
18:41:37.0439 3912 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:41:37.0548 3912 VgaSave - ok
18:41:37.0580 3912 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:41:37.0642 3912 vhdmp - ok
18:41:37.0658 3912 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:41:37.0704 3912 viaide - ok
18:41:37.0751 3912 [ 5CB80AFA98111FC6ED6E8702A0D7AC5B ] vm2uvcflt C:\windows\system32\Drivers\vm2uvcflt.sys
18:41:37.0907 3912 vm2uvcflt - ok
18:41:37.0938 3912 [ FE75ED0244AEDFF9B278A2A09AC06CA9 ] vm332avs C:\windows\system32\Drivers\vm332avs.sys
18:41:38.0001 3912 vm332avs - ok
18:41:38.0032 3912 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:41:38.0079 3912 volmgr - ok
18:41:38.0094 3912 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:41:38.0157 3912 volmgrx - ok
18:41:38.0188 3912 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:41:38.0266 3912 volsnap - ok
18:41:38.0297 3912 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
18:41:38.0344 3912 vsmraid - ok
18:41:38.0422 3912 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:41:38.0609 3912 VSS - ok
18:41:38.0656 3912 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:41:38.0750 3912 vwifibus - ok
18:41:38.0812 3912 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:41:38.0906 3912 vwififlt - ok
18:41:38.0937 3912 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:41:39.0030 3912 W32Time - ok
18:41:39.0077 3912 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
18:41:39.0140 3912 WacomPen - ok
18:41:39.0171 3912 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:41:39.0280 3912 WANARP - ok
18:41:39.0296 3912 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:41:39.0389 3912 Wanarpv6 - ok
18:41:39.0467 3912 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:41:39.0608 3912 wbengine - ok
18:41:39.0639 3912 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:41:39.0717 3912 WbioSrvc - ok
18:41:39.0748 3912 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:41:39.0842 3912 wcncsvc - ok
18:41:39.0857 3912 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:41:39.0935 3912 WcsPlugInService - ok
18:41:39.0951 3912 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
18:41:40.0013 3912 Wd - ok
18:41:40.0060 3912 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:41:40.0169 3912 Wdf01000 - ok
18:41:40.0185 3912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:41:40.0325 3912 WdiServiceHost - ok
18:41:40.0341 3912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:41:40.0403 3912 WdiSystemHost - ok
18:41:40.0450 3912 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:41:40.0637 3912 WebClient - ok
18:41:40.0668 3912 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:41:40.0793 3912 Wecsvc - ok
18:41:40.0824 3912 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:41:40.0918 3912 wercplsupport - ok
18:41:40.0965 3912 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:41:41.0058 3912 WerSvc - ok
18:41:41.0090 3912 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:41:41.0183 3912 WfpLwf - ok
18:41:41.0214 3912 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:41:41.0261 3912 WIMMount - ok
18:41:41.0292 3912 WinDefend - ok
18:41:41.0308 3912 WinHttpAutoProxySvc - ok
18:41:41.0402 3912 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:41:41.0511 3912 Winmgmt - ok
18:41:41.0604 3912 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:41:41.0760 3912 WinRM - ok
18:41:41.0854 3912 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:41:41.0932 3912 WinUsb - ok
18:41:41.0994 3912 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:41:42.0135 3912 Wlansvc - ok
18:41:42.0228 3912 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:41:42.0275 3912 wlcrasvc - ok
18:41:42.0384 3912 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:41:42.0494 3912 wlidsvc - ok
18:41:42.0525 3912 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:41:42.0587 3912 WmiAcpi - ok
18:41:42.0650 3912 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:41:42.0759 3912 wmiApSrv - ok
18:41:42.0790 3912 WMPNetworkSvc - ok
18:41:42.0837 3912 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:41:42.0930 3912 WPCSvc - ok
18:41:42.0977 3912 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:41:43.0055 3912 WPDBusEnum - ok
18:41:43.0102 3912 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:41:43.0242 3912 ws2ifsl - ok
18:41:43.0258 3912 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
18:41:43.0336 3912 wscsvc - ok
18:41:43.0352 3912 WSearch - ok
18:41:43.0383 3912 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
18:41:43.0430 3912 wsvd - ok
18:41:43.0523 3912 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
18:41:43.0648 3912 wuauserv - ok
18:41:43.0679 3912 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:41:43.0773 3912 WudfPf - ok
18:41:43.0820 3912 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:41:43.0882 3912 WUDFRd - ok
18:41:43.0929 3912 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:41:43.0991 3912 wudfsvc - ok
18:41:44.0022 3912 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:41:44.0116 3912 WwanSvc - ok
18:41:44.0147 3912 ================ Scan global ===============================
18:41:44.0194 3912 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:41:44.0225 3912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:41:44.0288 3912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:41:44.0334 3912 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:41:44.0366 3912 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:41:44.0381 3912 [Global] - ok
18:41:44.0381 3912 ================ Scan MBR ==================================
18:41:44.0397 3912 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:41:44.0584 3912 \Device\Harddisk0\DR0 - ok
18:41:44.0600 3912 ================ Scan VBR ==================================
18:41:44.0600 3912 [ 08975F1717B24366D5677F81AA6FBDBB ] \Device\Harddisk0\DR0\Partition1
18:41:44.0600 3912 \Device\Harddisk0\DR0\Partition1 - ok
18:41:44.0646 3912 [ A43A5079E9745AEAFE69E87F01C18DC2 ] \Device\Harddisk0\DR0\Partition2
18:41:44.0646 3912 \Device\Harddisk0\DR0\Partition2 - ok
18:41:44.0678 3912 [ 83651C5D24C7E377FFC25FB5BE59B1CB ] \Device\Harddisk0\DR0\Partition3
18:41:44.0693 3912 \Device\Harddisk0\DR0\Partition3 - ok
18:41:44.0693 3912 ============================================================
18:41:44.0693 3912 Scan finished
18:41:44.0693 3912 ============================================================
18:41:44.0740 2652 Detected object count: 0
18:41:44.0740 2652 Actual detected object count: 0

Alt 05.03.2013, 21:08   #8
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 18:49   #9
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



C:\ Combofix.txt
Es wurde mir angezeigt das McAfee angeblich noch aktiv sei. Die Testversion ist aber seit längerem abgelaufen und dementsprechen ist es nicht aktiv.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-05.01 - Alice 06.03.2013  16:13:20.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7787.6431 [GMT 1:00]
ausgeführt von:: c:\users\Alice\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alice\Documents\~WRL2677.tmp
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-06 bis 2013-03-06  ))))))))))))))))))))))))))))))
.
.
2013-03-06 15:28 . 2013-03-06 15:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-05 15:22 . 2013-03-05 15:22	--------	d-----w-	C:\_OTL
2013-02-28 03:10 . 2013-01-13 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-02-28 03:10 . 2013-01-13 19:24	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-02-28 03:10 . 2013-01-04 06:11	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-28 03:10 . 2013-01-04 06:11	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-02-28 03:10 . 2013-01-13 19:02	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-02-28 03:10 . 2013-01-13 18:32	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-02-18 08:22 . 2013-02-18 08:22	--------	d-----w-	c:\users\Alice\dwhelper
2013-02-18 08:02 . 2013-02-18 08:02	--------	d-----w-	c:\users\Alice\AppData\Local\Freecorder 7 Audio
2013-02-18 08:01 . 2013-02-18 08:01	--------	d-----w-	c:\users\Alice\AppData\Roaming\Freecorder 7 Audio
2013-02-14 02:03 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:03 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:00 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-14 02:00 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-13 10:18 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 10:18 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:18 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:18 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 10:18 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 10:18 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:18 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 10:18 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 10:18 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 10:18 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 10:17 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 10:17 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 23:43 . 2013-02-09 23:43	--------	d-----w-	c:\users\Alice\AppData\Roaming\Avira
2013-02-09 23:34 . 2012-12-03 14:36	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-09 23:34 . 2012-12-03 14:36	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-09 23:34 . 2012-11-16 19:17	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-02-09 23:34 . 2013-02-09 23:34	--------	d-----w-	c:\programdata\Avira
2013-02-09 23:34 . 2013-02-09 23:34	--------	d-----w-	c:\program files (x86)\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 13:38 . 2012-11-21 19:28	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 13:38 . 2012-11-21 19:28	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 04:43 . 2013-02-13 10:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-24 02:01	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 02:01	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 02:01	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 02:01	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 18:52 . 2007-04-27 09:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2012-12-07 13:20 . 2013-01-09 08:03	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 08:03	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 08:03	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:03	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 08:03	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 08:03	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 08:03	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 08:03	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 08:03	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 08:03	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 08:03	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 08:03	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 08:03	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 08:03	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 08:03	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 08:03	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 08:03	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 08:03	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:03	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:03	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 08:03	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:03	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:03	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:03	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:03	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:03	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:03	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:03	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 08:03	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:03	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:03	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:03	55296	----a-w-	c:\windows\SysWow64\cero.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]
2012-10-13 17:43	364920	----a-w-	c:\program files (x86)\Freecorder extension\ScriptHost.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-05-11 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 385248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{C16C1~1\mngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-05-11 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-05-11 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-05-11 13408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-09 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-10 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2013-01-31 2561488]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-05-11 29792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-12-10 234960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93984430
*Deregistered* - 93984430
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-04 19:21	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 13:38]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 12:13]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-11 12:03	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-05-11 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-11 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-11 5908928]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.igoogle.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\0k9jrar1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 8c075b3b000000000000e006e6120852
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15682
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1020:42
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06  18:41:41
ComboFix-quarantined-files.txt  2013-03-06 17:41
.
Vor Suchlauf: 8 Verzeichnis(se), 407.925.047.296 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 407.436.009.472 Bytes frei
.
- - End Of File - - 6B482561C3B457E83C24C124CE34E1E9
         
--- --- ---

Alt 06.03.2013, 21:26   #10
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



hi
deinstaliere mal mcafee
nutze den mcafee remover:
http://www.chip.de/downloads/McAfee-..._49841374.html
dann:
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 19:44   #11
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Beim Suchlauf wurde nichts gefunden.

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.03.07.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alice :: ALICE-PC [Administrator]

07.03.2013 18:37:08
mbam-log-2013-03-07 (18-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306572
Laufzeit: 1 Stunde(n), 1 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 07.03.2013, 21:15   #12
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.03.2013, 10:15   #13
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 11.05.2012 1.0.0.33 notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 11.05.2012 22,4MB 3.0.829.0 notwendig
Avira Free Antivirus Avira 12.02.2013 129MB 13.0.0.3185 notwendig
bProtector for Windows 07.03.2013 notwendig
Brother MFL-Pro Suite MFC-250C Brother Industries, Ltd. 02.12.2012 1.0.1.0 notwendig
CCleaner Piriform 25.02.2013 3.28 unnötig
Conexant HD Audio Conexant 11.05.2012 8.54.4.50 notwendig
Desktop Icon für Amazon 12.12.2012 1.0.1 (de) unnötig
Energy Management Lenovo 11.05.2012 16,8MB 6.0.2.0 notwendig
FireJump FireJump.net 12.12.2012 4,28MB 1.0.2.5 unbekannt
Freecorder 7 Applications (7.0.0.48) Applian Technologies 08.12.2012 7.0.0.48 notwendig
Freecorder extension freecorder.com 08.12.2012 7.0.0.7 notwendig
Freecorder extension for Chrome Applian Technologies, Inc. 08.12.2012 7.0.0.7 notwendig
Freecorder extension for Firefox Applian Technologies, Inc. 08.12.2012 7.0.0.7 unnötig
Google Chrome Google Inc. 11.05.2012 25.0.1364.152 notwendig
Google Toolbar for Internet Explorer Google Inc. 15.12.2012 7.4.3607.2246 unnötig
Lenovo EasyCamera Lenovo EasyCamera 11.05.2012 1.10.1209.1 notwendig
Lenovo EE Boot Optimizer Lenovo 11.05.2012 0.0.1.6 notwendig
Lenovo Games Console Oberon Media Inc. 11.05.2012 1.2.6.436 notwendig
Lenovo OneKey Recovery CyberLink Corp. 11.05.2012 7.0.1628 notwendig
Lenovo YouCam CyberLink Corp. 11.05.2012 135MB 3.1.3728 notwendig
Lenovo_Wireless_Driver Lenovo 11.05.2012 1.02.01 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 07.03.2013 18,4MB 1.70.0.1100 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.10.2012 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.10.2012 2,93MB 4.0.30319 notwendig
Microsoft Office 2010 Microsoft Corporation 11.05.2012 6,31MB 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 29.11.2012 14.0.4763.1000 notwendig
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 29.11.2012 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 01.12.2012 40,3MB 4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.05.2012 1,69MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.12.2012 300KB 8.0.56336 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.05.2012 788KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 01.12.2012 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.12.2012 596KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.12.2012 600KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 09.12.2012 13,7MB 10.0.30319 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.02.2013 14,1MB 10.0.40219 notwendig
Mozilla Firefox 19.0 (x86 de) Mozilla 28.02.2013 43,6MB 19.0 notwendig
Mozilla Maintenance Service Mozilla 28.02.2013 330KB 19.0 notwendig
MSXML 4.0 SP3 Parser Microsoft Corporation 12.12.2012 1,47MB 4.30.2100.0 notwendig
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 14.12.2012 1,53MB 4.30.2114.0 notwendig
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 10.01.2013 1,54MB 4.30.2117.0 notwendig
OneKey Recovery CyberLink Corp. 03.03.2013 7.0.1628 notwendig
Power2Go CyberLink Corp. 11.05.2012 5.6.0.7303 notwendig
Preispilot für Firefox Preispilot 12.12.2012 1,75MB 2.0 unnötig
Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 11.05.2012 6.1.7600.10003 notwendig
Shared C Run-time for x64 McAfee 04.12.2012 2,78MB 10.0.0 notwendig (auch wenn mcAfee deinstalliert?)
Synaptics Pointing Device Driver Synaptics Incorporated 11.05.2012 46,4MB 15.1.12.0 notwendig
UserGuide Lenovo 11.05.2012 51,3MB 1.0.0.6 notwendig
VeriFace Lenovo 11.05.2012 4.0.0.1224 notwendig
Windows Live Essentials Microsoft Corporation 11.05.2012 15.4.3508.1109 notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 11.05.2012 5,57MB 15.4.5722.2 notwendig
Windows Media Player Firefox Plugin Microsoft Corp 17.10.2012 296KB 1.0.0.8 notwendig
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) Lenovo 11.05.2012 12/02/2010 6.1.0.1 notwendig

Alt 08.03.2013, 14:08   #14
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
deinstaliere:
Desktop Icon
Google Toolbar
Preispilot

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.03.2013, 17:58   #15
Chibi_C
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net



Adobe Reader installieren ?

Antwort

Themen zu Seth. avazutracking.net
ahnung, anfängerin, firefox, gaming, geschieht, home, inhalt, inter, interne, internet, logfiles, längerem, nichts, seite, surfe, surfen, thema, threads, totale, windows, windows 7, windows 7 home, öffnet




Ähnliche Themen: Seth. avazutracking.net


  1. Avazutracking
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (17)
  2. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  3. Pop-Up von seth.avazurtracking und weiteren URL's
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (23)
  4. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (12)
  5. Seth.avazutracking.net - Problem
    Log-Analyse und Auswertung - 14.10.2013 (7)
  6. seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  7. Avazutracking entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (17)
  8. seth.avazutracking.net Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (9)
  9. Windows 7: ca. 1 mal pro Woche öffnet sich seth.avazutracking von alleine
    Log-Analyse und Auswertung - 15.08.2013 (12)
  10. Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs
    Log-Analyse und Auswertung - 14.08.2013 (15)
  11. Seth Avazutracking.net
    Log-Analyse und Auswertung - 02.08.2013 (13)
  12. Seth.avazutracking.net
    Log-Analyse und Auswertung - 25.06.2013 (4)
  13. Avazutracking Virus
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (9)
  14. http://seth.avazutracking.net/tracking/redirect/
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (1)
  15. Seth Avazutracking.net und ad.yieldmanager.com entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (26)
  16. Seth. avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (36)
  17. Seth.avazutrackingnet Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (11)

Zum Thema Seth. avazutracking.net - Hallo allerseits, seit längerem öffnet sich beim surfen im Internet, mit Firefox 19.0, aus dem nichts heraus, die Seite Seth. avazutracking.net ohne Inhalt, oder ich werde an irgendwelche Gaming Portale - Seth. avazutracking.net...
Archiv
Du betrachtest: Seth. avazutracking.net auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.