Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen

copatin · 11.09.2012, 18:07

Code:

ATTFilter


# AdwCleaner v2.001 - Datei am 09/11/2012 um 19:06:21 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HeftigDerBoss - HEFTIGDERBOSS-P
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HeftigDerBoss\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v8.0 (de)

Profilname : default 
Datei : C:\Users\HeftigDerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\wtqlaods.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2569 octets] - [17/08/2012 22:55:05]
AdwCleaner[S1].txt - [2741 octets] - [20/08/2012 23:24:15]
AdwCleaner[R2].txt - [1518 octets] - [03/09/2012 18:51:59]
AdwCleaner[S2].txt - [2080 octets] - [04/09/2012 15:54:11]
AdwCleaner[R3].txt - [1144 octets] - [07/09/2012 19:03:02]
AdwCleaner[R4].txt - [1070 octets] - [11/09/2012 19:06:21]

########## EOF - C:\AdwCleaner[R4].txt - [1130 octets] ##########

cosinus · 11.09.2012, 22:30

Hm, keine Funde mehr

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

copatin · 15.09.2012, 14:51

Code:

ATTFilter

OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 15.09.2012 15:06:26 - Run 10
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\HeftigDerBoss\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,55% Memory free
6,00 Gb Paging File | 4,49 Gb Available in Paging File | 74,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,95 Gb Total Space | 77,08 Gb Free Space | 60,71% Space Free | Partition Type: NTFS
Drive D: | 338,81 Gb Total Space | 337,93 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
Drive E: | 6,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 931,51 Gb Total Space | 502,99 Gb Free Space | 54,00% Space Free | Partition Type: NTFS
 
Computer Name: HEFTIGDERBOSS-P | User Name: HeftigDerBoss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 15:05:37 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\HeftigDerBoss\Desktop\OTL.exe
PRC - [2012.09.12 07:13:08 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.08 17:59:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.05 14:12:30 | 001,353,080 | ---- | M] (Valve Corporation) -- G:\Steam\Steam.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 21:16:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:16:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.01.11 00:09:25 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- D:\Programme\uTorrent.exe
PRC - [2009.02.23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files (x86)\MagicDisc\MagicDisc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.12 07:13:08 | 020,317,008 | ---- | M] () -- G:\Steam\bin\libcef.dll
MOD - [2012.09.12 07:13:08 | 001,099,616 | ---- | M] () -- G:\Steam\bin\avcodec-53.dll
MOD - [2012.09.12 07:13:08 | 000,902,480 | ---- | M] () -- G:\Steam\bin\chromehtml.dll
MOD - [2012.09.12 07:13:08 | 000,190,816 | ---- | M] () -- G:\Steam\bin\avformat-53.dll
MOD - [2012.09.12 07:13:08 | 000,123,232 | ---- | M] () -- G:\Steam\bin\avutil-51.dll
MOD - [2012.06.19 17:35:47 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012.06.19 17:29:08 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012.06.19 17:29:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.06.16 09:23:15 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012.06.16 09:23:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012.06.16 09:22:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.06.16 09:22:54 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012.06.16 09:22:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.06.16 09:22:50 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.16 09:22:48 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.06.16 09:22:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.06.16 09:22:41 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.06.16 09:20:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.04.17 15:47:14 | 000,115,137 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.12 07:13:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 21:16:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:16:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:16:48 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:16:48 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.12.08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011.12.08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.12.08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.12.08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.09.16 17:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3612399379-2078024685-110007940-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3612399379-2078024685-110007940-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3612399379-2078024685-110007940-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3612399379-2078024685-110007940-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\Firefox\components [2012.07.19 21:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programme\Firefox\plugins [2012.08.22 13:40:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Firefox\components [2012.07.19 21:41:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins [2012.08.22 13:40:43 | 000,000,000 | ---D | M]
 
[2012.01.04 17:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Extensions
[2012.09.15 14:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions
[2012.07.26 18:14:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.04 18:05:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\moveplayer@movenetworks.com
[2012.09.15 14:16:13 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.26 18:14:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.12 07:15:40 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-1.xml
[2011.05.01 09:15:04 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-10.xml
[2011.05.06 17:37:36 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-11.xml
[2011.05.06 17:37:48 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-12.xml
[2010.10.19 18:30:20 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-2.xml
[2009.07.22 21:42:50 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-3.xml
[2009.08.04 21:14:00 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-4.xml
[2010.10.21 06:34:52 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-5.xml
[2010.10.30 10:23:02 | 000,000,666 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-6.xml
[2010.12.14 21:00:06 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-7.xml
[2011.03.03 12:07:02 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-8.xml
[2011.03.28 17:55:40 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1001..\Run: [Steam] G:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1001..\Run: [vikyrefwaqis] C:\Users\HeftigDerBoss\vikyrefwaqis.exe File not found
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F2B860D-8700-40D5-9E4C-8E0838A73D11}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.24 03:51:10 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.07.05 16:11:07 | 000,143,008 | RH-- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.06.07 15:14:11 | 000,000,049 | RH-- | M] () - F:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.07.05 16:03:05 | 000,000,443 | RH-- | M] () - F:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\Shell - "" = AutoRun
O33 - MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.07.05 16:11:07 | 000,143,008 | RH-- | M] ()
O33 - MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 14:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.15 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\HeftigDerBoss\Desktop\logs
[2012.09.15 14:56:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.09.06 16:04:02 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\HeftigDerBoss\Desktop\OTL.exe
[2012.08.29 19:08:53 | 000,000,000 | ---D | C] -- C:\Users\HeftigDerBoss\AppData\Local\FOMM
[2012.08.29 19:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2012.08.29 19:07:01 | 001,404,186 | ---- | C] (Q, Timeslip                                                 ) -- C:\Users\HeftigDerBoss\Desktop\FOMM-36901-0-13-21.exe
[2012.08.29 19:02:47 | 000,000,000 | ---D | C] -- C:\Users\HeftigDerBoss\Desktop\weather
[2012.08.21 15:14:52 | 000,000,000 | ---D | C] -- C:\Users\HeftigDerBoss\AppData\Local\Microsoft Games
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\HeftigDerBoss\*.tmp files -> C:\Users\HeftigDerBoss\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.09.15 15:05:37 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\HeftigDerBoss\Desktop\OTL.exe
[2012.09.15 13:20:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 13:20:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 13:18:55 | 001,498,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.15 13:18:55 | 000,654,178 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.15 13:18:55 | 000,616,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.15 13:18:55 | 000,130,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.15 13:18:55 | 000,106,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.15 13:12:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 13:12:38 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.11 19:05:37 | 000,512,399 | ---- | M] () -- C:\Users\HeftigDerBoss\Desktop\adwcleaner.exe
[2012.08.30 21:14:00 | 000,016,366 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.08.30 10:40:14 | 000,429,416 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.29 19:07:02 | 001,404,186 | ---- | M] (Q, Timeslip                                                 ) -- C:\Users\HeftigDerBoss\Desktop\FOMM-36901-0-13-21.exe
[2012.08.29 19:01:31 | 089,514,131 | ---- | M] () -- C:\Users\HeftigDerBoss\Desktop\NSkies_URWLified_31_AllInOne-35998-3-1.zip
[2012.08.29 18:16:55 | 000,090,727 | ---- | M] () -- C:\Users\HeftigDerBoss\Desktop\Centered_3rd_Person_Camera_v5-34744.zip
[2012.08.23 10:31:21 | 000,000,200 | ---- | M] () -- C:\Users\HeftigDerBoss\Desktop\Railroad Tycoon 2 Platinum.url
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\HeftigDerBoss\*.tmp files -> C:\Users\HeftigDerBoss\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.09.07 19:02:41 | 000,512,399 | ---- | C] () -- C:\Users\HeftigDerBoss\Desktop\adwcleaner.exe
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.29 18:59:13 | 089,514,131 | ---- | C] () -- C:\Users\HeftigDerBoss\Desktop\NSkies_URWLified_31_AllInOne-35998-3-1.zip
[2012.08.29 18:16:54 | 000,090,727 | ---- | C] () -- C:\Users\HeftigDerBoss\Desktop\Centered_3rd_Person_Camera_v5-34744.zip
[2012.08.23 10:31:09 | 000,000,200 | ---- | C] () -- C:\Users\HeftigDerBoss\Desktop\Railroad Tycoon 2 Platinum.url
[2012.08.06 19:05:40 | 000,000,000 | ---- | C] () -- C:\Users\HeftigDerBoss\defogger_reenable
[2012.01.11 22:33:02 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\@
[2012.01.11 22:33:02 | 000,002,048 | -HS- | C] () -- C:\Users\HeftigDerBoss\AppData\Local\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\@
[2012.01.09 21:07:25 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Mros416.dll
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2012.07.01 14:14:05 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.01.11 10:37:49 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Propellerhead Software
[2012.01.25 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung
[2012.01.09 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Steinberg
[2012.04.17 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Temp
[2012.09.15 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\uTorrent
[2012.08.28 10:20:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.06 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Adobe
[2012.03.07 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Avira
[2012.07.01 14:14:05 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.05.08 23:39:36 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\dvdcss
[2012.01.04 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Identities
[2012.01.04 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Macromedia
[2012.08.06 18:50:44 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Media Center Programs
[2012.02.07 11:50:32 | 000,000,000 | --SD | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft
[2012.01.04 17:43:48 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Mozilla
[2012.08.02 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\NVIDIA
[2012.01.11 10:37:49 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Propellerhead Software
[2012.01.25 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung
[2012.01.04 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Skype
[2012.01.09 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Steinberg
[2012.04.17 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Temp
[2012.09.15 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\uTorrent
[2012.01.04 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\vlc
[2012.08.12 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\Winamp
[2012.01.09 19:25:40 | 000,000,000 | ---D | M] -- C:\Users\HeftigDerBoss\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.07 11:43:31 | 000,040,960 | ---- | M] (InstallShield Software Corp.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2012.02.07 11:43:31 | 000,040,960 | ---- | M] (InstallShield Software Corp.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2012.02.07 11:43:31 | 000,008,854 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2012.02.19 16:13:05 | 000,106,408 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.02.19 16:13:05 | 000,101,288 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.02.19 16:13:05 | 000,021,416 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.03 10:50:16 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.02.03 10:50:20 | 000,278,928 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.02.03 10:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.02.03 10:50:22 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.02.19 16:13:05 | 000,106,408 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.02.19 16:13:05 | 000,101,288 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.02.03 10:50:26 | 000,131,984 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.02.19 16:13:05 | 000,021,416 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.02.03 10:50:28 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.12.23 21:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.02.03 10:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\HeftigDerBoss\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
 --- --- ---

cosinus · 16.09.2012, 15:37

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
[2012.07.26 18:14:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.12 07:15:40 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-1.xml
[2011.05.01 09:15:04 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-10.xml
[2011.05.06 17:37:36 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-11.xml
[2011.05.06 17:37:48 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-12.xml
[2010.10.19 18:30:20 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-2.xml
[2009.07.22 21:42:50 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-3.xml
[2009.08.04 21:14:00 | 000,000,950 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-4.xml
[2010.10.21 06:34:52 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-5.xml
[2010.10.30 10:23:02 | 000,000,666 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-6.xml
[2010.12.14 21:00:06 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-7.xml
[2011.03.03 12:07:02 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-8.xml
[2011.03.28 17:55:40 | 000,000,961 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3612399379-2078024685-110007940-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\Shell - "" = AutoRun
O33 - MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.07.05 16:11:07 | 000,143,008 | RH-- | M] ()
O33 - MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation)
:Files
C:\Windows\Installer\{b65b4c48-e925-0df4-f466-1edc76a43dcd}
C:\Users\HeftigDerBoss\AppData\Local\{b65b4c48-e925-0df4-f466-1edc76a43dcd}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

copatin · 17.09.2012, 15:04

Code:

ATTFilter


All processes killed
========== OTL ==========
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\Firefox\Profiles\wtqlaods.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\HeftigDerBoss\AppData\Roaming\mozilla\firefox\profiles\wtqlaods.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3612399379-2078024685-110007940-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865631b7-3bc4-11e1-a59b-0019dbe80e53}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c061ed0c-36e8-11e1-9c1d-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Windows\Installer\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\U folder moved successfully.
C:\Windows\Installer\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\L folder moved successfully.
C:\Windows\Installer\{b65b4c48-e925-0df4-f466-1edc76a43dcd} folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Local\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\U folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Local\{b65b4c48-e925-0df4-f466-1edc76a43dcd}\L folder moved successfully.
C:\Users\HeftigDerBoss\AppData\Local\{b65b4c48-e925-0df4-f466-1edc76a43dcd} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HeftigDerBoss\Desktop\cmd.bat deleted successfully.
C:\Users\HeftigDerBoss\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HeftigDerBoss
->Temp folder emptied: 2970811 bytes
->Temporary Internet Files folder emptied: 4839223 bytes
->Java cache emptied: 100767 bytes
->FireFox cache emptied: 1087691153 bytes
->Flash cache emptied: 10136 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 227564624 bytes
 
Total Files Cleaned = 1.262,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.4 log created on 09172012_155303

Files\Folders moved on Reboot...
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\HeftigDerBoss\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 17.09.2012, 19:34

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

copatin · 18.09.2012, 13:27

Code:

ATTFilter


14:23:29.0760 2928  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:23:29.0773 2928  ============================================================
14:23:29.0773 2928  Current date / time: 2012/09/18 14:23:29.0773
14:23:29.0773 2928  SystemInfo:
14:23:29.0773 2928  
14:23:29.0773 2928  OS Version: 6.1.7601 ServicePack: 1.0
14:23:29.0773 2928  Product type: Workstation
14:23:29.0773 2928  ComputerName: HEFTIGDERBOSS-P
14:23:29.0773 2928  UserName: HeftigDerBoss
14:23:29.0773 2928  Windows directory: C:\Windows
14:23:29.0773 2928  System windows directory: C:\Windows
14:23:29.0773 2928  Running under WOW64
14:23:29.0773 2928  Processor architecture: Intel x64
14:23:29.0773 2928  Number of processors: 2
14:23:29.0773 2928  Page size: 0x1000
14:23:29.0773 2928  Boot type: Normal boot
14:23:29.0773 2928  ============================================================
14:23:30.0586 2928  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:23:30.0596 2928  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:23:30.0601 2928  ============================================================
14:23:30.0601 2928  \Device\Harddisk1\DR1:
14:23:30.0601 2928  MBR partitions:
14:23:30.0601 2928  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFDE8000
14:23:30.0601 2928  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFDE8800, BlocksNum 0x2A59D000
14:23:30.0601 2928  \Device\Harddisk0\DR0:
14:23:30.0601 2928  MBR partitions:
14:23:30.0601 2928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
14:23:30.0601 2928  ============================================================
14:23:30.0624 2928  C: <-> \Device\Harddisk1\DR1\Partition1
14:23:30.0661 2928  D: <-> \Device\Harddisk1\DR1\Partition2
14:23:30.0674 2928  G: <-> \Device\Harddisk0\DR0\Partition1
14:23:30.0674 2928  ============================================================
14:23:30.0674 2928  Initialize success
14:23:30.0674 2928  ============================================================
14:24:24.0320 1780  ============================================================
14:24:24.0320 1780  Scan started
14:24:24.0321 1780  Mode: Manual; SigCheck; TDLFS; 
14:24:24.0321 1780  ============================================================
14:24:24.0505 1780  ================ Scan system memory ========================
14:24:24.0505 1780  System memory - ok
14:24:24.0505 1780  ================ Scan services =============================
14:24:24.0634 1780  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:24:24.0748 1780  1394ohci - ok
14:24:24.0783 1780  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:24:24.0807 1780  ACPI - ok
14:24:24.0823 1780  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:24:24.0894 1780  AcpiPmi - ok
14:24:24.0968 1780  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:24.0984 1780  AdobeARMservice - ok
14:24:25.0021 1780  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:24:25.0052 1780  adp94xx - ok
14:24:25.0080 1780  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:24:25.0104 1780  adpahci - ok
14:24:25.0123 1780  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:24:25.0144 1780  adpu320 - ok
14:24:25.0175 1780  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:24:25.0295 1780  AeLookupSvc - ok
14:24:25.0334 1780  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:24:25.0397 1780  AFD - ok
14:24:25.0435 1780  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:24:25.0454 1780  agp440 - ok
14:24:25.0467 1780  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:24:25.0522 1780  ALG - ok
14:24:25.0549 1780  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:24:25.0566 1780  aliide - ok
14:24:25.0592 1780  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:24:25.0610 1780  amdide - ok
14:24:25.0638 1780  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:24:25.0692 1780  AmdK8 - ok
14:24:25.0704 1780  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:24:25.0738 1780  AmdPPM - ok
14:24:25.0756 1780  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:24:25.0775 1780  amdsata - ok
14:24:25.0791 1780  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:24:25.0812 1780  amdsbs - ok
14:24:25.0823 1780  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:24:25.0839 1780  amdxata - ok
14:24:25.0876 1780  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
14:24:25.0927 1780  androidusb - ok
14:24:25.0993 1780  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:24:26.0009 1780  AntiVirSchedulerService - ok
14:24:26.0028 1780  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:24:26.0042 1780  AntiVirService - ok
14:24:26.0093 1780  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:24:26.0214 1780  AppID - ok
14:24:26.0233 1780  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:24:26.0300 1780  AppIDSvc - ok
14:24:26.0322 1780  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:24:26.0369 1780  Appinfo - ok
14:24:26.0403 1780  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:24:26.0464 1780  AppMgmt - ok
14:24:26.0496 1780  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:24:26.0514 1780  arc - ok
14:24:26.0524 1780  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:24:26.0542 1780  arcsas - ok
14:24:26.0565 1780  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:26.0626 1780  AsyncMac - ok
14:24:26.0653 1780  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:24:26.0669 1780  atapi - ok
14:24:26.0705 1780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:24:26.0781 1780  AudioEndpointBuilder - ok
14:24:26.0793 1780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:24:26.0848 1780  AudioSrv - ok
14:24:26.0883 1780  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:24:26.0901 1780  avgntflt - ok
14:24:26.0930 1780  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:24:26.0949 1780  avipbb - ok
14:24:26.0958 1780  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:24:26.0975 1780  avkmgr - ok
14:24:27.0005 1780  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:24:27.0073 1780  AxInstSV - ok
14:24:27.0125 1780  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:24:27.0181 1780  b06bdrv - ok
14:24:27.0209 1780  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:24:27.0270 1780  b57nd60a - ok
14:24:27.0302 1780  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:24:27.0341 1780  BDESVC - ok
14:24:27.0355 1780  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:24:27.0432 1780  Beep - ok
14:24:27.0461 1780  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:24:27.0545 1780  BITS - ok
14:24:27.0571 1780  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:27.0595 1780  blbdrive - ok
14:24:27.0619 1780  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:24:27.0648 1780  bowser - ok
14:24:27.0671 1780  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:24:27.0729 1780  BrFiltLo - ok
14:24:27.0744 1780  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:24:27.0764 1780  BrFiltUp - ok
14:24:27.0791 1780  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:24:27.0815 1780  Browser - ok
14:24:27.0837 1780  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:24:27.0887 1780  Brserid - ok
14:24:27.0896 1780  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:27.0925 1780  BrSerWdm - ok
14:24:27.0938 1780  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:27.0972 1780  BrUsbMdm - ok
14:24:27.0978 1780  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:27.0996 1780  BrUsbSer - ok
14:24:28.0015 1780  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:24:28.0045 1780  BTHMODEM - ok
14:24:28.0083 1780  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:24:28.0144 1780  bthserv - ok
14:24:28.0159 1780  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:24:28.0217 1780  cdfs - ok
14:24:28.0261 1780  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:24:28.0290 1780  cdrom - ok
14:24:28.0324 1780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:24:28.0381 1780  CertPropSvc - ok
14:24:28.0410 1780  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:24:28.0442 1780  circlass - ok
14:24:28.0465 1780  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:24:28.0491 1780  CLFS - ok
14:24:28.0541 1780  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:28.0557 1780  clr_optimization_v2.0.50727_32 - ok
14:24:28.0593 1780  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:24:28.0610 1780  clr_optimization_v2.0.50727_64 - ok
14:24:28.0670 1780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:28.0703 1780  clr_optimization_v4.0.30319_32 - ok
14:24:28.0738 1780  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:24:28.0753 1780  clr_optimization_v4.0.30319_64 - ok
14:24:28.0781 1780  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:24:28.0825 1780  CmBatt - ok
14:24:28.0848 1780  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:24:28.0865 1780  cmdide - ok
14:24:28.0899 1780  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:24:28.0946 1780  CNG - ok
14:24:28.0958 1780  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:24:28.0975 1780  Compbatt - ok
14:24:29.0001 1780  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:24:29.0035 1780  CompositeBus - ok
14:24:29.0049 1780  COMSysApp - ok
14:24:29.0056 1780  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:24:29.0074 1780  crcdisk - ok
14:24:29.0100 1780  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:24:29.0144 1780  CryptSvc - ok
14:24:29.0176 1780  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:24:29.0233 1780  CSC - ok
14:24:29.0262 1780  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:24:29.0298 1780  CscService - ok
14:24:29.0325 1780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:24:29.0395 1780  DcomLaunch - ok
14:24:29.0419 1780  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:24:29.0480 1780  defragsvc - ok
14:24:29.0511 1780  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:24:29.0563 1780  DfsC - ok
14:24:29.0591 1780  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:24:29.0663 1780  Dhcp - ok
14:24:29.0681 1780  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:24:29.0736 1780  discache - ok
14:24:29.0752 1780  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:24:29.0770 1780  Disk - ok
14:24:29.0797 1780  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:24:29.0830 1780  Dnscache - ok
14:24:29.0853 1780  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:24:29.0912 1780  dot3svc - ok
14:24:29.0935 1780  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:24:29.0995 1780  DPS - ok
14:24:30.0034 1780  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:24:30.0063 1780  drmkaud - ok
14:24:30.0104 1780  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:24:30.0139 1780  DXGKrnl - ok
14:24:30.0169 1780  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:24:30.0226 1780  EapHost - ok
14:24:30.0303 1780  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:24:30.0382 1780  ebdrv - ok
14:24:30.0408 1780  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:24:30.0454 1780  EFS - ok
14:24:30.0502 1780  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:24:30.0557 1780  ehRecvr - ok
14:24:30.0585 1780  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:24:30.0619 1780  ehSched - ok
14:24:30.0646 1780  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:24:30.0676 1780  elxstor - ok
14:24:30.0698 1780  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:24:30.0723 1780  ErrDev - ok
14:24:30.0758 1780  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:24:30.0822 1780  EventSystem - ok
14:24:30.0842 1780  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:24:30.0894 1780  exfat - ok
14:24:30.0906 1780  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:24:30.0971 1780  fastfat - ok
14:24:31.0025 1780  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:24:31.0093 1780  Fax - ok
14:24:31.0111 1780  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:24:31.0128 1780  fdc - ok
14:24:31.0147 1780  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:24:31.0203 1780  fdPHost - ok
14:24:31.0227 1780  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:24:31.0276 1780  FDResPub - ok
14:24:31.0298 1780  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:24:31.0317 1780  FileInfo - ok
14:24:31.0330 1780  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:24:31.0391 1780  Filetrace - ok
14:24:31.0409 1780  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:24:31.0427 1780  flpydisk - ok
14:24:31.0450 1780  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:24:31.0472 1780  FltMgr - ok
14:24:31.0514 1780  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:24:31.0570 1780  FontCache - ok
14:24:31.0616 1780  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:24:31.0629 1780  FontCache3.0.0.0 - ok
14:24:31.0648 1780  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:24:31.0666 1780  FsDepends - ok
14:24:31.0691 1780  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:24:31.0708 1780  Fs_Rec - ok
14:24:31.0746 1780  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:24:31.0770 1780  fvevol - ok
14:24:31.0781 1780  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:24:31.0799 1780  gagp30kx - ok
14:24:31.0833 1780  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:24:31.0897 1780  gpsvc - ok
14:24:31.0908 1780  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:24:31.0956 1780  hcw85cir - ok
14:24:32.0007 1780  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:24:32.0034 1780  HdAudAddService - ok
14:24:32.0052 1780  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:24:32.0082 1780  HDAudBus - ok
14:24:32.0110 1780  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:24:32.0137 1780  HidBatt - ok
14:24:32.0155 1780  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:24:32.0177 1780  HidBth - ok
14:24:32.0193 1780  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:24:32.0228 1780  HidIr - ok
14:24:32.0257 1780  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:24:32.0314 1780  hidserv - ok
14:24:32.0340 1780  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:24:32.0358 1780  HidUsb - ok
14:24:32.0381 1780  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:24:32.0456 1780  hkmsvc - ok
14:24:32.0484 1780  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:24:32.0517 1780  HomeGroupListener - ok
14:24:32.0532 1780  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:24:32.0563 1780  HomeGroupProvider - ok
14:24:32.0583 1780  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:24:32.0600 1780  HpSAMD - ok
14:24:32.0638 1780  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:24:32.0712 1780  HTTP - ok
14:24:32.0730 1780  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:24:32.0748 1780  hwpolicy - ok
14:24:32.0770 1780  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:24:32.0790 1780  i8042prt - ok
14:24:32.0819 1780  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:24:32.0844 1780  iaStorV - ok
14:24:32.0888 1780  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:24:32.0923 1780  idsvc - ok
14:24:32.0955 1780  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:24:32.0972 1780  iirsp - ok
14:24:33.0010 1780  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:24:33.0073 1780  IKEEXT - ok
14:24:33.0093 1780  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:24:33.0111 1780  intelide - ok
14:24:33.0135 1780  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:24:33.0166 1780  intelppm - ok
14:24:33.0198 1780  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:24:33.0252 1780  IPBusEnum - ok
14:24:33.0279 1780  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:33.0341 1780  IpFilterDriver - ok
14:24:33.0363 1780  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:24:33.0387 1780  IPMIDRV - ok
14:24:33.0405 1780  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:24:33.0461 1780  IPNAT - ok
14:24:33.0479 1780  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:24:33.0538 1780  IRENUM - ok
14:24:33.0561 1780  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:24:33.0578 1780  isapnp - ok
14:24:33.0595 1780  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:24:33.0619 1780  iScsiPrt - ok
14:24:33.0645 1780  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:33.0663 1780  kbdclass - ok
14:24:33.0685 1780  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:24:33.0723 1780  kbdhid - ok
14:24:33.0742 1780  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:24:33.0759 1780  KeyIso - ok
14:24:33.0800 1780  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:24:33.0818 1780  KSecDD - ok
14:24:33.0847 1780  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:24:33.0867 1780  KSecPkg - ok
14:24:33.0875 1780  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:24:33.0941 1780  ksthunk - ok
14:24:33.0974 1780  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:24:34.0036 1780  KtmRm - ok
14:24:34.0070 1780  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:24:34.0134 1780  LanmanServer - ok
14:24:34.0162 1780  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:24:34.0218 1780  LanmanWorkstation - ok
14:24:34.0244 1780  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:24:34.0305 1780  lltdio - ok
14:24:34.0336 1780  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:24:34.0391 1780  lltdsvc - ok
14:24:34.0405 1780  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:24:34.0453 1780  lmhosts - ok
14:24:34.0474 1780  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:24:34.0495 1780  LSI_FC - ok
14:24:34.0506 1780  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:24:34.0526 1780  LSI_SAS - ok
14:24:34.0542 1780  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:24:34.0560 1780  LSI_SAS2 - ok
14:24:34.0573 1780  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:24:34.0592 1780  LSI_SCSI - ok
14:24:34.0616 1780  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:24:34.0667 1780  luafv - ok
14:24:34.0708 1780  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
14:24:34.0734 1780  mcdbus - ok
14:24:34.0769 1780  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:24:34.0804 1780  Mcx2Svc - ok
14:24:34.0817 1780  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:24:34.0835 1780  megasas - ok
14:24:34.0855 1780  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:24:34.0879 1780  MegaSR - ok
14:24:34.0899 1780  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:24:34.0958 1780  MMCSS - ok
14:24:34.0972 1780  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:24:35.0036 1780  Modem - ok
14:24:35.0067 1780  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:24:35.0101 1780  monitor - ok
14:24:35.0121 1780  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:24:35.0138 1780  mouclass - ok
14:24:35.0170 1780  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:24:35.0201 1780  mouhid - ok
14:24:35.0229 1780  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:24:35.0247 1780  mountmgr - ok
14:24:35.0272 1780  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:24:35.0292 1780  mpio - ok
14:24:35.0310 1780  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:24:35.0359 1780  mpsdrv - ok
14:24:35.0377 1780  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:24:35.0405 1780  MRxDAV - ok
14:24:35.0432 1780  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:35.0485 1780  mrxsmb - ok
14:24:35.0503 1780  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:35.0535 1780  mrxsmb10 - ok
14:24:35.0554 1780  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:35.0573 1780  mrxsmb20 - ok
14:24:35.0596 1780  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:24:35.0614 1780  msahci - ok
14:24:35.0630 1780  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:24:35.0651 1780  msdsm - ok
14:24:35.0665 1780  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:24:35.0699 1780  MSDTC - ok
14:24:35.0722 1780  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:24:35.0771 1780  Msfs - ok
14:24:35.0785 1780  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:24:35.0842 1780  mshidkmdf - ok
14:24:35.0864 1780  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:24:35.0880 1780  msisadrv - ok
14:24:35.0902 1780  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:24:35.0963 1780  MSiSCSI - ok
14:24:35.0969 1780  msiserver - ok
14:24:35.0995 1780  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:24:36.0048 1780  MSKSSRV - ok
14:24:36.0060 1780  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:36.0137 1780  MSPCLOCK - ok
14:24:36.0143 1780  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:24:36.0206 1780  MSPQM - ok
14:24:36.0238 1780  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:24:36.0262 1780  MsRPC - ok
14:24:36.0281 1780  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:24:36.0297 1780  mssmbios - ok
14:24:36.0307 1780  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:24:36.0356 1780  MSTEE - ok
14:24:36.0368 1780  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:24:36.0385 1780  MTConfig - ok
14:24:36.0399 1780  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:24:36.0416 1780  Mup - ok
14:24:36.0449 1780  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:24:36.0508 1780  napagent - ok
14:24:36.0536 1780  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:24:36.0575 1780  NativeWifiP - ok
14:24:36.0625 1780  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:24:36.0666 1780  NDIS - ok
14:24:36.0679 1780  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:36.0729 1780  NdisCap - ok
14:24:36.0760 1780  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:36.0813 1780  NdisTapi - ok
14:24:36.0835 1780  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:36.0881 1780  Ndisuio - ok
14:24:36.0907 1780  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:36.0968 1780  NdisWan - ok
14:24:36.0985 1780  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:24:37.0032 1780  NDProxy - ok
14:24:37.0042 1780  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:24:37.0095 1780  NetBIOS - ok
14:24:37.0110 1780  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:24:37.0173 1780  NetBT - ok
14:24:37.0192 1780  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:24:37.0209 1780  Netlogon - ok
14:24:37.0240 1780  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:24:37.0307 1780  Netman - ok
14:24:37.0333 1780  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:24:37.0399 1780  netprofm - ok
14:24:37.0426 1780  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:24:37.0442 1780  NetTcpPortSharing - ok
14:24:37.0455 1780  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:24:37.0472 1780  nfrd960 - ok
14:24:37.0500 1780  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:24:37.0557 1780  NlaSvc - ok
14:24:37.0577 1780  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:24:37.0625 1780  Npfs - ok
14:24:37.0638 1780  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:24:37.0694 1780  nsi - ok
14:24:37.0705 1780  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:24:37.0758 1780  nsiproxy - ok
14:24:37.0823 1780  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:24:37.0879 1780  Ntfs - ok
14:24:37.0899 1780  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:24:37.0956 1780  Null - ok
14:24:37.0994 1780  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
14:24:38.0035 1780  NVENETFD - ok
14:24:38.0353 1780  [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:24:38.0639 1780  nvlddmkm - ok
14:24:38.0709 1780  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:24:38.0726 1780  nvraid - ok
14:24:38.0745 1780  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:24:38.0762 1780  nvstor - ok
14:24:38.0808 1780  [ 43F91595049DE14C4B61D1E76436164F ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:24:38.0840 1780  nvsvc - ok
14:24:38.0911 1780  [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:24:38.0956 1780  nvUpdatusService - ok
14:24:38.0973 1780  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:24:38.0993 1780  nv_agp - ok
14:24:39.0005 1780  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:24:39.0025 1780  ohci1394 - ok
14:24:39.0055 1780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:24:39.0102 1780  p2pimsvc - ok
14:24:39.0126 1780  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:24:39.0152 1780  p2psvc - ok
14:24:39.0166 1780  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:24:39.0187 1780  Parport - ok
14:24:39.0208 1780  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:24:39.0225 1780  partmgr - ok
14:24:39.0242 1780  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:24:39.0278 1780  PcaSvc - ok
14:24:39.0293 1780  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:24:39.0314 1780  pci - ok
14:24:39.0334 1780  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:24:39.0351 1780  pciide - ok
14:24:39.0368 1780  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:24:39.0389 1780  pcmcia - ok
14:24:39.0400 1780  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:24:39.0416 1780  pcw - ok
14:24:39.0446 1780  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:24:39.0505 1780  PEAUTH - ok
14:24:39.0563 1780  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:24:39.0626 1780  PeerDistSvc - ok
14:24:39.0688 1780  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:24:39.0713 1780  PerfHost - ok
14:24:39.0777 1780  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:24:39.0858 1780  pla - ok
14:24:39.0889 1780  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:24:39.0918 1780  PlugPlay - ok
14:24:39.0942 1780  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:24:39.0977 1780  PNRPAutoReg - ok
14:24:40.0000 1780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:24:40.0022 1780  PNRPsvc - ok
14:24:40.0049 1780  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:24:40.0120 1780  PolicyAgent - ok
14:24:40.0158 1780  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:24:40.0227 1780  Power - ok
14:24:40.0260 1780  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:24:40.0316 1780  PptpMiniport - ok
14:24:40.0329 1780  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:24:40.0356 1780  Processor - ok
14:24:40.0389 1780  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:24:40.0430 1780  ProfSvc - ok
14:24:40.0443 1780  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:24:40.0460 1780  ProtectedStorage - ok
14:24:40.0496 1780  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:24:40.0548 1780  Psched - ok
14:24:40.0596 1780  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:24:40.0649 1780  ql2300 - ok
14:24:40.0662 1780  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:24:40.0682 1780  ql40xx - ok
14:24:40.0708 1780  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:24:40.0736 1780  QWAVE - ok
14:24:40.0750 1780  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:24:40.0784 1780  QWAVEdrv - ok
14:24:40.0797 1780  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:24:40.0845 1780  RasAcd - ok
14:24:40.0869 1780  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:24:40.0917 1780  RasAgileVpn - ok
14:24:40.0933 1780  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:24:40.0998 1780  RasAuto - ok
14:24:41.0017 1780  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:41.0077 1780  Rasl2tp - ok
14:24:41.0103 1780  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:24:41.0158 1780  RasMan - ok
14:24:41.0178 1780  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:41.0238 1780  RasPppoe - ok
14:24:41.0253 1780  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:24:41.0315 1780  RasSstp - ok
14:24:41.0339 1780  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:24:41.0390 1780  rdbss - ok
14:24:41.0405 1780  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:24:41.0438 1780  rdpbus - ok
14:24:41.0454 1780  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:41.0501 1780  RDPCDD - ok
14:24:41.0540 1780  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:24:41.0569 1780  RDPDR - ok
14:24:41.0581 1780  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:24:41.0635 1780  RDPENCDD - ok
14:24:41.0653 1780  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:24:41.0701 1780  RDPREFMP - ok
14:24:41.0776 1780  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:24:41.0806 1780  RdpVideoMiniport - ok
14:24:41.0833 1780  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:24:41.0876 1780  RDPWD - ok
14:24:41.0895 1780  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:24:41.0916 1780  rdyboost - ok
14:24:41.0946 1780  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:24:42.0009 1780  RemoteAccess - ok
14:24:42.0036 1780  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:24:42.0100 1780  RemoteRegistry - ok
14:24:42.0127 1780  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:24:42.0191 1780  RpcEptMapper - ok
14:24:42.0211 1780  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:24:42.0231 1780  RpcLocator - ok
14:24:42.0254 1780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:24:42.0309 1780  RpcSs - ok
14:24:42.0334 1780  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:24:42.0382 1780  rspndr - ok
14:24:42.0405 1780  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:24:42.0443 1780  s3cap - ok
14:24:42.0450 1780  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:24:42.0467 1780  SamSs - ok
14:24:42.0484 1780  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:24:42.0503 1780  sbp2port - ok
14:24:42.0524 1780  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:24:42.0586 1780  SCardSvr - ok
14:24:42.0612 1780  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:24:42.0667 1780  scfilter - ok
14:24:42.0713 1780  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:24:42.0792 1780  Schedule - ok
14:24:42.0820 1780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:24:42.0866 1780  SCPolicySvc - ok
14:24:42.0891 1780  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:24:42.0917 1780  SDRSVC - ok
14:24:42.0943 1780  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:24:42.0991 1780  secdrv - ok
14:24:43.0026 1780  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:24:43.0087 1780  seclogon - ok
14:24:43.0107 1780  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:24:43.0171 1780  SENS - ok
14:24:43.0187 1780  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:24:43.0230 1780  SensrSvc - ok
14:24:43.0239 1780  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:24:43.0267 1780  Serenum - ok
14:24:43.0289 1780  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:24:43.0316 1780  Serial - ok
14:24:43.0339 1780  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:24:43.0369 1780  sermouse - ok
14:24:43.0391 1780  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:24:43.0440 1780  SessionEnv - ok
14:24:43.0460 1780  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:24:43.0496 1780  sffdisk - ok
14:24:43.0509 1780  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:24:43.0535 1780  sffp_mmc - ok
14:24:43.0547 1780  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:24:43.0569 1780  sffp_sd - ok
14:24:43.0583 1780  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:24:43.0601 1780  sfloppy - ok
14:24:43.0629 1780  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:24:43.0681 1780  ShellHWDetection - ok
14:24:43.0699 1780  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:24:43.0716 1780  SiSRaid2 - ok
14:24:43.0734 1780  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:24:43.0752 1780  SiSRaid4 - ok
14:24:43.0784 1780  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:24:43.0843 1780  Smb - ok
14:24:43.0891 1780  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:24:43.0923 1780  SNMPTRAP - ok
14:24:43.0938 1780  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:24:43.0955 1780  spldr - ok
14:24:43.0994 1780  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:24:44.0046 1780  Spooler - ok
14:24:44.0138 1780  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:24:44.0250 1780  sppsvc - ok
14:24:44.0272 1780  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:24:44.0335 1780  sppuinotify - ok
14:24:44.0368 1780  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:24:44.0408 1780  srv - ok
14:24:44.0438 1780  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:24:44.0473 1780  srv2 - ok
14:24:44.0487 1780  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:24:44.0518 1780  srvnet - ok
14:24:44.0552 1780  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
14:24:44.0590 1780  ssadbus - ok
14:24:44.0622 1780  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:24:44.0645 1780  ssadmdfl - ok
14:24:44.0660 1780  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
14:24:44.0694 1780  ssadmdm - ok
14:24:44.0712 1780  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
14:24:44.0736 1780  ssadserd - ok
14:24:44.0764 1780  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
14:24:44.0783 1780  sscdbus - ok
14:24:44.0800 1780  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:24:44.0816 1780  sscdmdfl - ok
14:24:44.0836 1780  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
14:24:44.0855 1780  sscdmdm - ok
14:24:44.0884 1780  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:24:44.0948 1780  SSDPSRV - ok
14:24:44.0966 1780  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:24:45.0018 1780  SstpSvc - ok
14:24:45.0046 1780  Steam Client Service - ok
14:24:45.0106 1780  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:24:45.0129 1780  Stereo Service - ok
14:24:45.0165 1780  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:24:45.0181 1780  stexstor - ok
14:24:45.0230 1780  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:24:45.0267 1780  stisvc - ok
14:24:45.0283 1780  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:24:45.0300 1780  storflt - ok
14:24:45.0322 1780  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:24:45.0338 1780  storvsc - ok
14:24:45.0357 1780  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:24:45.0374 1780  swenum - ok
14:24:45.0399 1780  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:24:45.0467 1780  swprv - ok
14:24:45.0484 1780  Synth3dVsc - ok
14:24:45.0545 1780  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:24:45.0610 1780  SysMain - ok
14:24:45.0633 1780  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:24:45.0670 1780  TabletInputService - ok
14:24:45.0693 1780  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:24:45.0753 1780  TapiSrv - ok
14:24:45.0771 1780  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:24:45.0821 1780  TBS - ok
14:24:45.0877 1780  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:24:45.0940 1780  Tcpip - ok
14:24:45.0981 1780  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:24:46.0036 1780  TCPIP6 - ok
14:24:46.0072 1780  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:24:46.0124 1780  tcpipreg - ok
14:24:46.0154 1780  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:24:46.0192 1780  TDPIPE - ok
14:24:46.0216 1780  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:24:46.0249 1780  TDTCP - ok
14:24:46.0279 1780  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:24:46.0327 1780  tdx - ok
14:24:46.0337 1780  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:24:46.0355 1780  TermDD - ok
14:24:46.0390 1780  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:24:46.0475 1780  TermService - ok
14:24:46.0499 1780  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:24:46.0533 1780  Themes - ok
14:24:46.0551 1780  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:24:46.0600 1780  THREADORDER - ok
14:24:46.0617 1780  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:24:46.0676 1780  TrkWks - ok
14:24:46.0707 1780  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:24:46.0766 1780  TrustedInstaller - ok
14:24:46.0800 1780  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:46.0854 1780  tssecsrv - ok
14:24:46.0886 1780  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:24:46.0927 1780  TsUsbFlt - ok
14:24:46.0932 1780  tsusbhub - ok
14:24:46.0982 1780  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:24:47.0042 1780  tunnel - ok
14:24:47.0065 1780  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:24:47.0083 1780  uagp35 - ok
14:24:47.0114 1780  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:24:47.0166 1780  udfs - ok
14:24:47.0191 1780  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:24:47.0224 1780  UI0Detect - ok
14:24:47.0237 1780  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:24:47.0254 1780  uliagpkx - ok
14:24:47.0280 1780  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:24:47.0305 1780  umbus - ok
14:24:47.0322 1780  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:24:47.0339 1780  UmPass - ok
14:24:47.0363 1780  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:24:47.0396 1780  UmRdpService - ok
14:24:47.0414 1780  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:24:47.0487 1780  upnphost - ok
14:24:47.0507 1780  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:47.0547 1780  usbccgp - ok
14:24:47.0571 1780  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:24:47.0594 1780  usbcir - ok
14:24:47.0606 1780  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:24:47.0624 1780  usbehci - ok
14:24:47.0638 1780  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:24:47.0674 1780  usbhub - ok
14:24:47.0688 1780  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:24:47.0709 1780  usbohci - ok
14:24:47.0726 1780  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:24:47.0758 1780  usbprint - ok
14:24:47.0779 1780  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:47.0816 1780  USBSTOR - ok
14:24:47.0829 1780  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:24:47.0852 1780  usbuhci - ok
14:24:47.0872 1780  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:24:47.0933 1780  UxSms - ok
14:24:47.0949 1780  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:24:47.0967 1780  VaultSvc - ok
14:24:47.0988 1780  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:24:48.0004 1780  vdrvroot - ok
14:24:48.0039 1780  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:24:48.0106 1780  vds - ok
14:24:48.0131 1780  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:48.0153 1780  vga - ok
14:24:48.0167 1780  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:24:48.0216 1780  VgaSave - ok
14:24:48.0229 1780  VGPU - ok
14:24:48.0284 1780  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:24:48.0317 1780  vhdmp - ok
14:24:48.0366 1780  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:24:48.0382 1780  viaide - ok
14:24:48.0412 1780  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:24:48.0432 1780  vmbus - ok
14:24:48.0455 1780  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:24:48.0479 1780  VMBusHID - ok
14:24:48.0494 1780  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:24:48.0511 1780  volmgr - ok
14:24:48.0541 1780  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:24:48.0564 1780  volmgrx - ok
14:24:48.0579 1780  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:24:48.0602 1780  volsnap - ok
14:24:48.0626 1780  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:24:48.0647 1780  vsmraid - ok
14:24:48.0695 1780  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:24:48.0792 1780  VSS - ok
14:24:48.0808 1780  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:24:48.0839 1780  vwifibus - ok
14:24:48.0869 1780  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:24:48.0933 1780  W32Time - ok
14:24:48.0951 1780  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:24:48.0982 1780  WacomPen - ok
14:24:49.0006 1780  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:24:49.0067 1780  WANARP - ok
14:24:49.0072 1780  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:24:49.0119 1780  Wanarpv6 - ok
14:24:49.0171 1780  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:24:49.0252 1780  wbengine - ok
14:24:49.0268 1780  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:24:49.0296 1780  WbioSrvc - ok
14:24:49.0324 1780  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:24:49.0362 1780  wcncsvc - ok
14:24:49.0381 1780  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:24:49.0405 1780  WcsPlugInService - ok
14:24:49.0419 1780  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:24:49.0436 1780  Wd - ok
14:24:49.0461 1780  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:24:49.0495 1780  Wdf01000 - ok
14:24:49.0507 1780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:24:49.0581 1780  WdiServiceHost - ok
14:24:49.0585 1780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:24:49.0612 1780  WdiSystemHost - ok
14:24:49.0633 1780  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:24:49.0673 1780  WebClient - ok
14:24:49.0688 1780  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:24:49.0744 1780  Wecsvc - ok
14:24:49.0757 1780  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:24:49.0819 1780  wercplsupport - ok
14:24:49.0846 1780  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:24:49.0897 1780  WerSvc - ok
14:24:49.0925 1780  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:24:49.0972 1780  WfpLwf - ok
14:24:49.0986 1780  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:24:50.0008 1780  WIMMount - ok
14:24:50.0014 1780  WinHttpAutoProxySvc - ok
14:24:50.0075 1780  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:24:50.0125 1780  Winmgmt - ok
14:24:50.0181 1780  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:24:50.0278 1780  WinRM - ok
14:24:50.0336 1780  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:24:50.0385 1780  Wlansvc - ok
14:24:50.0403 1780  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:24:50.0429 1780  WmiAcpi - ok
14:24:50.0452 1780  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:24:50.0486 1780  wmiApSrv - ok
14:24:50.0518 1780  WMPNetworkSvc - ok
14:24:50.0535 1780  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:24:50.0568 1780  WPCSvc - ok
14:24:50.0587 1780  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:24:50.0610 1780  WPDBusEnum - ok
14:24:50.0629 1780  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:24:50.0689 1780  ws2ifsl - ok
14:24:50.0694 1780  WSearch - ok
14:24:50.0768 1780  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:24:50.0844 1780  wuauserv - ok
14:24:50.0877 1780  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:24:50.0925 1780  WudfPf - ok
14:24:50.0961 1780  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:51.0024 1780  WUDFRd - ok
14:24:51.0050 1780  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:24:51.0099 1780  wudfsvc - ok
14:24:51.0131 1780  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:24:51.0162 1780  WwanSvc - ok
14:24:51.0198 1780  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:24:51.0221 1780  xusb21 - ok
14:24:51.0225 1780  ================ Scan global ===============================
14:24:51.0250 1780  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:24:51.0275 1780  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:24:51.0286 1780  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:24:51.0309 1780  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:24:51.0342 1780  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:24:51.0347 1780  [Global] - ok
14:24:51.0347 1780  ================ Scan MBR ==================================
14:24:51.0360 1780  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
14:24:51.0416 1780  \Device\Harddisk1\DR1 - ok
14:24:51.0419 1780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:24:51.0891 1780  \Device\Harddisk0\DR0 - ok
14:24:51.0891 1780  ================ Scan VBR ==================================
14:24:51.0918 1780  [ 2BEBDFDDEE481CE2AE9E0679E70459CE ] \Device\Harddisk1\DR1\Partition1
14:24:51.0919 1780  \Device\Harddisk1\DR1\Partition1 - ok
14:24:51.0937 1780  [ 59AA407565D0CEF57D3AA9726BFDEBC4 ] \Device\Harddisk1\DR1\Partition2
14:24:51.0938 1780  \Device\Harddisk1\DR1\Partition2 - ok
14:24:51.0942 1780  [ 9DE75C04EA8F39CF9EE04AAC50DFA51A ] \Device\Harddisk0\DR0\Partition1
14:24:51.0943 1780  \Device\Harddisk0\DR0\Partition1 - ok
14:24:51.0944 1780  ============================================================
14:24:51.0944 1780  Scan finished
14:24:51.0944 1780  ============================================================
14:24:51.0956 3444  Detected object count: 0
14:24:51.0956 3444  Actual detected object count: 0

Verdammt, ich hab scheisse gebaut. Ich wollte mir was Ziehen aus dem Netz und dabei wurde Adware.Gen gefunden und wenn ich nun einen neuen Tab öffnen möchte wird dieser nicht von firefox, sondern von mystart. incredibar. com geöffnet. Eine Deinstallation und Neuinstallation von firefox hat nicht geholfen. Poste gleich logs von malwarebytes, OTL und ESET.

Okay, das Problem mit mystart konnte ich teilweise beheben, habe im about:config die browser.newtab.url & browser.search.defaultenginename zurück gesetzt. Ich vermute allerdings trotzdem, dass da noch Adware läuft !?

cosinus · 19.09.2012, 12:30

Zitat:

Ich wollte mir was Ziehen aus dem Netz und dabei wurde Adware.Gen

Geht das bitte auch konkreter?!

Warum verschweigst du was genau du dir aus dem Netz gezogen hast und warum die genaue Meldung des Virenscanners! Mit dem Schädlingsnamen allein ist es nicht getan....

copatin · 19.09.2012, 12:45

Entschuldigung, da steckte keine Absicht hinter.
Ich wollte mir via torrent ein Spiel für den Dolphin Emulator ziehen, ein Spiel von der Nintendo Wii. Auf der Suche nach einem Anbieter klickte ich auf einen link, nachdem eine einige kb große Datein installiert wurde. Sofort darauf piepte antivir hektisch drei- bis viermal und es meldete, dass Adware.Gen detektiert wurde.
Beim kurzen Nachlesen im Netz las ich, dass antivir diesen Schädling zumindest in Quarantäne verschieben kann. Also habe ich antivir komplett durchlaufen lassen und anschließend teilte mir antivir mit, dass eine vollständige Löschung der Plagegeister einen Neustart bräuchte. Ich startete anschließend den Rechner neu und ließ antivir erneut komplett durchlaufen, allerdings ohne einen eizigen Fund. Den log habe ich nicht gespeichert, da ich vorher gelesen hatte, antivir könne das Problem beseitigen.

cosinus · 19.09.2012, 16:07

Genau deswegen lässt man ja auch die Finger von so einem Dreck aus unseriösen Quellen!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

copatin · 20.09.2012, 16:53

Code:

ATTFilter


Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-09-20.01 - HeftigDerBoss 20.09.2012  17:39:48.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1975 [GMT 2:00]
ausgeführt von:: c:\users\HeftigDerBoss\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\users\HEFTIG~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\HeftigDerBoss\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\HeftigDerBoss\vikyrefwaqis.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-20 bis 2012-09-20  ))))))))))))))))))))))))))))))
.
.
2012-09-18 13:51 . 2012-09-18 13:51	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 13:37 . 2000-05-14 17:19	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-09-18 13:37 . 2000-05-14 17:18	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-09-18 13:37 . 2000-05-14 17:14	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-09-18 13:37 . 2000-05-14 17:12	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-09-18 13:34 . 2012-09-18 13:34	--------	d-----w-	c:\program files (x86)\wxDownload Fast
2012-09-18 13:34 . 2012-09-18 13:34	856	----a-w-	C:\user.js
2012-09-18 13:34 . 2012-09-18 13:34	--------	d-----w-	c:\programdata\Premium
2012-09-18 13:33 . 2012-09-18 13:34	--------	d-----w-	c:\programdata\InstallMate
2012-09-17 13:53 . 2012-09-17 13:53	--------	d-----w-	C:\_OTL
2012-09-12 20:13 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 20:13 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 20:13 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 20:13 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 20:13 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 20:13 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 20:13 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-08-29 17:08 . 2012-08-29 17:08	--------	d-----w-	c:\users\HeftigDerBoss\AppData\Local\FOMM
2012-08-25 06:35 . 2012-08-25 06:35	--------	d-----w-	c:\users\HeftigDerBoss\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 23:16 . 2012-01-04 16:58	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2012-08-06 16:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-30 19:14 . 2012-02-09 20:43	18229096	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-01-04 16:06	2725224	----a-w-	c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-01-04 16:06	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2009-07-13 21:59	14879080	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2009-06-10 20:37	15291752	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-08-30 16:18 . 2012-01-04 16:07	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-01-04 16:07	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-01-04 16:07	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-01-04 16:07	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-01-04 16:07	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-01-04 16:07	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-07 16:27 . 2012-08-07 16:27	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-07 16:27 . 2012-08-07 16:27	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-08-07 16:27 . 2012-08-07 16:27	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-08-07 16:27 . 2012-08-07 16:27	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-07 16:27 . 2012-08-07 16:27	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-08-07 16:27 . 2012-08-07 16:27	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-08-07 16:27 . 2012-08-07 16:27	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-08-07 16:27 . 2012-08-07 16:27	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-07 16:27 . 2012-08-07 16:27	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-08-07 16:27 . 2012-08-07 16:27	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-08-07 16:27 . 2012-08-07 16:27	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-08-07 16:27 . 2012-08-07 16:27	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-08-07 16:27 . 2012-08-07 16:27	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-08-07 16:27 . 2012-08-07 16:27	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-08-07 16:27 . 2012-08-07 16:27	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-08-07 16:27 . 2012-08-07 16:27	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-08-07 16:27 . 2012-08-07 16:27	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-08-07 16:27 . 2012-08-07 16:27	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-08-07 16:27 . 2012-08-07 16:27	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-08-07 16:27 . 2012-08-07 16:27	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-08-07 16:27 . 2012-08-07 16:27	82432	----a-w-	c:\windows\system32\icardie.dll
2012-08-07 16:27 . 2012-08-07 16:27	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-08-07 16:27 . 2012-08-07 16:27	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-07 16:27 . 2012-08-07 16:27	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-08-07 16:27 . 2012-08-07 16:27	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-08-07 16:27 . 2012-08-07 16:27	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-08-07 16:27 . 2012-08-07 16:27	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-08-07 16:27 . 2012-08-07 16:27	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-08-07 16:27 . 2012-08-07 16:27	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-08-07 16:27 . 2012-08-07 16:27	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-08-07 16:27 . 2012-08-07 16:27	448512	----a-w-	c:\windows\system32\html.iec
2012-08-07 16:27 . 2012-08-07 16:27	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-08-07 16:27 . 2012-08-07 16:27	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-08-07 16:27 . 2012-08-07 16:27	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-08-07 16:27 . 2012-08-07 16:27	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-07 16:27 . 2012-08-07 16:27	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-08-07 16:27 . 2012-08-07 16:27	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-08-07 16:27 . 2012-08-07 16:27	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-08-07 16:27 . 2012-08-07 16:27	222208	----a-w-	c:\windows\system32\msls31.dll
2012-08-07 16:27 . 2012-08-07 16:27	197120	----a-w-	c:\windows\system32\msrating.dll
2012-08-07 16:27 . 2012-08-07 16:27	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-08-07 16:27 . 2012-08-07 16:27	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-08-07 16:27 . 2012-08-07 16:27	160256	----a-w-	c:\windows\system32\wextract.exe
2012-08-07 16:27 . 2012-08-07 16:27	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-08-07 16:27 . 2012-08-07 16:27	149504	----a-w-	c:\windows\system32\occache.dll
2012-08-07 16:27 . 2012-08-07 16:27	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-08-07 16:27 . 2012-08-07 16:27	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-08-07 16:27 . 2012-08-07 16:27	12288	----a-w-	c:\windows\system32\mshta.exe
2012-08-07 16:27 . 2012-08-07 16:27	114176	----a-w-	c:\windows\system32\admparse.dll
2012-08-07 16:27 . 2012-08-07 16:27	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-07 16:27 . 2012-08-07 16:27	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-08-07 16:27 . 2012-08-07 16:27	103936	----a-w-	c:\windows\system32\inseng.dll
2012-08-05 12:51 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-07-18 18:15 . 2012-08-15 19:45	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 19:45	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 19:45	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 19:45	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 19:45	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-06-29 10:04 . 2012-08-03 07:24	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B63E536E-1E31-4B01-BFFE-11E0629B4C52}\mpengine.dll
2012-06-29 04:55 . 2012-08-15 20:31	17809920	----a-w-	c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:31	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:31	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:31	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:31	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:31	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:31	237056	----a-w-	c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:31	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:31	816640	----a-w-	c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:31	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:31	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:31	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:31	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:31	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:31	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:31	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:31	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:31	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="g:\steam\steam.exe" [2012-08-05 1353080]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\HeftigDerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - d:\program files (x86)\MagicDisc\MagicDisc.exe [2012-1-11 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\WxDFastUpdaterTask{AF875C55-DECD-4BB6-BD69-4807323F9A4C}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-18 12:31]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8Fy0314c&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HeftigDerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\wtqlaods.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8Fy0314c&&i=26&search=
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8Fy0314c
FF - user.js: extensions.incredibar_i.upn2n - 92825077749324784
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 140%5F5
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Fy0314c&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 94805e8a0000000000000019dbe80e53
FF - user.js: extensions.incredibar_i.instlDay - 15601
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKCU-Run-vikyrefwaqis - c:\users\HeftigDerBoss\vikyrefwaqis.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Steam App 12370 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 12380 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 42670 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 8980 - d:\spiele\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-20  17:48:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-20 15:48
.
Vor Suchlauf: 9 Verzeichnis(se), 85.100.417.024 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 84.656.844.800 Bytes frei
.
- - End Of File - - 43ACDE195B6EB1FDE8BA9A61538BFC60
         
 --- --- ---

cosinus · 20.09.2012, 20:19

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
C:\user.js

Firefox::
FF - ProfilePath - c:\users\HeftigDerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\wtqlaods.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8Fy0314c&&i=26&search=
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8Fy0314c
FF - user.js: extensions.incredibar_i.upn2n - 92825077749324784
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 140%5F5
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6R8Fy0314c&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 94805e8a0000000000000019dbe80e53
FF - user.js: extensions.incredibar_i.instlDay - 15601
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

copatin · 21.09.2012, 15:16

Code:

ATTFilter


Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-09-20.03 - HeftigDerBoss 21.09.2012  15:34:56.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1930 [GMT 2:00]
ausgeführt von:: c:\users\HeftigDerBoss\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\HeftigDerBoss\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\user.js
c:\users\HEFTIG~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\HeftigDerBoss\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-21 bis 2012-09-21  ))))))))))))))))))))))))))))))
.
.
2012-09-21 13:39 . 2012-09-21 13:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-21 13:39 . 2012-09-21 13:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-21 13:26 . 2012-09-18 22:58	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C9544B6-363F-4EE1-B6F3-E5CFB2BA2C50}\mpengine.dll
2012-09-18 13:51 . 2012-09-18 13:51	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 13:37 . 2000-05-14 17:19	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-09-18 13:37 . 2000-05-14 17:18	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-09-18 13:37 . 2000-05-14 17:14	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-09-18 13:37 . 2000-05-14 17:12	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-09-18 13:34 . 2012-09-18 13:34	--------	d-----w-	c:\program files (x86)\wxDownload Fast
2012-09-18 13:34 . 2012-09-18 13:34	--------	d-----w-	c:\programdata\Premium
2012-09-18 13:33 . 2012-09-18 13:34	--------	d-----w-	c:\programdata\InstallMate
2012-09-17 13:53 . 2012-09-17 13:53	--------	d-----w-	C:\_OTL
2012-09-12 20:13 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 20:13 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 20:13 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 20:13 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 20:13 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 20:13 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 20:13 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-08-29 17:08 . 2012-08-29 17:08	--------	d-----w-	c:\users\HeftigDerBoss\AppData\Local\FOMM
2012-08-25 06:35 . 2012-08-25 06:35	--------	d-----w-	c:\users\HeftigDerBoss\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 23:16 . 2012-01-04 16:58	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2012-08-06 16:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-30 19:14 . 2012-02-09 20:43	18229096	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-01-04 16:06	2725224	----a-w-	c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-01-04 16:06	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2009-07-13 21:59	14879080	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2009-06-10 20:37	15291752	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-08-30 16:18 . 2012-01-04 16:07	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-01-04 16:07	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-01-04 16:07	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-01-04 16:07	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-01-04 16:07	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-01-04 16:07	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-07 16:27 . 2012-08-07 16:27	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-07 16:27 . 2012-08-07 16:27	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-08-07 16:27 . 2012-08-07 16:27	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-08-07 16:27 . 2012-08-07 16:27	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-07 16:27 . 2012-08-07 16:27	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-08-07 16:27 . 2012-08-07 16:27	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-08-07 16:27 . 2012-08-07 16:27	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-08-07 16:27 . 2012-08-07 16:27	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-07 16:27 . 2012-08-07 16:27	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-08-07 16:27 . 2012-08-07 16:27	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-08-07 16:27 . 2012-08-07 16:27	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-08-07 16:27 . 2012-08-07 16:27	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-08-07 16:27 . 2012-08-07 16:27	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-08-07 16:27 . 2012-08-07 16:27	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-08-07 16:27 . 2012-08-07 16:27	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-08-07 16:27 . 2012-08-07 16:27	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-08-07 16:27 . 2012-08-07 16:27	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-08-07 16:27 . 2012-08-07 16:27	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-08-07 16:27 . 2012-08-07 16:27	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-08-07 16:27 . 2012-08-07 16:27	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-08-07 16:27 . 2012-08-07 16:27	82432	----a-w-	c:\windows\system32\icardie.dll
2012-08-07 16:27 . 2012-08-07 16:27	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-08-07 16:27 . 2012-08-07 16:27	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-07 16:27 . 2012-08-07 16:27	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-08-07 16:27 . 2012-08-07 16:27	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-08-07 16:27 . 2012-08-07 16:27	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-08-07 16:27 . 2012-08-07 16:27	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-08-07 16:27 . 2012-08-07 16:27	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-08-07 16:27 . 2012-08-07 16:27	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-08-07 16:27 . 2012-08-07 16:27	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-08-07 16:27 . 2012-08-07 16:27	448512	----a-w-	c:\windows\system32\html.iec
2012-08-07 16:27 . 2012-08-07 16:27	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-08-07 16:27 . 2012-08-07 16:27	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-08-07 16:27 . 2012-08-07 16:27	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-08-07 16:27 . 2012-08-07 16:27	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-07 16:27 . 2012-08-07 16:27	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-08-07 16:27 . 2012-08-07 16:27	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-08-07 16:27 . 2012-08-07 16:27	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-08-07 16:27 . 2012-08-07 16:27	222208	----a-w-	c:\windows\system32\msls31.dll
2012-08-07 16:27 . 2012-08-07 16:27	197120	----a-w-	c:\windows\system32\msrating.dll
2012-08-07 16:27 . 2012-08-07 16:27	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-08-07 16:27 . 2012-08-07 16:27	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-08-07 16:27 . 2012-08-07 16:27	160256	----a-w-	c:\windows\system32\wextract.exe
2012-08-07 16:27 . 2012-08-07 16:27	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-08-07 16:27 . 2012-08-07 16:27	149504	----a-w-	c:\windows\system32\occache.dll
2012-08-07 16:27 . 2012-08-07 16:27	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-08-07 16:27 . 2012-08-07 16:27	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-08-07 16:27 . 2012-08-07 16:27	12288	----a-w-	c:\windows\system32\mshta.exe
2012-08-07 16:27 . 2012-08-07 16:27	114176	----a-w-	c:\windows\system32\admparse.dll
2012-08-07 16:27 . 2012-08-07 16:27	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-07 16:27 . 2012-08-07 16:27	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-08-07 16:27 . 2012-08-07 16:27	103936	----a-w-	c:\windows\system32\inseng.dll
2012-08-05 12:51 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-07-18 18:15 . 2012-08-15 19:45	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 19:45	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 19:45	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 19:45	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 19:45	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 20:31	17809920	----a-w-	c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:31	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:31	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:31	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:31	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:31	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:31	237056	----a-w-	c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:31	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:31	816640	----a-w-	c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:31	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:31	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:31	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:31	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:31	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:31	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:31	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:31	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:31	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="g:\steam\steam.exe" [2012-08-05 1353080]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\HeftigDerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - d:\program files (x86)\MagicDisc\MagicDisc.exe [2012-1-11 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-21 c:\windows\Tasks\WxDFastUpdaterTask{AF875C55-DECD-4BB6-BD69-4807323F9A4C}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-18 12:31]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8Fy0314c&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HeftigDerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\wtqlaods.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Steam App 12370 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 12380 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 42670 - d:\spiele\Steam\steam.exe
AddRemove-Steam App 8980 - d:\spiele\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-21  15:43:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-21 13:43
ComboFix2.txt  2012-09-20 15:48
.
Vor Suchlauf: 11 Verzeichnis(se), 85.745.655.808 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 85.559.234.560 Bytes frei
.
- - End Of File - - 322FF26EE236F347ED424B88BA8013CE
         
 --- --- ---

cosinus · 21.09.2012, 20:31

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

copatin · 27.09.2012, 08:27

Sorry, ich war ein paar Tage bei meiner Freundin, erst seit gestern abend wieder zu Hause.

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-27 09:26:45
Windows 6.1.7601 Service Pack 1 
Running: w1sw0z4j.exe


---- Files - GMER 1.0.15 ----

File  C:\Windows\System32\LogFiles\Scm\eaef8d09-d60b-40d1-accb-f0d0781eba5c  20 bytes

---- EOF - GMER 1.0.15 ----
         
 --- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:35:22 on 27.09.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"WxDFastUpdaterTask{AF875C55-DECD-4BB6-BD69-4807323F9A4C}.job" - ? - C:\ProgramData\Premium\WxDFast\WxDFast.exe  (File found, but it contains no detailed information)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Programme\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{F9639E4A-801B-4843-AEE3-03D9DA199E77} "Incredibar Toolbar" - ? - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} "Incredibar.com Helper Object" - ? - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll  (File not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\HeftigDerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"MagicDisc.lnk" - "MagicISO, Inc." - D:\Program Files (x86)\MagicDisc\MagicDisc.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesHelper" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"Steam" - "Valve Corporation" - "G:\Steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 09:39:53
-----------------------------
09:39:53.637    OS Version: Windows x64 6.1.7601 Service Pack 1
09:39:53.637    Number of processors: 2 586 0xF06
09:39:53.637    ComputerName: HEFTIGDERBOSS-P  UserName: HeftigDerBoss
09:39:54.168    Initialize success
09:59:49.331    AVAST engine defs: 12092601
10:23:46.734    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
10:23:46.737    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
10:23:46.740    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
10:23:46.743    Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3
10:23:46.752    Disk 1 MBR read successfully
10:23:46.755    Disk 1 MBR scan
10:23:46.762    Disk 1 Windows VISTA default MBR code
10:23:46.771    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       130000 MB offset 2048
10:23:46.790    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       346938 MB offset 266242048
10:23:46.823    Disk 1 scanning C:\Windows\system32\drivers
10:23:54.752    Service scanning
10:24:11.005    Modules scanning
10:24:11.015    Disk 1 trace - called modules:
10:24:11.417    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
10:24:11.423    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80033f2730]
10:24:11.429    3 CLASSPNP.SYS[fffff8800191943f] -> nt!IofCallDriver -> [0xfffffa8002443e40]
10:24:11.436    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800307c680]
10:24:11.954    AVAST engine scan C:\Windows
10:24:13.572    AVAST engine scan C:\Windows\system32
10:26:40.714    AVAST engine scan C:\Windows\system32\drivers
10:26:49.258    AVAST engine scan C:\Users\HeftigDerBoss
10:30:04.049    AVAST engine scan C:\ProgramData
10:30:33.945    Scan finished successfully
10:33:30.562    Disk 1 MBR has been saved successfully to "C:\Users\HeftigDerBoss\Desktop\MBR.dat"
10:33:30.569    The log file has been saved successfully to "C:\Users\HeftigDerBoss\Desktop\aswMBR.txt"