Virus lässt sich nicht dauerhaft entfernen trotz Malware Progr. - HKCU/Software/VB an VBA Program settings/SrvID

Nimsaj · 03.12.2012, 19:28

Hallo zusammen

ich habe hier schon mal tolle Hilfe bekommen von Euch und hoffe nun wieder

Ich hab wieder was eingefangen..trotz zwischendurch der Scans meine Virenprogramms ( Norton 360) und Antimalware Malwarebytes..
Es ist diesmal ein Virus mit dem Namen: In Registry Key - HKCU/Software/VB an VBA Program Settings/SrvID
Ich lass regelmässig die scans laufen ( immer aktuelle version) entferne das ding aber es kommt immer wieder!
Hatte wieder mal Bluescreen und konnte dank Windows Starthilfe wieder zugreifen. Hab die Bilder "GSD" auf DVD´´s gesichert. Komischerweise erkennt mein Laufwerk das nicht...der Läppi meines von meinem Mann wohl

ist das ein zusammenhang?

Wie kann ich das Ding dauerhaft entfernen?

Ich lade mal die Logdatei des letzen scans hoch..

Danke gruss Nimsaj

cosinus · 04.12.2012, 13:25

Hallo,

Zitat:

Ich lass regelmässig die scans laufen ( immer aktuelle version) entferne das ding aber es kommt immer wieder!

Wo bitte sind denn die vollständigen Logs dazu?

Du hast nur ein Log von Malwarebytes ohne Funde gepostet, ist ein wenig sinnfrei da absolut nicht hilfreich um dir bei der Infektion zu helfen!

Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Nimsaj · 04.12.2012, 19:53

*räusper*

ööööhmm..sorry..das war echt sinnfrei von mir

hab nicht drüber nachgedacht--
Naja dann lass ich den nochmal laufen und poste den dann..

gruss Nimsaj

soo hier den log:

Code:

ATTFilter

Jasmin :: JASMIN-PC [Administrator]

04.12.2012 19:53:51
mbam-log-2012-12-04 (20-03-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235659
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

gruss Nimsaj

Nimsaj · 06.12.2012, 11:40

Hallo

ich ergänze

beim hochfahren kommt das Fenster:
Anwendungsfehler: SQLupdater.exe konnt nicht ausgeführt werden..

gruss Nimsaj

cosinus · 06.12.2012, 12:29

Du solltest alle Logs mit allen Funden posten!
Das erreichst du ja wohl schlecht indem du neue Scans machst!
Ich wollte erstmal nur alle vorhandenen Logs sehen und keine neuen!

Nimsaj · 09.12.2012, 16:42

Welche Logs hättest du denn gern? Ich hab die ja nicht alle gespeichert..
das ist der letze aktuelle..
Danke
MFG Nimsaj

cosinus · 09.12.2012, 18:06

Zitat:

Welche Logs hättest du denn gern? Ich hab die ja nicht alle gespeichert..

Artikel nicht gelesen?

=> http://www.trojaner-board.de/125889-...tml#post941520

Alle Logs mit allen Funden! Es geht um Malwarebytes und alle anderen Virenscanner!

Nimsaj · 10.12.2012, 10:08

Hallo

ich habe doch den Log gespeichert und gepostet den ich habe laufen lassen.
Welche Logs mit Funden sollte ich denn noch posten wenn ich nur Anti Malware Bytes habe laufen lassen und immer das gleiche Log gespreichert wird?
Hier nun die andern Logs..hoffe es ist das was du meinst.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

17.11.2012 12:43:47
mbam-log-2012-11-17 (12-43-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468723
Laufzeit: 2 Stunde(n), 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

23.11.2012 10:00:40
mbam-log-2012-11-23 (10-00-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234118
Laufzeit: 10 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

24.11.2012 13:15:40
mbam-log-2012-11-24 (13-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472772
Laufzeit: 2 Stunde(n), 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

24.11.2012 13:15:40
mbam-log-2012-11-24 (13-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472772
Laufzeit: 2 Stunde(n), 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

24.11.2012 13:15:40
mbam-log-2012-11-24 (13-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472772
Laufzeit: 2 Stunde(n), 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

24.11.2012 16:41:13
mbam-log-2012-11-24 (16-41-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234193
Laufzeit: 7 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

24.11.2012 16:41:13
mbam-log-2012-11-24 (17-11-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234193
Laufzeit: 7 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

03.12.2012 15:38:11
mbam-log-2012-12-03 (15-38-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235630
Laufzeit: 17 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

04.12.2012 19:53:51
mbam-log-2012-12-04 (19-53-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235659
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

04.12.2012 19:53:51
mbam-log-2012-12-04 (19-53-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235659
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jasmin :: JASMIN-PC [Administrator]

04.12.2012 19:53:51
mbam-log-2012-12-04 (19-53-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235659
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 10.12.2012, 12:36

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Nimsaj · 13.12.2012, 14:49

Soderle
hier das von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.12.2012 13:47:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,00% Memory free
7,99 Gb Paging File | 6,27 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 82,72 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive D: | 590,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,61 Gb Free Space | 96,98% Space Free | Partition Type: FAT32
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.13 13:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.02 11:51:50 | 117,440,512 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.07.04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.06.28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.06.09 18:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.05.26 15:58:46 | 001,545,568 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.05.04 15:11:24 | 000,263,824 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2009.05.04 15:11:22 | 000,706,192 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 15:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.07.02 11:51:50 | 117,440,512 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010.06.09 18:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.05.26 15:58:48 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010.05.26 15:58:36 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 00:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.22 03:31:04 | 000,117,584 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV - [2012.12.12 12:58:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 11:56:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.11.05 21:09:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.04 15:11:24 | 000,263,824 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.30 12:58:31 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.17 19:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.17 19:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012.04.17 18:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.08.17 09:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.08.17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.27 03:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 03:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 03:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2010.04.21 02:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.20 23:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.22 03:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.11.08 10:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012.12.13 09:07:11 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20121212.019\ex64.sys -- (NAVEX15)
DRV - [2012.12.13 09:07:11 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20121212.019\eng64.sys -- (NAVENG)
DRV - [2012.12.11 17:38:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.11.22 18:23:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20121212.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.10.17 08:13:23 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=6&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jasmin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.21 14:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012.11.30 19:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2012.12.13 08:46:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 11:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 11:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.12 10:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.21 14:01:55 | 000,000,000 | ---D | M]
 
[2011.04.01 12:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions
[2011.04.01 12:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.11 13:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\gsw44htt.default\extensions
[2012.12.11 13:55:13 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\gsw44htt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.18 10:53:03 | 000,002,476 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\gsw44htt.default\searchplugins\safesearch.xml
[2012.12.05 11:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.30 19:18:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPLGN
[2012.12.05 11:56:44 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.14 11:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 11:02:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.14 11:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 11:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.14 11:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 11:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SQLUpdate] C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001..\Run: [Facebook Update] C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3918971101-3803662693-3334525287-1001..\Run: [SQLUpdate] C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe ()
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: SQLUpdate = C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6A65F7A-892A-4FFE-AF42-BFA3F28AA7D1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\users\jasmin\appdata\roaming\system\dgkiqhkvd6kt\winreupdating.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.22 15:14:09 | 000,000,201 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1200d149-e916-11df-9dc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1200d149-e916-11df-9dc2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3AE2ABC-B85C-EC98-DA9C-5AF98BC2A23F} - C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.13 13:46:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.12.05 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.13 13:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.12.13 13:44:51 | 000,161,305 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\qwg
[2012.12.13 13:35:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.13 13:35:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.13 13:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 11:36:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001UA.job
[2012.12.13 08:49:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 08:49:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 08:43:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.13 08:43:13 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.12 14:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001Core.job
[2012.12.09 16:36:44 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.09 16:36:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.09 16:20:35 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\TOPP 5641 - Weihnachtliches aus Holz.lnk
[2012.12.06 18:37:20 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 18:37:20 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 18:37:20 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 18:37:20 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 18:37:20 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.02 13:02:43 | 268,154,605 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.24 16:32:33 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.24 11:39:27 | 000,300,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 13:18:55 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk
[2012.11.13 14:41:39 | 000,008,192 | -H-- | M] () -- C:\Users\Jasmin\Documents\photothumb.db
 
========== Files Created - No Company Name ==========
 
[2012.12.09 16:36:44 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.09 16:36:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.24 16:32:32 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.24 16:32:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.24 11:09:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.24 10:48:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.23 09:51:28 | 268,154,605 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.16 08:42:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.05 14:25:32 | 000,161,305 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\qwg
[2012.11.05 14:22:54 | 117,440,512 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe
[2012.08.18 01:35:09 | 000,000,065 | -H-- | C] () -- C:\Users\Jasmin\AppData\Roaming\winrecord.dat
[2011.10.21 13:53:21 | 000,187,093 | ---- | C] () -- C:\Windows\hpoins41.dat
[2011.10.13 08:45:14 | 000,221,277 | ---- | C] () -- C:\Windows\hpoins41.dat.temp
[2011.10.13 08:45:13 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat.temp
[2011.05.22 13:32:20 | 000,000,029 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.12 13:28:44 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2011.04.01 12:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.26 13:58:42 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.15 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2011.04.01 15:48:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2012.10.28 10:14:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\SoftGrid Client
[2012.01.21 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird
[2011.04.21 09:02:57 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ashampoo
[2012.10.17 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Awlyec
[2012.10.06 10:01:46 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoft
[2011.04.01 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.10 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Firstload
[2011.04.28 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FloodLightGames
[2012.10.18 10:37:46 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ikpeus
[2012.11.30 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\LumacDaemon
[2011.11.16 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ML
[2012.08.14 14:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\OpenOffice.org
[2011.04.11 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Packard Bell
[2011.04.01 13:58:54 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PC Suite
[2012.10.17 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Peliu
[2012.04.19 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Philipp Winterberg
[2012.11.30 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PhotoScape
[2011.11.15 21:14:47 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Samsung
[2012.08.19 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SNS
[2012.11.24 12:03:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SoftGrid Client
[2012.06.28 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\streamWriter
[2012.08.27 09:11:33 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\system
[2011.04.11 11:46:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\T-Online
[2011.04.01 12:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2011.06.23 19:19:47 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Tific
[2011.03.26 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\TP
[2012.10.17 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ywwo
[2012.07.02 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.04.01 14:22:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.22 12:46:11 | 000,000,000 | -HSD | M] -- C:\.uuid
[2011.08.11 08:55:51 | 000,000,000 | ---D | M] -- C:\604dbeacc08d899e3c
[2012.08.19 23:00:57 | 000,000,000 | ---D | M] -- C:\6e42506348e7840e7a0332e657be77
[2012.03.07 09:03:19 | 000,000,000 | ---D | M] -- C:\84720dc8bf6498697e7aea79f2
[2011.08.25 05:02:03 | 000,000,000 | ---D | M] -- C:\cc1bfdda3465329cff4c5e6904
[2012.11.27 10:43:34 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.09.15 10:34:43 | 000,000,000 | ---D | M] -- C:\d98c521c2d7c523b0261
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.26 13:51:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.04 04:56:16 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.12.06 13:04:13 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.08.19 22:58:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.10 13:11:51 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.30 10:16:27 | 000,000,000 | ---D | M] -- C:\playlists
[2012.09.11 10:50:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.05 19:17:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.09.29 11:20:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.26 13:51:42 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.26 13:51:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.13 13:50:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.01 14:22:05 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.09 16:32:57 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.03 09:09:54 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.05.08 14:28:02 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Apple Computer
[2011.04.21 09:02:57 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ashampoo
[2011.03.26 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ATI
[2012.10.17 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Awlyec
[2012.02.01 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\dvdcss
[2012.10.06 10:01:46 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoft
[2011.04.01 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.10 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Firstload
[2011.04.28 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FloodLightGames
[2011.04.01 11:29:36 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\HP
[2012.05.20 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\HpUpdate
[2011.03.26 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2012.10.18 10:37:46 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ikpeus
[2012.11.30 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\LumacDaemon
[2011.03.26 13:53:42 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.08.26 10:37:16 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.08.19 22:59:19 | 000,000,000 | --SD | M] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2011.11.16 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ML
[2011.05.24 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2011.04.01 12:13:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nero
[2012.08.14 14:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\OpenOffice.org
[2011.04.11 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Packard Bell
[2011.04.01 13:58:54 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PC Suite
[2012.10.17 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Peliu
[2012.04.19 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Philipp Winterberg
[2012.11.30 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PhotoScape
[2011.11.15 21:14:47 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Samsung
[2012.11.14 13:40:30 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Skype
[2012.08.19 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SNS
[2012.11.24 12:03:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SoftGrid Client
[2012.06.28 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\streamWriter
[2012.08.27 09:11:33 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\system
[2011.04.11 11:46:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\T-Online
[2011.04.01 12:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2011.06.23 19:19:47 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Tific
[2012.10.18 07:51:41 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\tor
[2011.03.26 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\TP
[2012.12.04 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\vlc
[2012.01.06 13:57:34 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WinRAR
[2011.04.01 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Yahoo!
[2012.10.17 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Ywwo
[2012.07.02 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 
< %APPDATA%\*.exe /s >
[2012.07.02 11:51:50 | 117,440,512 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SQLUpdater.exe
[2012.10.17 15:37:32 | 000,000,000 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Awlyec\ugiqu.exe
[2011.03.18 02:18:32 | 077,557,544 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
<           >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.01 16:36:56 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.01 16:36:57 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.18 13:19:23 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001Core.job
[2012.10.18 13:19:24 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001UA.job
[2012.11.16 08:42:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

gruss Nimsaj

cosinus · 13.12.2012, 15:51

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Nimsaj · 19.12.2012, 10:41

Hallo hier die Logs

1.

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 09:36:35
-----------------------------
09:36:35.484    OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:35.500    Number of processors: 2 586 0x603
09:36:35.500    ComputerName: JASMIN-PC  UserName: Jasmin
09:36:37.715    Initialize success
09:38:43.523    AVAST engine defs: 12121801
09:38:51.245    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:38:51.245    Disk 0 Vendor: ST9320310AS 0001SDM1 Size: 305245MB BusType: 11
09:38:51.260    Disk 0 MBR read successfully
09:38:51.276    Disk 0 MBR scan
09:38:51.276    Disk 0 Windows 7 default MBR code
09:38:51.292    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
09:38:51.307    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
09:38:51.323    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       291831 MB offset 27469824
09:38:51.354    Disk 0 scanning C:\Windows\system32\drivers
09:39:10.514    Service scanning
09:39:49.077    Modules scanning
09:39:49.093    Disk 0 trace - called modules:
09:39:49.124    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
09:39:49.639    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045eb060]
09:39:49.639    3 CLASSPNP.SYS[fffff88001b6443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004576060]
09:39:51.183    AVAST engine scan C:\Windows
09:39:54.989    AVAST engine scan C:\Windows\system32
09:44:57.890    AVAST engine scan C:\Windows\system32\drivers
09:45:25.455    AVAST engine scan C:\Users\Jasmin
10:28:30.119    Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
10:28:30.135    The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR.txt"

2.

Code:

ATTFilter

10:30:35.0657 3272  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:30:36.0032 3272  ============================================================
10:30:36.0032 3272  Current date / time: 2012/12/19 10:30:36.0032
10:30:36.0032 3272  SystemInfo:
10:30:36.0032 3272  
10:30:36.0032 3272  OS Version: 6.1.7601 ServicePack: 1.0
10:30:36.0032 3272  Product type: Workstation
10:30:36.0032 3272  ComputerName: JASMIN-PC
10:30:36.0032 3272  UserName: Jasmin
10:30:36.0032 3272  Windows directory: C:\Windows
10:30:36.0032 3272  System windows directory: C:\Windows
10:30:36.0032 3272  Running under WOW64
10:30:36.0032 3272  Processor architecture: Intel x64
10:30:36.0032 3272  Number of processors: 2
10:30:36.0032 3272  Page size: 0x1000
10:30:36.0032 3272  Boot type: Normal boot
10:30:36.0032 3272  ============================================================
10:30:38.0497 3272  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:38.0590 3272  Drive \Device\Harddisk1\DR1 - Size: 0x3D680000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:30:38.0590 3272  ============================================================
10:30:38.0590 3272  \Device\Harddisk0\DR0:
10:30:38.0590 3272  MBR partitions:
10:30:38.0590 3272  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
10:30:38.0590 3272  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
10:30:38.0590 3272  \Device\Harddisk1\DR1:
10:30:38.0606 3272  MBR partitions:
10:30:38.0606 3272  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x1EB30D
10:30:38.0606 3272  ============================================================
10:30:38.0653 3272  C: <-> \Device\Harddisk0\DR0\Partition2
10:30:38.0653 3272  ============================================================
10:30:38.0653 3272  Initialize success
10:30:38.0653 3272  ============================================================
10:30:59.0931 5992  ============================================================
10:30:59.0931 5992  Scan started
10:30:59.0931 5992  Mode: Manual; SigCheck; TDLFS; 
10:30:59.0931 5992  ============================================================
10:31:00.0789 5992  ================ Scan system memory ========================
10:31:00.0789 5992  System memory - ok
10:31:00.0789 5992  ================ Scan services =============================
10:31:00.0976 5992  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:31:01.0210 5992  1394ohci - ok
10:31:01.0273 5992  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:31:01.0319 5992  ACPI - ok
10:31:01.0366 5992  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:31:01.0444 5992  AcpiPmi - ok
10:31:01.0553 5992  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
10:31:01.0585 5992  AdobeActiveFileMonitor8.0 - ok
10:31:01.0694 5992  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:31:01.0741 5992  AdobeARMservice - ok
10:31:01.0959 5992  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:31:01.0990 5992  AdobeFlashPlayerUpdateSvc - ok
10:31:02.0099 5992  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:31:02.0177 5992  adp94xx - ok
10:31:02.0209 5992  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:31:02.0240 5992  adpahci - ok
10:31:02.0255 5992  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:31:02.0287 5992  adpu320 - ok
10:31:02.0318 5992  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:31:02.0505 5992  AeLookupSvc - ok
10:31:02.0567 5992  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:31:02.0692 5992  AFD - ok
10:31:02.0801 5992  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:31:02.0848 5992  agp440 - ok
10:31:02.0879 5992  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:31:02.0989 5992  ALG - ok
10:31:03.0035 5992  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:31:03.0035 5992  aliide - ok
10:31:03.0082 5992  [ 671D9DCA48DA807780D8409C18ED0AE0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:31:03.0191 5992  AMD External Events Utility - ok
10:31:03.0238 5992  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:31:03.0285 5992  amdide - ok
10:31:03.0332 5992  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:31:03.0425 5992  AmdK8 - ok
10:31:03.0597 5992  [ D3E6B2E1394D93FE9DB0BA24814B0D8F ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
10:31:03.0893 5992  amdkmdag - ok
10:31:03.0956 5992  [ CC4D915D786D3DA973B2EA9B95D59A29 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:31:04.0018 5992  amdkmdap - ok
10:31:04.0081 5992  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:31:04.0174 5992  AmdPPM - ok
10:31:04.0205 5992  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:31:04.0237 5992  amdsata - ok
10:31:04.0268 5992  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:31:04.0283 5992  amdsbs - ok
10:31:04.0315 5992  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:31:04.0330 5992  amdxata - ok
10:31:04.0377 5992  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:31:04.0673 5992  AppID - ok
10:31:04.0705 5992  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:31:04.0783 5992  AppIDSvc - ok
10:31:04.0861 5992  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:31:04.0954 5992  Appinfo - ok
10:31:05.0048 5992  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:31:05.0079 5992  Apple Mobile Device - ok
10:31:05.0126 5992  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:31:05.0157 5992  arc - ok
10:31:05.0173 5992  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:31:05.0204 5992  arcsas - ok
10:31:05.0235 5992  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:05.0313 5992  AsyncMac - ok
10:31:05.0344 5992  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:31:05.0360 5992  atapi - ok
10:31:05.0453 5992  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:31:05.0734 5992  athr - ok
10:31:05.0765 5992  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
10:31:05.0828 5992  AtiPcie - ok
10:31:05.0906 5992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:31:06.0046 5992  AudioEndpointBuilder - ok
10:31:06.0093 5992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:31:06.0140 5992  AudioSrv - ok
10:31:06.0218 5992  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:31:06.0358 5992  AxInstSV - ok
10:31:06.0405 5992  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:31:06.0561 5992  b06bdrv - ok
10:31:06.0592 5992  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:31:06.0639 5992  b57nd60a - ok
10:31:06.0686 5992  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:31:06.0764 5992  BDESVC - ok
10:31:06.0795 5992  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:31:06.0904 5992  Beep - ok
10:31:06.0998 5992  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:31:07.0091 5992  BFE - ok
10:31:07.0341 5992  [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
10:31:07.0435 5992  BHDrvx64 - ok
10:31:07.0528 5992  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:31:07.0653 5992  BITS - ok
10:31:07.0700 5992  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:31:07.0762 5992  blbdrive - ok
10:31:07.0871 5992  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:31:07.0918 5992  Bonjour Service - ok
10:31:07.0965 5992  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:31:08.0043 5992  bowser - ok
10:31:08.0090 5992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:31:08.0199 5992  BrFiltLo - ok
10:31:08.0215 5992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:31:08.0230 5992  BrFiltUp - ok
10:31:08.0293 5992  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:31:08.0386 5992  Browser - ok
10:31:08.0433 5992  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:31:08.0527 5992  Brserid - ok
10:31:08.0542 5992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:31:08.0589 5992  BrSerWdm - ok
10:31:08.0651 5992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:31:08.0729 5992  BrUsbMdm - ok
10:31:08.0761 5992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:31:08.0823 5992  BrUsbSer - ok
10:31:08.0854 5992  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:31:08.0901 5992  BTHMODEM - ok
10:31:08.0963 5992  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:31:09.0057 5992  bthserv - ok
10:31:09.0197 5992  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
10:31:09.0229 5992  ccSet_N360 - ok
10:31:09.0244 5992  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:31:09.0307 5992  cdfs - ok
10:31:09.0385 5992  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:31:09.0447 5992  cdrom - ok
10:31:09.0587 5992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:31:09.0665 5992  CertPropSvc - ok
10:31:09.0712 5992  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:31:09.0790 5992  circlass - ok
10:31:09.0837 5992  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:31:09.0899 5992  CLFS - ok
10:31:09.0977 5992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:10.0024 5992  clr_optimization_v2.0.50727_32 - ok
10:31:10.0071 5992  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:31:10.0118 5992  clr_optimization_v2.0.50727_64 - ok
10:31:10.0180 5992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:10.0243 5992  clr_optimization_v4.0.30319_32 - ok
10:31:10.0274 5992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:31:10.0289 5992  clr_optimization_v4.0.30319_64 - ok
10:31:10.0321 5992  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:31:10.0367 5992  CmBatt - ok
10:31:10.0414 5992  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:31:10.0430 5992  cmdide - ok
10:31:10.0555 5992  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:31:10.0648 5992  CNG - ok
10:31:10.0679 5992  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:31:10.0711 5992  Compbatt - ok
10:31:10.0757 5992  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:31:10.0820 5992  CompositeBus - ok
10:31:10.0835 5992  COMSysApp - ok
10:31:10.0867 5992  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:31:10.0882 5992  crcdisk - ok
10:31:10.0945 5992  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:31:11.0069 5992  CryptSvc - ok
10:31:11.0210 5992  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:31:11.0272 5992  cvhsvc - ok
10:31:11.0335 5992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:31:11.0459 5992  DcomLaunch - ok
10:31:11.0506 5992  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:31:11.0569 5992  defragsvc - ok
10:31:11.0631 5992  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:31:11.0725 5992  DfsC - ok
10:31:11.0771 5992  [ FFCCD922F305B8CFBA8D99F65E35EDD7 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
10:31:11.0818 5992  dgderdrv - ok
10:31:11.0834 5992  [ D9A7C8977D9AFA54D21A2A6501ADF4FF ] dgdersvc        C:\Windows\system32\dgdersvc.exe
10:31:11.0865 5992  dgdersvc - ok
10:31:11.0927 5992  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:31:12.0005 5992  Dhcp - ok
10:31:12.0052 5992  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:31:12.0130 5992  discache - ok
10:31:12.0193 5992  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:31:12.0224 5992  Disk - ok
10:31:12.0286 5992  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:31:12.0380 5992  Dnscache - ok
10:31:12.0427 5992  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:31:12.0505 5992  dot3svc - ok
10:31:12.0583 5992  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:31:12.0645 5992  Dot4 - ok
10:31:12.0692 5992  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
10:31:12.0739 5992  Dot4Print - ok
10:31:12.0785 5992  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:31:12.0817 5992  dot4usb - ok
10:31:12.0848 5992  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:31:12.0926 5992  DPS - ok
10:31:12.0957 5992  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:31:13.0035 5992  drmkaud - ok
10:31:13.0097 5992  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:31:13.0129 5992  DsiWMIService - ok
10:31:13.0191 5992  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:31:13.0238 5992  DXGKrnl - ok
10:31:13.0285 5992  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:31:13.0347 5992  EapHost - ok
10:31:13.0441 5992  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:31:13.0597 5992  ebdrv - ok
10:31:13.0784 5992  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:31:13.0831 5992  eeCtrl - ok
10:31:13.0924 5992  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:31:14.0033 5992  EFS - ok
10:31:14.0143 5992  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:31:14.0283 5992  ehRecvr - ok
10:31:14.0299 5992  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:31:14.0392 5992  ehSched - ok
10:31:14.0501 5992  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:31:14.0548 5992  elxstor - ok
10:31:14.0626 5992  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
10:31:14.0704 5992  ePowerSvc - ok
10:31:14.0767 5992  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:31:14.0798 5992  EraserUtilRebootDrv - ok
10:31:14.0876 5992  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:31:14.0938 5992  ErrDev - ok
10:31:14.0985 5992  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:31:15.0063 5992  EventSystem - ok
10:31:15.0110 5992  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:31:15.0157 5992  exfat - ok
10:31:15.0188 5992  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:31:15.0266 5992  fastfat - ok
10:31:15.0328 5992  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:31:15.0453 5992  Fax - ok
10:31:15.0515 5992  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:31:15.0578 5992  fdc - ok
10:31:15.0625 5992  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:31:15.0703 5992  fdPHost - ok
10:31:15.0734 5992  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:31:15.0796 5992  FDResPub - ok
10:31:15.0874 5992  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:31:15.0921 5992  FileInfo - ok
10:31:15.0968 5992  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:31:16.0061 5992  Filetrace - ok
10:31:16.0155 5992  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:31:16.0233 5992  FLEXnet Licensing Service - ok
10:31:16.0264 5992  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:31:16.0295 5992  flpydisk - ok
10:31:16.0342 5992  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:31:16.0405 5992  FltMgr - ok
10:31:16.0467 5992  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:31:16.0592 5992  FontCache - ok
10:31:16.0732 5992  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:31:16.0748 5992  FontCache3.0.0.0 - ok
10:31:16.0779 5992  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:31:16.0795 5992  FsDepends - ok
10:31:16.0841 5992  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:31:16.0888 5992  Fs_Rec - ok
10:31:16.0951 5992  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:31:16.0997 5992  fvevol - ok
10:31:17.0013 5992  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:31:17.0029 5992  gagp30kx - ok
10:31:17.0091 5992  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:31:17.0122 5992  GamesAppService - ok
10:31:17.0185 5992  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:31:17.0200 5992  GEARAspiWDM - ok
10:31:17.0263 5992  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:31:17.0372 5992  gpsvc - ok
10:31:17.0434 5992  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
10:31:17.0465 5992  GREGService - ok
10:31:17.0590 5992  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:17.0621 5992  gupdate - ok
10:31:17.0653 5992  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:17.0668 5992  gupdatem - ok
10:31:17.0715 5992  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:31:17.0824 5992  hcw85cir - ok
10:31:17.0902 5992  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:31:17.0996 5992  HdAudAddService - ok
10:31:18.0058 5992  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:31:18.0121 5992  HDAudBus - ok
10:31:18.0167 5992  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:31:18.0214 5992  HidBatt - ok
10:31:18.0245 5992  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:31:18.0308 5992  HidBth - ok
10:31:18.0339 5992  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:31:18.0386 5992  HidIr - ok
10:31:18.0417 5992  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:31:18.0511 5992  hidserv - ok
10:31:18.0589 5992  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:31:18.0635 5992  HidUsb - ok
10:31:18.0682 5992  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:31:18.0776 5992  hkmsvc - ok
10:31:18.0807 5992  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:31:18.0885 5992  HomeGroupListener - ok
10:31:18.0932 5992  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:31:18.0994 5992  HomeGroupProvider - ok
10:31:19.0150 5992  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:31:19.0197 5992  hpqcxs08 - ok
10:31:19.0228 5992  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:31:19.0244 5992  hpqddsvc - ok
10:31:19.0306 5992  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:31:19.0353 5992  HpSAMD - ok
10:31:19.0493 5992  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:31:19.0571 5992  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
10:31:19.0571 5992  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
10:31:19.0618 5992  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:31:19.0759 5992  HTTP - ok
10:31:19.0837 5992  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:31:19.0899 5992  hwdatacard - ok
10:31:19.0946 5992  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:31:19.0993 5992  hwpolicy - ok
10:31:20.0071 5992  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:31:20.0102 5992  i8042prt - ok
10:31:20.0133 5992  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:31:20.0164 5992  iaStorV - ok
10:31:20.0227 5992  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:31:20.0305 5992  idsvc - ok
10:31:20.0429 5992  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20121218.001\IDSvia64.sys
10:31:20.0492 5992  IDSVia64 - ok
10:31:20.0523 5992  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:31:20.0585 5992  iirsp - ok
10:31:20.0679 5992  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:31:20.0773 5992  IKEEXT - ok
10:31:20.0882 5992  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:31:21.0007 5992  IntcAzAudAddService - ok
10:31:21.0022 5992  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:31:21.0038 5992  intelide - ok
10:31:21.0085 5992  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:31:21.0131 5992  intelppm - ok
10:31:21.0163 5992  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:31:21.0256 5992  IPBusEnum - ok
10:31:21.0303 5992  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:31:21.0365 5992  IpFilterDriver - ok
10:31:21.0428 5992  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:31:21.0521 5992  iphlpsvc - ok
10:31:21.0568 5992  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:31:21.0631 5992  IPMIDRV - ok
10:31:21.0709 5992  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:31:21.0802 5992  IPNAT - ok
10:31:21.0849 5992  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:31:21.0896 5992  iPod Service - ok
10:31:21.0974 5992  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:31:22.0083 5992  IRENUM - ok
10:31:22.0130 5992  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:31:22.0161 5992  isapnp - ok
10:31:22.0208 5992  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:31:22.0255 5992  iScsiPrt - ok
10:31:22.0301 5992  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
10:31:22.0348 5992  k57nd60a - ok
10:31:22.0379 5992  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:31:22.0395 5992  kbdclass - ok
10:31:22.0411 5992  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:31:22.0457 5992  kbdhid - ok
10:31:22.0520 5992  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:31:22.0551 5992  KeyIso - ok
10:31:22.0613 5992  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:31:22.0645 5992  KSecDD - ok
10:31:22.0707 5992  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:31:22.0738 5992  KSecPkg - ok
10:31:22.0769 5992  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:31:22.0847 5992  ksthunk - ok
10:31:22.0894 5992  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:31:23.0019 5992  KtmRm - ok
10:31:23.0081 5992  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:31:23.0159 5992  LanmanServer - ok
10:31:23.0237 5992  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:31:23.0331 5992  LanmanWorkstation - ok
10:31:23.0362 5992  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:31:23.0456 5992  lltdio - ok
10:31:23.0518 5992  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:31:23.0627 5992  lltdsvc - ok
10:31:23.0643 5992  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:31:23.0737 5992  lmhosts - ok
10:31:23.0783 5992  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:31:23.0799 5992  LSI_FC - ok
10:31:23.0815 5992  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:31:23.0830 5992  LSI_SAS - ok
10:31:23.0861 5992  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:31:23.0877 5992  LSI_SAS2 - ok
10:31:23.0908 5992  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:31:23.0924 5992  LSI_SCSI - ok
10:31:23.0939 5992  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:31:23.0986 5992  luafv - ok
10:31:24.0049 5992  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:31:24.0095 5992  Mcx2Svc - ok
10:31:24.0111 5992  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:31:24.0158 5992  megasas - ok
10:31:24.0189 5992  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:31:24.0205 5992  MegaSR - ok
10:31:24.0236 5992  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:31:24.0298 5992  MMCSS - ok
10:31:24.0314 5992  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:31:24.0361 5992  Modem - ok
10:31:24.0392 5992  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:31:24.0439 5992  monitor - ok
10:31:24.0517 5992  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:31:24.0563 5992  mouclass - ok
10:31:24.0595 5992  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:31:24.0641 5992  mouhid - ok
10:31:24.0688 5992  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:31:24.0719 5992  mountmgr - ok
10:31:24.0797 5992  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:31:24.0829 5992  MozillaMaintenance - ok
10:31:24.0844 5992  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:31:24.0875 5992  mpio - ok
10:31:24.0891 5992  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:31:24.0969 5992  mpsdrv - ok
10:31:25.0031 5992  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:31:25.0141 5992  MpsSvc - ok
10:31:25.0187 5992  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:31:25.0250 5992  MRxDAV - ok
10:31:25.0297 5992  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:31:25.0375 5992  mrxsmb - ok
10:31:25.0437 5992  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:31:25.0562 5992  mrxsmb10 - ok
10:31:25.0593 5992  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:31:25.0640 5992  mrxsmb20 - ok
10:31:25.0687 5992  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:31:25.0702 5992  msahci - ok
10:31:25.0718 5992  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:31:25.0733 5992  msdsm - ok
10:31:25.0780 5992  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:31:25.0827 5992  MSDTC - ok
10:31:25.0889 5992  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:31:25.0936 5992  Msfs - ok
10:31:25.0952 5992  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:31:26.0030 5992  mshidkmdf - ok
10:31:26.0077 5992  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:31:26.0123 5992  msisadrv - ok
10:31:26.0155 5992  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:31:26.0217 5992  MSiSCSI - ok
10:31:26.0233 5992  msiserver - ok
10:31:26.0279 5992  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:31:26.0357 5992  MSKSSRV - ok
10:31:26.0389 5992  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:31:26.0513 5992  MSPCLOCK - ok
10:31:26.0545 5992  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:31:26.0638 5992  MSPQM - ok
10:31:26.0685 5992  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:31:26.0763 5992  MsRPC - ok
10:31:26.0810 5992  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:31:26.0841 5992  mssmbios - ok
10:31:26.0872 5992  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:31:26.0966 5992  MSTEE - ok
10:31:26.0997 5992  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:31:27.0044 5992  MTConfig - ok
10:31:27.0075 5992  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:31:27.0106 5992  Mup - ok
10:31:27.0262 5992  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
10:31:27.0293 5992  N360 - ok
10:31:27.0371 5992  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:31:27.0512 5992  napagent - ok
10:31:27.0605 5992  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:31:27.0652 5992  NativeWifiP - ok
10:31:27.0746 5992  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20121218.020\ENG64.SYS
10:31:27.0777 5992  NAVENG - ok
10:31:27.0871 5992  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20121218.020\EX64.SYS
10:31:27.0980 5992  NAVEX15 - ok
10:31:28.0058 5992  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:31:28.0167 5992  NDIS - ok
10:31:28.0198 5992  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:31:28.0307 5992  NdisCap - ok
10:31:28.0339 5992  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:31:28.0385 5992  NdisTapi - ok
10:31:28.0432 5992  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:31:28.0510 5992  Ndisuio - ok
10:31:28.0557 5992  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:31:28.0682 5992  NdisWan - ok
10:31:28.0713 5992  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:31:28.0822 5992  NDProxy - ok
10:31:28.0916 5992  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:31:29.0009 5992  Nero BackItUp Scheduler 4.0 - ok
10:31:29.0103 5992  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:31:29.0134 5992  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:31:29.0134 5992  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:31:29.0181 5992  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:31:29.0275 5992  NetBIOS - ok
10:31:29.0321 5992  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:31:29.0415 5992  NetBT - ok
10:31:29.0431 5992  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:31:29.0462 5992  Netlogon - ok
10:31:29.0509 5992  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:31:29.0618 5992  Netman - ok
10:31:29.0727 5992  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:31:29.0852 5992  netprofm - ok
10:31:29.0899 5992  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:31:29.0930 5992  NetTcpPortSharing - ok
10:31:29.0961 5992  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:31:29.0992 5992  nfrd960 - ok
10:31:30.0008 5992  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:31:30.0070 5992  NlaSvc - ok
10:31:30.0101 5992  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
10:31:30.0211 5992  nmwcd - ok
10:31:30.0242 5992  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
10:31:30.0320 5992  nmwcdc - ok
10:31:30.0398 5992  [ A962BE6433EF016E0DFB52ECA15A5378 ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
10:31:30.0460 5992  nmwcdnsucx64 - ok
10:31:30.0538 5992  [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
10:31:30.0601 5992  nmwcdnsux64 - ok
10:31:30.0741 5992  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:31:30.0866 5992  NOBU - ok
10:31:30.0881 5992  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:31:30.0928 5992  Npfs - ok
10:31:30.0944 5992  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:31:31.0069 5992  nsi - ok
10:31:31.0100 5992  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:31:31.0131 5992  nsiproxy - ok
10:31:31.0225 5992  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:31:31.0318 5992  Ntfs - ok
10:31:31.0365 5992  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
10:31:31.0381 5992  NTI IScheduleSvc - ok
10:31:31.0412 5992  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
10:31:31.0427 5992  NTIDrvr - ok
10:31:31.0521 5992  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:31:31.0615 5992  Null - ok
10:31:31.0661 5992  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:31:31.0693 5992  nvraid - ok
10:31:31.0755 5992  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:31:31.0786 5992  nvstor - ok
10:31:31.0817 5992  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:31:31.0833 5992  nv_agp - ok
10:31:31.0849 5992  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:31:31.0864 5992  ohci1394 - ok
10:31:31.0942 5992  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:31:31.0989 5992  ose - ok
10:31:32.0176 5992  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:31:32.0363 5992  osppsvc - ok
10:31:32.0691 5992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:31:32.0894 5992  p2pimsvc - ok
10:31:32.0972 5992  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:31:33.0003 5992  p2psvc - ok
10:31:33.0050 5992  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:31:33.0097 5992  Parport - ok
10:31:33.0175 5992  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:31:33.0221 5992  partmgr - ok
10:31:33.0377 5992  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:31:33.0440 5992  PcaSvc - ok
10:31:33.0471 5992  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:31:33.0549 5992  pccsmcfd - ok
10:31:33.0596 5992  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:31:33.0627 5992  pci - ok
10:31:33.0658 5992  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:31:33.0674 5992  pciide - ok
10:31:33.0705 5992  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:31:33.0736 5992  pcmcia - ok
10:31:33.0752 5992  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:31:33.0767 5992  pcw - ok
10:31:33.0783 5992  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:31:33.0877 5992  PEAUTH - ok
10:31:33.0970 5992  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:31:34.0001 5992  PerfHost - ok
10:31:34.0095 5992  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:31:34.0251 5992  pla - ok
10:31:34.0313 5992  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:31:34.0407 5992  PlugPlay - ok
10:31:34.0501 5992  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:31:34.0532 5992  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:31:34.0532 5992  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:31:34.0563 5992  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:31:34.0579 5992  PNRPAutoReg - ok
10:31:34.0594 5992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:31:34.0625 5992  PNRPsvc - ok
10:31:34.0672 5992  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:31:34.0797 5992  PolicyAgent - ok
10:31:34.0844 5992  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:31:34.0953 5992  Power - ok
10:31:35.0015 5992  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:31:35.0109 5992  PptpMiniport - ok
10:31:35.0125 5992  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:31:35.0187 5992  Processor - ok
10:31:35.0234 5992  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:31:35.0327 5992  ProfSvc - ok
10:31:35.0343 5992  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:31:35.0359 5992  ProtectedStorage - ok
10:31:35.0421 5992  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:31:35.0530 5992  Psched - ok
10:31:35.0561 5992  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:31:35.0608 5992  PxHlpa64 - ok
10:31:35.0671 5992  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:31:35.0749 5992  ql2300 - ok
10:31:35.0780 5992  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:31:35.0795 5992  ql40xx - ok
10:31:35.0827 5992  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:31:35.0842 5992  QWAVE - ok
10:31:35.0873 5992  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:31:35.0905 5992  QWAVEdrv - ok
10:31:35.0936 5992  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:31:35.0998 5992  RasAcd - ok
10:31:36.0045 5992  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:31:36.0107 5992  RasAgileVpn - ok
10:31:36.0123 5992  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:31:36.0201 5992  RasAuto - ok
10:31:36.0232 5992  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:36.0295 5992  Rasl2tp - ok
10:31:36.0341 5992  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:31:36.0388 5992  RasMan - ok
10:31:36.0419 5992  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:36.0482 5992  RasPppoe - ok
10:31:36.0513 5992  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:31:36.0575 5992  RasSstp - ok
10:31:36.0607 5992  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:31:36.0716 5992  rdbss - ok
10:31:36.0747 5992  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:31:36.0794 5992  rdpbus - ok
10:31:36.0825 5992  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:36.0903 5992  RDPCDD - ok
10:31:36.0934 5992  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:31:37.0012 5992  RDPENCDD - ok
10:31:37.0059 5992  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:31:37.0090 5992  RDPREFMP - ok
10:31:37.0168 5992  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:31:37.0277 5992  RdpVideoMiniport - ok
10:31:37.0324 5992  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:31:37.0402 5992  RDPWD - ok
10:31:37.0465 5992  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:31:37.0511 5992  rdyboost - ok
10:31:37.0574 5992  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:31:37.0652 5992  RemoteAccess - ok
10:31:37.0667 5992  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:31:37.0745 5992  RemoteRegistry - ok
10:31:37.0777 5992  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:31:37.0823 5992  RpcEptMapper - ok
10:31:37.0855 5992  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:31:37.0870 5992  RpcLocator - ok
10:31:37.0948 5992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:31:37.0995 5992  RpcSs - ok
10:31:38.0057 5992  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:31:38.0245 5992  rspndr - ok
10:31:38.0323 5992  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:31:38.0354 5992  RSUSBSTOR - ok
10:31:38.0416 5992  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:31:38.0432 5992  RTHDMIAzAudService - ok
10:31:38.0447 5992  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:31:38.0463 5992  SamSs - ok
10:31:38.0510 5992  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:31:38.0557 5992  sbp2port - ok
10:31:38.0588 5992  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:31:38.0681 5992  SCardSvr - ok
10:31:38.0713 5992  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:31:38.0791 5992  scfilter - ok
10:31:38.0853 5992  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:31:38.0931 5992  Schedule - ok
10:31:38.0978 5992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:31:39.0025 5992  SCPolicySvc - ok
10:31:39.0056 5992  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:31:39.0087 5992  SDRSVC - ok
10:31:39.0118 5992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:31:39.0196 5992  secdrv - ok
10:31:39.0227 5992  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:31:39.0274 5992  seclogon - ok
10:31:39.0321 5992  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:31:39.0383 5992  SENS - ok
10:31:39.0415 5992  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:31:39.0493 5992  SensrSvc - ok
10:31:39.0524 5992  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:31:39.0571 5992  Serenum - ok
10:31:39.0602 5992  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:31:39.0633 5992  Serial - ok
10:31:39.0680 5992  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:31:39.0742 5992  sermouse - ok
10:31:39.0805 5992  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:31:39.0914 5992  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
10:31:39.0914 5992  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
10:31:39.0976 5992  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:31:40.0054 5992  SessionEnv - ok
10:31:40.0101 5992  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:31:40.0179 5992  sffdisk - ok
10:31:40.0195 5992  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:31:40.0241 5992  sffp_mmc - ok
10:31:40.0241 5992  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:31:40.0273 5992  sffp_sd - ok
10:31:40.0304 5992  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:31:40.0319 5992  sfloppy - ok
10:31:40.0397 5992  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
10:31:40.0460 5992  Sftfs - ok
10:31:40.0538 5992  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:31:40.0585 5992  sftlist - ok
10:31:40.0631 5992  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:31:40.0678 5992  Sftplay - ok
10:31:40.0709 5992  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:31:40.0741 5992  Sftredir - ok
10:31:40.0756 5992  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
10:31:40.0772 5992  Sftvol - ok
10:31:40.0834 5992  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:31:40.0865 5992  sftvsa - ok
10:31:40.0912 5992  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:31:40.0975 5992  SharedAccess - ok
10:31:41.0021 5992  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:31:41.0131 5992  ShellHWDetection - ok
10:31:41.0162 5992  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:31:41.0177 5992  SiSRaid2 - ok
10:31:41.0193 5992  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:31:41.0240 5992  SiSRaid4 - ok
10:31:41.0318 5992  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:31:41.0349 5992  SkypeUpdate - ok
10:31:41.0365 5992  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:31:41.0411 5992  Smb - ok
10:31:41.0443 5992  SMR310 - ok
10:31:41.0505 5992  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:31:41.0567 5992  SNMPTRAP - ok
10:31:41.0614 5992  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:31:41.0645 5992  spldr - ok
10:31:41.0723 5992  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:31:41.0801 5992  Spooler - ok
10:31:41.0942 5992  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:31:42.0160 5992  sppsvc - ok
10:31:42.0207 5992  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:31:42.0301 5992  sppuinotify - ok
10:31:42.0425 5992  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
10:31:42.0503 5992  SRTSP - ok
10:31:42.0519 5992  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
10:31:42.0550 5992  SRTSPX - ok
10:31:42.0597 5992  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:31:42.0691 5992  srv - ok
10:31:42.0722 5992  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:31:42.0784 5992  srv2 - ok
10:31:42.0800 5992  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:31:42.0847 5992  srvnet - ok
10:31:42.0893 5992  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:31:42.0956 5992  SSDPSRV - ok
10:31:42.0987 5992  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:31:43.0034 5992  SstpSvc - ok
10:31:43.0096 5992  [ D21FF3592DAEE244EE8376830A672B52 ] ss_bus          C:\Windows\system32\DRIVERS\ss_bus.sys
10:31:43.0143 5992  ss_bus - ok
10:31:43.0190 5992  [ 451DB3D10E6112E06B4506D4A7BECEC1 ] ss_mdfl         C:\Windows\system32\DRIVERS\ss_mdfl.sys
10:31:43.0221 5992  ss_mdfl - ok
10:31:43.0237 5992  [ EF40C8A268A5263A0EF48FED8E57CBED ] ss_mdm          C:\Windows\system32\DRIVERS\ss_mdm.sys
10:31:43.0252 5992  ss_mdm - ok
10:31:43.0315 5992  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:31:43.0346 5992  stexstor - ok
10:31:43.0393 5992  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:31:43.0455 5992  StillCam - ok
10:31:43.0533 5992  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:31:43.0611 5992  stisvc - ok
10:31:43.0658 5992  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:31:43.0689 5992  swenum - ok
10:31:43.0736 5992  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:31:43.0845 5992  swprv - ok
10:31:43.0907 5992  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
10:31:43.0939 5992  SymDS - ok
10:31:44.0048 5992  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
10:31:44.0141 5992  SymEFA - ok
10:31:44.0188 5992  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:31:44.0235 5992  SymEvent - ok
10:31:44.0282 5992  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
10:31:44.0329 5992  SymIRON - ok
10:31:44.0360 5992  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
10:31:44.0391 5992  SymNetS - ok
10:31:44.0438 5992  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:31:44.0469 5992  SynTP - ok
10:31:44.0547 5992  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:31:44.0656 5992  SysMain - ok
10:31:44.0703 5992  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:31:44.0734 5992  TabletInputService - ok
10:31:44.0781 5992  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:31:44.0906 5992  TapiSrv - ok
10:31:44.0937 5992  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:31:45.0031 5992  TBS - ok
10:31:45.0124 5992  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:31:45.0265 5992  Tcpip - ok
10:31:45.0327 5992  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:31:45.0358 5992  TCPIP6 - ok
10:31:45.0389 5992  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:31:45.0452 5992  tcpipreg - ok
10:31:45.0499 5992  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:31:45.0545 5992  TDPIPE - ok
10:31:45.0592 5992  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:31:45.0655 5992  TDTCP - ok
10:31:45.0686 5992  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:31:45.0811 5992  tdx - ok
10:31:45.0873 5992  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:31:45.0904 5992  TermDD - ok
10:31:45.0935 5992  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:31:46.0060 5992  TermService - ok
10:31:46.0107 5992  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
10:31:46.0138 5992  TFsExDisk - ok
10:31:46.0169 5992  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:31:46.0216 5992  Themes - ok
10:31:46.0247 5992  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:31:46.0294 5992  THREADORDER - ok
10:31:46.0310 5992  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:31:46.0372 5992  TrkWks - ok
10:31:46.0466 5992  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:31:46.0575 5992  TrustedInstaller - ok
10:31:46.0622 5992  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:46.0715 5992  tssecsrv - ok
10:31:46.0762 5992  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:31:46.0840 5992  TsUsbFlt - ok
10:31:46.0903 5992  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:31:47.0012 5992  tunnel - ok
10:31:47.0059 5992  TwonkyMedia - ok
10:31:47.0090 5992  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:31:47.0121 5992  uagp35 - ok
10:31:47.0152 5992  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
10:31:47.0152 5992  UBHelper - ok
10:31:47.0215 5992  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:31:47.0293 5992  udfs - ok
10:31:47.0339 5992  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:31:47.0355 5992  UI0Detect - ok
10:31:47.0386 5992  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:31:47.0402 5992  uliagpkx - ok
10:31:47.0449 5992  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:31:47.0511 5992  umbus - ok
10:31:47.0542 5992  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:31:47.0589 5992  UmPass - ok
10:31:47.0651 5992  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
10:31:47.0698 5992  Updater Service - ok
10:31:47.0729 5992  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:31:47.0839 5992  upnphost - ok
10:31:47.0854 5992  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
10:31:47.0948 5992  upperdev - ok
10:31:47.0979 5992  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:31:48.0073 5992  USBAAPL64 - ok
10:31:48.0119 5992  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:48.0182 5992  usbccgp - ok
10:31:48.0244 5992  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:31:48.0275 5992  usbcir - ok
10:31:48.0307 5992  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:31:48.0353 5992  usbehci - ok
10:31:48.0400 5992  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:31:48.0431 5992  usbhub - ok
10:31:48.0463 5992  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:31:48.0509 5992  usbohci - ok
10:31:48.0572 5992  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:31:48.0619 5992  usbprint - ok
10:31:48.0650 5992  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:31:48.0681 5992  usbscan - ok
10:31:48.0728 5992  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
10:31:48.0806 5992  usbser - ok
10:31:48.0821 5992  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
10:31:48.0884 5992  UsbserFilt - ok
10:31:48.0915 5992  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:48.0977 5992  USBSTOR - ok
10:31:49.0024 5992  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:31:49.0087 5992  usbuhci - ok
10:31:49.0133 5992  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:31:49.0196 5992  usbvideo - ok
10:31:49.0227 5992  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:31:49.0321 5992  UxSms - ok
10:31:49.0352 5992  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:31:49.0383 5992  VaultSvc - ok
10:31:49.0430 5992  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:31:49.0461 5992  vdrvroot - ok
10:31:49.0523 5992  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:31:49.0633 5992  vds - ok
10:31:49.0679 5992  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:49.0695 5992  vga - ok
10:31:49.0726 5992  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:31:49.0804 5992  VgaSave - ok
10:31:49.0835 5992  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:31:49.0882 5992  vhdmp - ok
10:31:49.0898 5992  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:31:49.0913 5992  viaide - ok
10:31:49.0960 5992  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:31:49.0991 5992  volmgr - ok
10:31:50.0038 5992  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:31:50.0101 5992  volmgrx - ok
10:31:50.0116 5992  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:31:50.0147 5992  volsnap - ok
10:31:50.0179 5992  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:31:50.0272 5992  vsmraid - ok
10:31:50.0350 5992  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:31:50.0491 5992  VSS - ok
10:31:50.0522 5992  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:31:50.0569 5992  vwifibus - ok
10:31:50.0600 5992  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:31:50.0662 5992  vwififlt - ok
10:31:50.0709 5992  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:31:50.0771 5992  vwifimp - ok
10:31:50.0834 5992  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:31:50.0927 5992  W32Time - ok
10:31:50.0943 5992  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:31:50.0959 5992  WacomPen - ok
10:31:51.0021 5992  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:31:51.0115 5992  WANARP - ok
10:31:51.0130 5992  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:31:51.0161 5992  Wanarpv6 - ok
10:31:51.0224 5992  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:31:51.0349 5992  wbengine - ok
10:31:51.0380 5992  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:31:51.0411 5992  WbioSrvc - ok
10:31:51.0458 5992  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:31:51.0536 5992  wcncsvc - ok
10:31:51.0551 5992  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:31:51.0598 5992  WcsPlugInService - ok
10:31:51.0614 5992  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:31:51.0645 5992  Wd - ok
10:31:51.0707 5992  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:31:51.0832 5992  Wdf01000 - ok
10:31:51.0848 5992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:31:52.0019 5992  WdiServiceHost - ok
10:31:52.0019 5992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:31:52.0051 5992  WdiSystemHost - ok
10:31:52.0082 5992  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:31:52.0160 5992  WebClient - ok
10:31:52.0191 5992  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:31:52.0253 5992  Wecsvc - ok
10:31:52.0269 5992  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:31:52.0363 5992  wercplsupport - ok
10:31:52.0394 5992  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:31:52.0456 5992  WerSvc - ok
10:31:52.0503 5992  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:31:52.0550 5992  WfpLwf - ok
10:31:52.0581 5992  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:31:52.0597 5992  WIMMount - ok
10:31:52.0612 5992  WinDefend - ok
10:31:52.0628 5992  WinHttpAutoProxySvc - ok
10:31:52.0690 5992  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:31:52.0784 5992  Winmgmt - ok
10:31:52.0877 5992  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:31:53.0049 5992  WinRM - ok
10:31:53.0127 5992  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:31:53.0205 5992  WinUsb - ok
10:31:53.0267 5992  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:31:53.0377 5992  Wlansvc - ok
10:31:53.0408 5992  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:31:53.0470 5992  WmiAcpi - ok
10:31:53.0501 5992  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:31:53.0548 5992  wmiApSrv - ok
10:31:53.0579 5992  WMPNetworkSvc - ok
10:31:53.0611 5992  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:31:53.0673 5992  WPCSvc - ok
10:31:53.0720 5992  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:31:53.0813 5992  WPDBusEnum - ok
10:31:53.0845 5992  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:31:53.0938 5992  ws2ifsl - ok
10:31:53.0969 5992  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:31:54.0047 5992  wscsvc - ok
10:31:54.0094 5992  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:31:54.0157 5992  WSDPrintDevice - ok
10:31:54.0172 5992  WSearch - ok
10:31:54.0281 5992  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:31:54.0359 5992  wuauserv - ok
10:31:54.0422 5992  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:31:54.0531 5992  WudfPf - ok
10:31:54.0593 5992  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:54.0656 5992  WUDFRd - ok
10:31:54.0687 5992  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:31:54.0734 5992  wudfsvc - ok
10:31:54.0781 5992  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:31:54.0859 5992  WwanSvc - ok
10:31:54.0890 5992  ================ Scan global ===============================
10:31:54.0905 5992  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:31:54.0952 5992  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:31:54.0983 5992  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:31:55.0015 5992  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:31:55.0046 5992  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:31:55.0061 5992  [Global] - ok
10:31:55.0061 5992  ================ Scan MBR ==================================
10:31:55.0077 5992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:31:56.0044 5992  \Device\Harddisk0\DR0 - ok
10:31:56.0060 5992  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:31:56.0294 5992  \Device\Harddisk1\DR1 - ok
10:31:56.0294 5992  ================ Scan VBR ==================================
10:31:56.0325 5992  [ 9950B4051107C3DC3D089289C2FD3C03 ] \Device\Harddisk0\DR0\Partition1
10:31:56.0325 5992  \Device\Harddisk0\DR0\Partition1 - ok
10:31:56.0341 5992  [ 46414166A6FC71CEAF7E6C5EFC81B635 ] \Device\Harddisk0\DR0\Partition2
10:31:56.0341 5992  \Device\Harddisk0\DR0\Partition2 - ok
10:31:56.0356 5992  [ 18AEB55886F34776C86C9555C62E45A7 ] \Device\Harddisk1\DR1\Partition1
10:31:56.0356 5992  \Device\Harddisk1\DR1\Partition1 - ok
10:31:56.0356 5992  ============================================================
10:31:56.0356 5992  Scan finished
10:31:56.0356 5992  ============================================================
10:31:56.0372 5804  Detected object count: 4
10:31:56.0372 5804  Actual detected object count: 4
10:35:06.0209 5804  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:06.0209 5804  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:35:06.0209 5804  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:06.0209 5804  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:35:06.0209 5804  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:06.0209 5804  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:35:06.0209 5804  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:06.0209 5804  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

LG Nimsaj

cosinus · 19.12.2012, 22:57

Beim nächsten Mal bitte die Logs in CODE-Tags posten!

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Nimsaj · 13.01.2013, 20:50

Code:

ATTFilter

ComboFix 13-01-13.01 - Jasmin 13.01.2013  20:12:45.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2761 [GMT 1:00]
ausgeführt von:: c:\users\Jasmin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jasmin\AppData\Roaming\Awlyec
c:\users\Jasmin\AppData\Roaming\Awlyec\ugiqu.exe
c:\users\Jasmin\AppData\Roaming\SQLUpdater.exe
c:\users\Jasmin\AppData\Roaming\Ywwo
c:\users\Jasmin\AppData\Roaming\Ywwo\awid.xiu
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-13 bis 2013-01-13  ))))))))))))))))))))))))))))))
.
.
2013-01-13 19:25 . 2013-01-13 19:25	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-01-13 19:25 . 2013-01-13 19:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-10 09:58 . 2013-01-10 09:58	16369160	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-10 04:05 . 2013-01-10 09:53	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-09 12:53 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 12:53 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 12:51 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-23 12:45 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-23 12:45 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-23 12:45 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-23 12:45 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 09:58 . 2012-08-05 09:09	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 09:58 . 2011-05-18 05:43	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:30 . 2011-04-05 18:55	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-09 15:36 . 2012-12-09 15:36	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-12-09 15:36 . 2012-12-09 15:36	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-12-09 15:36 . 2012-12-09 15:36	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-09 15:36 . 2012-12-09 15:36	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-09 15:36 . 2012-12-09 15:36	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-12-09 15:36 . 2012-12-09 15:36	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-12-09 15:36 . 2012-12-09 15:36	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-12-09 15:36 . 2012-12-09 15:36	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-12-09 15:36 . 2012-12-09 15:36	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-12-09 15:36 . 2012-12-09 15:36	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-12-09 15:36 . 2012-12-09 15:36	222208	----a-w-	c:\windows\system32\msls31.dll
2012-12-09 15:36 . 2012-12-09 15:36	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-12-09 15:36 . 2012-12-09 15:36	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-12-09 15:36 . 2012-12-09 15:36	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-12-09 15:36 . 2012-12-09 15:36	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-12-09 15:36 . 2012-12-09 15:36	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-12-09 15:36 . 2012-12-09 15:36	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-12-09 15:36 . 2012-12-09 15:36	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-12-09 15:36 . 2012-12-09 15:36	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-12-09 15:36 . 2012-12-09 15:36	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-12-09 15:36 . 2012-12-09 15:36	82432	----a-w-	c:\windows\system32\icardie.dll
2012-12-09 15:36 . 2012-12-09 15:36	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-12-09 15:36 . 2012-12-09 15:36	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-12-09 15:36 . 2012-12-09 15:36	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-12-09 15:36 . 2012-12-09 15:36	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-12-09 15:36 . 2012-12-09 15:36	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-12-09 15:36 . 2012-12-09 15:36	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-12-09 15:36 . 2012-12-09 15:36	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-12-09 15:36 . 2012-12-09 15:36	448512	----a-w-	c:\windows\system32\html.iec
2012-12-09 15:36 . 2012-12-09 15:36	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-12-09 15:36 . 2012-12-09 15:36	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-12-09 15:36 . 2012-12-09 15:36	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-12-09 15:36 . 2012-12-09 15:36	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-12-09 15:36 . 2012-12-09 15:36	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-12-09 15:36 . 2012-12-09 15:36	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-12-09 15:36 . 2012-12-09 15:36	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-12-09 15:36 . 2012-12-09 15:36	197120	----a-w-	c:\windows\system32\msrating.dll
2012-12-09 15:36 . 2012-12-09 15:36	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-12-09 15:36 . 2012-12-09 15:36	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-12-09 15:36 . 2012-12-09 15:36	160256	----a-w-	c:\windows\system32\wextract.exe
2012-12-09 15:36 . 2012-12-09 15:36	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-12-09 15:36 . 2012-12-09 15:36	149504	----a-w-	c:\windows\system32\occache.dll
2012-12-09 15:36 . 2012-12-09 15:36	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-12-09 15:36 . 2012-12-09 15:36	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-12-09 15:36 . 2012-12-09 15:36	12288	----a-w-	c:\windows\system32\mshta.exe
2012-12-09 15:36 . 2012-12-09 15:36	114176	----a-w-	c:\windows\system32\admparse.dll
2012-12-09 15:36 . 2012-12-09 15:36	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-12-09 15:36 . 2012-12-09 15:36	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-12-09 15:36 . 2012-12-09 15:36	103936	----a-w-	c:\windows\system32\inseng.dll
2012-11-30 04:45 . 2013-01-09 12:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 07:48	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 07:48	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 07:48	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 07:48	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 07:48	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 07:48	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 07:48	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 07:48	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 07:48	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 07:48	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 07:48	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 07:48	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 07:48	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 07:48	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 07:48	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 07:48	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 07:48	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:48	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:48	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:48	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:48	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:48	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:37	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 09:36	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:36	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-12-02 12:12	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-02 12:12	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-02 12:12	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Facebook Update"="c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-18 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 SMR310;Symantec SMR Utility Service 3.1.0;c:\windows\System32\drivers\SMR310.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2012-04-17 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130113.001\IDSvia64.sys [2013-01-04 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2012-04-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2012-04-17 405624]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 117584]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2009-05-04 263824]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 20568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-06 138912]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 09:58]
.
2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001Core.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-18 12:31]
.
2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3918971101-3803662693-3334525287-1001UA.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-18 12:31]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 15:36]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\gsw44htt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - ExtSQL: !HIDDEN! 2011-04-01 12:20; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-SQLUpdate - c:\users\Jasmin\AppData\Roaming\SQLUpdater.exe
Wow6432Node-HKLM-Run-SQLUpdate - c:\users\Jasmin\AppData\Roaming\SQLUpdater.exe
HKLM_Wow6432Node-ActiveSetup-{C3AE2ABC-B85C-EC98-DA9C-5AF98BC2A23F} - c:\users\Jasmin\AppData\Roaming\SQLUpdater.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13  20:29:43
ComboFix-quarantined-files.txt  2013-01-13 19:29
.
Vor Suchlauf: 12 Verzeichnis(se), 102.630.232.064 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 102.101.618.688 Bytes frei
.
- - End Of File - - 8184211971B629A0A00D7172B7469FF2

So sorry das es so spät kommt..ich hoffe es ist nun alles richtig gepostet

cosinus · 13.01.2013, 20:55

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

06.12.2012, 12:29	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus lässt sich nicht dauerhaft entfernen trotz Malware Progr. - HKCU/Software/VB an VBA Program settings/SrvID Du solltest alle Logs mit allen Funden posten! Das erreichst du ja wohl schlecht indem du neue Scans machst! Ich wollte erstmal nur alle vorhandenen Logs sehen und keine neuen! __________________ Logfiles bitte immer in CODE-Tags posten

Virus lässt sich nicht dauerhaft entfernen trotz Malware Progr. - HKCU/Software/VB an VBA Program settings/SrvID

Plagegeister aller Art und deren Bekämpfung: Virus lässt sich nicht dauerhaft entfernen trotz Malware Progr. - HKCU/Software/VB an VBA Program settings/SrvID